Newton Protocol because it is focused on a problem that feels increasingly real:
AI agents may become capable of managing money before they become reliable enough to do it without boundaries. Newton is building a policy layer that checks an agent’s intended transaction before allowing it to proceed. A user could define how much an agent may spend, which assets or contracts it can interact with, how often it can take action, and when human approval is required.
What stands out to me is that Newton is not claiming it can make AI perfect. Its role is to limit what happens when an agent misunderstands an instruction, behaves unexpectedly, or attempts something outside its assigned purpose.
The network evaluates each action against the chosen rules and creates verifiable proof of the result. This could make autonomous wallets, automated trading systems, payments, and digital treasury management safer to use.
There are still open questions. The protection will depend on the quality of the policies, the reliability of the information used during evaluation, and whether developers find the system simple enough to adopt. Strict rules could also block valid transactions if they are configured
badly. Even with those uncertainties, Newton Protocol is exploring an important idea: useful AI may need more than the ability to act. It may also need a trustworthy way to recognize when it should not act.
Newton Across Chains: The Hidden Complexity of Verifiable Agent Permissions
I’ve been looking closely at Newton Protocol because it addresses a problem that becomes difficult to ignore once AI agents are allowed to control assets: who checks an agent’s decision before it turns into an irreversible transaction? Newton does not place another AI model above the first one. It creates a separate authorization layer where proposed actions are checked against defined policies, evaluated by independent operators, and approved only when enough secured participants agree. The distinction between deciding and executing is central to Newton. An agent may decide that it wants to transfer funds, interact with a contract, rebalance a position, or perform an action on another chain. That decision does not automatically receive permission to execute. The agent first produces a transaction intent describing what it wants to do. Newton evaluates that intent, returns a cryptographic attestation, and leaves the final enforcement decision to the protected smart contract. I find this more convincing than trying to prove that an agent’s reasoning is always correct. An agent can misunderstand a request, follow a manipulated instruction, use outdated information, or reach a technically valid but undesirable conclusion. Newton does not attempt to inspect every step of that reasoning. It limits the authority attached to the result. A user could allow an agent to interact only with selected contracts, call specific functions, spend below a certain amount, or operate within a defined time window. More complex policies could require additional approval for large transactions or use external information to determine whether an action should proceed. The agent remains flexible inside those boundaries, but it should not be able to expand its own permissions. Newton’s shared-security model is often misunderstood as a dedicated validator network created exclusively for the project. The architecture is more specific than that. Newton has its own operator set running its own policy-evaluation software, while the economic security behind those operators comes from restaked assets allocated to the service. The operators perform the work; the allocated stake gives them something to lose if they approve results that can be proven incorrect. That difference matters because shared security is not the same as unlimited inherited security. The amount protecting Newton is not every asset participating in the wider staking environment. What matters is the stake actually assigned to Newton, the percentage that can be penalized, and how that stake is distributed across the operators signing an attestation. A large total stake figure can still conceal concentration. Several operators may appear independent while sharing ownership, infrastructure, data sources, or key-management practices. Newton’s security therefore depends on more than the number of operators visible in the network. It depends on whether those operators can genuinely fail—or resist pressure—independently. Newton’s documented model uses stake-weighted agreement. Under the reference threshold, operators representing roughly two-thirds of the participating stake must agree before a valid attestation can be produced. This creates separate conditions for safety and availability. A coalition controlling around one-third may be unable to authorize a false result, but it may still prevent the network from reaching quorum. That difference has practical consequences for automated systems. An attacker does not always need to steal funds directly. Delaying an agent’s transaction at the right moment could cause a missed payment, failed rebalance, expired opportunity, or forced liquidation. Newton therefore needs to protect both the correctness of approvals and the availability of the approval process. The path from intent to attestation shows where these guarantees come from. Newton’s gateway receives the proposed transaction and identifies the applicable policy. Operators obtain the policy, gather any required external information, and evaluate the transaction independently. Their signatures are collected until the stake threshold is reached. The resulting aggregate signature can then be verified efficiently by the protected contract. When the policy depends only on deterministic information, agreement should be straightforward. Every honest operator receives the same inputs, evaluates the same rules, and reaches the same result. External information makes the process harder. Prices, identity results, risk scores, and activity records can change between requests or differ across data sources. Newton addresses numeric differences through a two-stage process. Operators first collect data independently. The gateway compares their responses, calculates common values, and applies a permitted tolerance. Operators then evaluate the policy using the normalized dataset. This gives them an identical message to sign even if their original observations differed slightly. The mechanism solves an agreement problem, but it does not fully solve the truth problem. If all operators receive the same incorrect information, they can reach honest consensus around a false input. A median helps when one response is an outlier. It offers little protection when every response shares the same underlying error. This is an important limit on what a Newton attestation means. It can prove that the required operator stake approved a policy result based on defined inputs. It does not automatically prove that every external fact in those inputs was accurate. The reliability of the final decision still depends on the quality, independence, and freshness of the information used by the policy. Nonnumeric disagreements are even more difficult. A price can be normalized mathematically. A yes-or-no risk decision cannot be handled in exactly the same way. If some operators receive an approval and others receive a rejection, Newton must decide whether to stop the task, follow a defined majority, or apply a conservative default. Failing the task may be safer, but it can make the system vulnerable to disruption. Accepting a majority result improves availability, although it may conceal a meaningful disagreement. The correct choice may depend on the policy. A temporary failure could be acceptable for an ordinary transaction and unacceptable for an emergency action. Once the input is settled, Newton’s deterministic policy engine becomes one of the more important parts of the design. Operators evaluate the same version of the rules against the same transaction and supporting data. Outside observers should also be able to retrieve those rules and reproduce the evaluation. This makes Newton different from an opaque authorization server. A server might return “approved” without providing a reliable way to reconstruct how it reached that result. Newton is designed to bind the transaction, policy, evaluation result, and operator agreement into a verifiable record. The aggregate signature proves that enough secured operators signed the same decision. Individual attestations can provide additional information about which operators supplied or observed particular data. Together, these records support both efficient verification and later accountability. Still, signatures prove agreement rather than correctness. Newton handles that gap through its challenge mechanism. If an attestation appears inconsistent with the policy, a challenger can reproduce the evaluation and submit cryptographic evidence showing that the signed result was wrong. Operators that signed the incorrect response can then be penalized. The challenge mechanism has a carefully defined scope. It can prove that the policy was evaluated incorrectly using the recorded inputs. It may not prove that an external input misrepresented reality. If operators receive incorrect data but apply the policy correctly, the policy execution itself is not necessarily challengeable as a computation error. This creates a useful separation between execution integrity and data integrity. Newton can make policy execution reproducible and punish operators for signing a result that contradicts the rules. Data integrity requires additional protections around how information is sourced, compared, refreshed, and authenticated. The timing of challenges introduces another trade-off. Newton allows an attestation to be used while the challenge period is still open. This keeps authorization fast enough for automated agents, but it means an incorrect transaction could execute before a successful challenge is submitted. A later challenge can invalidate the attestation and penalize the operators. It cannot normally reverse an action that has already completed. Slashing creates accountability after the event; it does not guarantee recovery for the affected user. Applications integrating Newton must decide how much risk they are willing to accept before the challenge window closes. Small and routine actions might execute immediately. Larger transactions could require a delay, an additional approval, or a lower exposure limit. The policy could become stricter as the value of the proposed action increases. The economic deterrent also needs to be proportional to what operators can authorize. A fixed percentage penalty may sound meaningful, but its real strength depends on the amount of stake exposed and the value available through a false approval. If an incorrect attestation can release more value than the signing operators risk losing, the incentive structure becomes questionable. The useful comparison is therefore between the slashable stake behind an attestation and the maximum damage that attestation can cause. Newton applications may need to limit transaction size according to the economic security currently available. Otherwise, a valid-looking signature could protect an action whose value is much larger than the penalty supporting it. The watcher side of the system needs incentives too. Anyone may be technically capable of challenging a bad evaluation, but monitoring is not free. A challenger must observe attestations, reproduce policies, generate evidence, and submit it before the dispute period ends. An open challenge system only works when someone has a reason to remain active. Newton’s long-term security will depend on whether independent watchers can recover their costs and earn enough to justify continuous monitoring. Without that, the challenge mechanism could be available in theory but rarely exercised in practice. The smart contract integration is another area where Newton’s protection can either become real or remain superficial. Every meaningful agent action must be forced through the policy check. If the wallet includes an alternative execution route, an upgrade function, an emergency bypass, or previously granted permissions, the agent may be able to act without obtaining a Newton attestation. The transaction intent must also describe the action accurately. A transaction that sends no native value may still grant another contract permission to move a large number of tokens. An approved contract address may point to logic that can later change. A permitted function may accept parameters that create much broader authority than its name suggests. Newton can evaluate only what the policy examines. If a policy checks the destination but ignores the calldata, an approved contract may be used in an unintended way. If it checks individual transaction size but ignores cumulative spending, an agent can divide one large action into many smaller ones. Concurrency makes cumulative policies more difficult. Two transactions evaluated at nearly the same time may both see the same unused allowance. Each can pass separately even though their combined value exceeds the limit. Strict rate and spending controls need a reliable method for reserving or consuming allowance so that several pending intents cannot reuse the same capacity. These are not failures of the operator signatures. They show that verifiable policy execution cannot compensate for an incomplete policy. Newton can make a rule consistently enforceable, but the developer remains responsible for ensuring that the rule captures the real risks of the application. Cross-chain permissions extend this problem. Newton keeps its operator and stake information on a source chain while protected contracts on destination chains verify attestations using synchronized operator data. This allows the same security model to support actions across several networks without rebuilding the entire operator system on each one. The destination chain, however, works with a cached view of the operator set. Changes in operator keys, stake weights, or participation must be synchronized correctly. If that information becomes stale, the destination may verify an attestation using an outdated security state. Newton’s design includes freshness checks and structured operator-table updates, but the synchronization service becomes part of the operational security boundary. It must update state completely and in the correct order. Partial updates could temporarily leave the destination with inconsistent information. Challenges across chains are more complicated as well. The destination can invalidate a disputed attestation, while the actual economic penalty must be applied where the operator stake is managed. That creates a relay step between invalidation and punishment. Delays, congestion, or synchronization failures could cause the two sides to disagree temporarily. Governance sits above all these mechanisms. Newton’s quorum threshold, challenge period, slashing percentage, tolerance settings, operator admission, policy ownership, and contract upgrades can materially change the protection users receive. Cryptography proves that the current rules were followed. It does not decide whether those rules were configured responsibly. Policy updates show both sides of this flexibility. A user may need to lower an agent’s spending limit, remove a compromised destination, or add a new approval requirement. Updating the policy without replacing the entire wallet is useful. But whoever controls the update authority can also weaken the restrictions. If that authority is compromised, an attacker may not need to corrupt Newton’s operators. The attacker could first replace the policy with one that permits the harmful action. Operators would then approve it correctly according to the new rules. Policy governance must therefore be protected with the same care as the agent wallet itself. After following Newton from transaction intent to operator evaluation, contract verification, and possible challenges, I see it less as a system that makes agents trustworthy and more as a system that reduces how much trust they require. The agent is allowed to propose actions, but its authority is placed behind an independently checked boundary. That is a meaningful change. An unrestricted agent wallet concentrates decision-making and execution in one vulnerable process. Newton separates them. Policies define the limits, operators evaluate those limits, aggregate signatures prove agreement, restaked collateral creates consequences, and challengers provide an avenue for detecting incorrect evaluations. The separation does not remove every assumption. Newton still depends on well-designed policies, independent operators, accurate data, sufficient slashable stake, active challengers, secure contract integration, reliable cross-chain synchronization, and cautious governance. Its value comes from making those assumptions more visible and testable. For me, the strongest way to judge Newton is not by asking whether it can guarantee that an AI agent will never make a mistake. No system can make that promise convincingly. The better question is whether Newton can stop an agent’s mistake from automatically receiving transactional authority. If Newton can keep that boundary difficult to bypass, economically expensive to corrupt, and transparent enough to monitor, it can become a useful foundation for verifiable automation. The agent may still be unpredictable. Newton’s job is to ensure that its permissions are not. #Newt @NewtonProtocol $NEWT $JCT $LAB
Newton because it is tackling a problem that will matter more as AI agents begin managing real onchain value.
Letting software execute transactions is easy; giving it useful freedom without surrendering complete control is much harder. Newton approaches this by creating an authorization layer where users define what an agent may do before any action takes place. The part I find most practical is the focus on limited permissions.
Instead of sharing private keys or trusting an automated strategy without safeguards, users can set conditions around spending, asset selection, timing and risk. Newton checks each proposed transaction against those rules before allowing it to settle.
Trusted execution environments protect sensitive information, while zero-knowledge proofs and onchain records make the process easier to verify. Newton’s mainnet beta gives the project an opportunity to prove that this model works beyond theory.
Its first use cases focus on managed onchain vaults, where operators can enforce allocation limits, collateral requirements and other risk controls. The same framework could eventually support autonomous trading, payments and tokenized assets. I still want to see how Newton performs under real demand.
A permission system is only valuable if it remains reliable, affordable and simple enough for developers to adopt. Decentralization and data quality also need continued scrutiny.
Even with those uncertainties, Newton represents an important direction for crypto: automation should not mean giving up control, and verifiable boundaries may become essential infrastructure for an agent-driven economy.
BREAKING: Tom Lee’s BitMine has bought another 25,000 $ETH worth around $50.3 million—and it reportedly made the move in just 12 hours.
This brings BitMine’s total holdings to a massive 5.41 million ETH, currently worth nearly $10.9 billion.
While fear continues to shake the market, BitMine keeps buying. No panic. No hesitation. Just a clear belief in Ethereum’s long-term future.
Tom Lee isn’t simply talking about ETH—his company is backing that belief with billions of dollars.
This is no longer a small bet. BitMine is building one of the largest Ethereum treasuries in the world, with a long-term goal of owning 5% of the entire ETH supply.
The real question is: what does BitMine see coming that the rest of the market may be missing?
Nearly $1 trillion was wiped from Asian markets in a single session as the US-Iran war entered a dangerous new phase.
The US launched another wave of strikes, while Iran announced that the Strait of Hormuz was closed again. Oil immediately jumped more than 4%.
This is a major threat to Asia.
Japan, South Korea, and Taiwan depend heavily on oil passing through the Strait of Hormuz. Any disruption can quickly raise energy costs, hurt businesses, and slow economic growth. That is why Asian markets were hit first—and hardest.
But the damage may not stop there.
Higher oil prices make almost everything more expensive, from transport and manufacturing to food and electricity. That pushes inflation higher. And when investors expect more inflation, they demand higher returns to hold government debt.
Bond yields are already surging:
Japan’s 10-year yield climbed to 2.779%.
The UK’s 10-year yield reached 4.915%.
The US 10-year yield hit 4.577%, while the 20-year crossed 5.088%.
When yields rise across major economies at the same time, markets are sending a clear message: interest-rate cuts may be delayed, and tighter financial conditions could remain for longer.
The US also has limited room to calm oil prices. Its Strategic Petroleum Reserve is still near levels not seen in roughly four decades, leaving less emergency supply available than in the past.
Higher oil. Rising inflation. Surging bond yields. Fewer hopes for rate cuts.
This is the dangerous mix markets are pricing in right now—and if the Strait of Hormuz remains closed, the pressure could spread far beyond Asia.
🇺🇸 The Fed’s “silent QE” appears to be continuing.
The Federal Reserve’s balance sheet has now climbed to a 15-month high. Since QT ended last December, roughly $200 billion has been added back into the system.
This may sound technical, but it matters: more liquidity can support stocks, Bitcoin, and other risk assets.
The money printer may not be making noise—but the balance sheet is quietly growing again. Markets are watching closely. 👀
On July 17, US lawmakers will hold an important hearing titled:
“Building the Future of Finance: How the CLARITY Act Unlocks Innovation.”
The discussion could help shape clearer crypto rules in the United States and decide how the industry can grow without pushing innovation overseas.
This is more than another meeting in Washington. It could become a major turning point for crypto regulation—and the entire market will be watching closely.
🚨 JUST IN: Michael Saylor’s Strategy sold 4.82 million shares last week, raising a massive $466.7 million — but surprisingly, the company did not buy any Bitcoin.
For a company known for aggressive BTC accumulation, this pause is turning heads. Strategy is building a huge cash reserve, and the market is now watching closely to see when Saylor makes his next big move. 👀🔥
Two institutions have just scooped up around $30 million worth of ETH, showing strong confidence in Ethereum.
This is not a small purchase. Big players appear to be quietly building their positions while the market watches. When smart money starts accumulating this aggressively, it often means they see major potential ahead.
Ethereum is getting serious attention—and this move could be just the beginning. 🚀
🔥 JUST IN: Strategy bought no Bitcoin last week — but the company is clearly not sitting still.
Instead, it increased its US dollar reserves by roughly $450 million, building a much larger cash position.
This doesn’t necessarily mean Strategy is stepping away from Bitcoin. It could be preparing for its next major move, strengthening its balance sheet, or simply waiting for the right opportunity.
For now, the Bitcoin buying has paused — and $450 million in fresh cash is ready on the sidelines.
Michael Saylor may be quiet, but the market is watching closely.
BREAKING: President Trump has made a bold announcement about the Strait of Hormuz.
“We’re going to keep the strait, and we’ll probably run it,” Trump said. He added that America could become the “guardian angel” of this vital waterway—and should be paid for protecting it.
This is no ordinary sea route. The Strait of Hormuz is one of the world’s most important oil passages. Any trouble there can shake energy markets, raise fuel prices and affect millions of people.
Trump’s message is clear: the United States is ready to take control, keep ships moving and make other countries help cover the cost.
A powerful statement—and one that could change the balance of power in the Middle East.
I’ve been looking closely at GRVT, and the part I keep returning to isn’t the trading interface or execution speed. It’s what happens to a user’s money after it enters the platform, especially when they want it back.
That sounds basic, but crypto has made it strangely easy to confuse seeing a balance with owning the assets behind it. On a centralized exchange, withdrawing usually means asking the platform to release funds from wallets it controls. The request may feel automatic, right up until withdrawals are paused.
GRVT is built around a different relationship. Funds remain in smart contracts tied to the user’s authorization, while the platform handles order matching off-chain to keep trading responsive. GRVT can coordinate the trade, but it should not be able to move a user’s collateral wherever it wants. That separation is the part of the project I find most important.
It also changes the risk rather than making risk disappear. Users still depend on GRVT’s infrastructure for a smooth trading experience, and an outage could affect how quickly they can act. But there is a meaningful difference between a platform being temporarily unavailable and a platform controlling the assets themselves. One is an access problem; the other can become a solvency problem.
GRVT’s real test, then, is not whether it can call itself self-custodial. It is whether this design continues to protect users when markets are chaotic, systems are strained, and everyone wants to exit at once.
If your funds cannot be taken but cannot always be moved immediately, how much control do you truly have?