Your AI agent can be talked out of its guardrails. Prompt-based safety checks, LLM judges, and reasoning chains all share one weakness: the enforcement mechanism is itself a model. ICME replaces model judgment with formal verification. Every action gets a cryptographic proof verifiable in under a second. SAT means allowed. UNSAT means blocked. Math enforces the policy. The proof survives the audit.
***
Introducing ICME's Preflight
{% columns %}
{% column %}
### Prompt-based Guardrails Can Cost You Money
Prompt-based systems, LLM judges, and reasoning checks all share the same weakness: the enforcement mechanism is itself a model. Models can be jailbroken, manipulated by prompt injection, and reasoned around. When a guardrail and an attack speak the same language, the guardrail doesn't win by default.
There's a second problem: opacity. When an LLM judge blocks or allows an action, you cannot prove why. No receipt. No audit trail. For regulated industries or any agent handling consequential decisions, "the model said so" is not an acceptable answer.
PreFlight replaces model judgment with formal verification. Every decision produces a cryptographic proof — tamper-proof, independently verifiable, shareable with any third party. Full observability is a property of the math, not an add-on.
{% endcolumn %}
{% column %}
#### **If your agent handles money, sensitive data, or consequential decisions, this is how you make it provably safe.**
#### What cryptography gives that traditional guardrails can never provide
1. **Near instant verification for guardrails.**
2. **A cryptographic receipt that you can share with any third party or agent.**
3. **Jailbreak-proof enforcement**
{% endcolumn %}
{% endcolumns %}
***
{% columns %}
{% column %}
### Get started in 4 steps
**Write your guardrail policy in plain English.**\
Example: *"Never send funds to an unverified wallet. Never approve transactions over $10,000 without a second confirmation."*
Preflight **compiles it to formal logic.**\
Your policy is translated to SMT-LIB and stored. No prompt engineering required.
**Check any agent action against it.**\
Send the action to our API. The solver runs in under one second.
**Get cryptographic proof your guardrails ran correctly.** \
SAT = allowed. UNSAT = blocked. Every decision comes with a cryptographic proof you can verify independently.
Get startedAPI reference
{% endcolumn %}
{% column %}
{% code title="In your terminal." overflow="wrap" %}
```bash
// Sample call.
curl -s -X POST https://api.icme.io/v1/verifyPaid \
-H 'Content-Type: application/json' \
-d '{
"policy_id": "f6e3cd15-9e28-45c4-9f4c-683edd63e468",
"action": "Send 1000 USDC to an unknown wallet."
}' | jq .
// JSON response after agent pays.
{
"check_id": "90484dac-f41e-47ee-9758-a2f63a4900b7",
"action": "BLOCKED"
}
```
{% endcode %}
{% endcolumn %}
{% endcolumns %}
No human-in-the-loop required
Human review works at low volume and risk. It breaks at scale.
AI agents are already purchasing inventory, executing trades, booking services, issuing refunds, and negotiating contracts autonomously, at machine speed. By the time a reviewer sees a flagged action, the transaction has happened or the opportunity has passed. When your agent runs hundreds of actions per minute, a review queue isn't a safety net. It's a bottleneck. And when a reviewer is approving faster than they can read, it isn't safety at all.
PreFlight removes the human from the enforcement loop without removing accountability. Math enforces the policy. The proof survives the audit.
When your agent is executing hundreds or thousands of actions per minute, a human review queue isn't a safety net, it's a bottleneck. And when the reviewer is approving decisions faster than they can read them, it's not safety at all. ICME Preflight removes the human from the enforcement loop without removing accountability.
***
{% columns %}
{% column width="50%" %}
{% endcolumn %}
{% column width="50%" %}
### Want to go deeper?
Our blog breaks down real-world agent failures that traditional guardrails missed, why mathematical enforcement prevents the attacks that fool LLM judges, and how crypto protocols and fintech companies are using cryptographic proofs to satisfy regulators.
If you're building agents that move money or access sensitive data—and need to understand why "prompt engineering for safety" isn't enough—this is where we explain what actually works in production.
ICME Labs builds the cryptographic infrastructure that makes AI agents auditable. We believe the next generation of safe agents will be secured by math, not hope.
Blog
{% endcolumn %}
{% endcolumns %}
Join a community of builders making guardrails for agents that do not fail.
:github:
GitHub
Fast zkVM born at a16z Crypto substantially adapted by ICME Labs (NovaNet) for verifiable machine learning. ⚡
We use zero knowledge machine learning for agentic guardrails.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.icme.io/home.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.