When I first started reading @NewtonProtocol , I also understood it as a project that grants permissions to AI agents. Later, after I read through the whitepaper and technical architecture, I realized that understanding was a bit narrow.

What Newton truly wanted to do was to add a layer of “transaction authorization” to all the finance on the chain.

Note, it’s not settlement.

Blockchain is very good at settlement. If the address signature is correct and the contract conditions are met, the assets can be transferred out, and no one can change it. But it doesn’t ask, not even once: should this money really be transferred?

These two questions look similar, but they’re actually very far apart.

For example, an institution is preparing to transfer 1 million USDC through an on-chain treasury. A smart contract can confirm whether the initiator has permission and complete the transfer according to code, but it may not know whether the recipient address is on a sanctions list, whether the daily limit has already been used up, whether this region can receive funds, or whether the current collateral has already fallen below the internal risk-control line.

Just because code can execute doesn’t mean the transaction complies with the rules.

Right now, many projects handle this by placing these restrictions in the frontend or on centralized servers. When users operate through the normal interface, they really will be blocked, but as soon as they bypass the interface and call the contract directly, the original gatekeeping may no longer exist.

To be honest, this kind of risk control is more like putting up a ‘No Entry’ sign at the door without actually locking it.

This is the lock that Newton Protocol adds.

Developers can use Rego to write policies, turning spending limits, address whitelists, KYC status, regional restrictions, and risk conditions into machine-executable rules. When prices, identity, or external lists are needed, PolicyData’s WASM data oracle retrieves the corresponding information. The rules are not just written and left in a document; they go directly into the transaction execution path.

After a transaction is initiated, Newton turns the transaction intent and the corresponding policy into a task and hands it to multiple EigenLayer operators in Newton AVS for independent evaluation. The operators run the same Rego policy, BLS-sign the result, and once the stake threshold is met, aggregate it into a consensus proof.

Finally, the PolicyClient in the application contract verifies the proof first.

Pass, and the transaction continues.

If it doesn’t pass, it stops before settlement.

What impressed me most about this process isn’t how many technical terms it uses, but that it turns ‘the team promises to follow the rules’ into ‘the transaction must first prove it complies with the rules.’ The operator network is responsible for judgment, BLS aggregate signatures are responsible for proof, and smart contracts are responsible for execution. The layers of responsibility are split very clearly.

Here’s a more intuitive example.

Suppose an AI agent is allowed to manage 100,000U for you. Every day, it can automatically search for yield, adjust positions, and execute actions across protocols. Sounds convenient, right?

But what you’re really worried about is definitely not whether it can click a button.

What you’re worried about is whether it will send out all 100,000U at once, whether it will enter an unreviewed contract, or whether it will keep adding to the position after a stablecoin depeg.

Newton can encode these restrictions into policy in advance: no single transaction may exceed 5000U, the daily total may not exceed 20,000U, only whitelisted protocols can be called, and execution stops if asset prices deviate beyond a certain range.

AI agents can still operate autonomously, but what they’re given is not an unlimited credit card.

This is controlled automation.

Newton doesn’t only serve AI agents. The official white paper lists stablecoins, RWA, cross-border payments, institutional DeFi, and Agentic Commerce as application directions, because although these businesses look different on the surface, the underlying problem is actually the same: once assets are on-chain, how do you bring real-world authorization rules into the system without sacrificing openness?

There is another very real contradiction here.

Institutions need to verify identity, financial records, and internal risk parameters, but they also cannot expose all this sensitive information on-chain. Newton’s privacy layer uses HPKE encryption and threshold decryption. During evaluation, the raw data is processed collaboratively by operators, while only hashes, commitments, and verification results are stored on-chain, without directly exposing plaintext information. Users and applications must also co-sign before the operators will decrypt the relevant data.

This is very important.

On-chain transparency should not mean privacy exposed bare.

When I look at Newton now, I no longer see it as just an ‘AI concept project.’ It’s more like an infrastructure layer added in front of the settlement layer, similar to card-payment authorization.

The payment network is responsible for moving the money; Newton first determines whether the money can be moved.

This is how I see it: the larger the capital that on-chain finance takes on in the future, the less people will care only about speed and yield. Institutions, stablecoin issuers, RWA platforms, and even the AI agents that truly manage users’ funds will all ultimately have to deal with authorization issues.

Who can operate, how much they can operate, and under what conditions they must stop.

These rules used to be written in contracts, backends, and risk-control manuals. Newton is trying to actually write them in before a trade happens.

This direction isn’t flashy, and it’s even less easy to tell a story about than new public chains and high-yield protocols.

But it is very close to real financial needs.

The chain already has settlement capability; what it may lack next is exactly a system that dares to say ‘no’ before a bad transaction happens.

@NewtonProtocol $NEWT #newt