Supply Chain Attack Simulation

Payload tampered. Agent refused.

An attacker intercepts the task payload in transit and substitutes a fund-theft instruction. Stvor computes SHA-256 of the received payload and compares it to the buyer's committed hash. Mismatch → execution blocked → escrow returned.

01Contract signed

Buyer commits SHA-256 hash of original task

02Escrow funded

Stripe holds funds — locked until attestation

03Payload intercepted

Attacker modifies task in transit

04Hash mismatch

Expected ≠ received — Stvor detects tampering

05Execution refused

Agent blocked. Escrow frozen automatically

06Funds returned

Buyer gets escrow back. Attacker gains nothing

What this proves

Attack vector

Man-in-the-middle payload substitution

Defense

Cryptographic hash commitment at creation time

Business case

AI agents execute at machine speed — humans can't audit in time

⚠

Supply Chain Attack Simulation

An attacker intercepts the task payload between buyer and agent — substituting a fund-theft instruction for the original task.

Stvor catches it before execution.

Live Events

Waiting for demo...

Immutable audit trail

Stvor defense layer

CommitSHA-256(task_json) at creation

TransmitNormal channel (unencrypted ok)

VerifySHA-256(received) === committed?

If failBlock execution + hold escrow

ReceiptHMAC-SHA256 signed audit record

Key insight

The channel doesn't need to be secure. The commitment does. Stvor makes the payload tamper-evident, not tamper-proof.