haggl.ai Blog
zkTLS Explained: How Verified Data Is Changing Agentic Commerce
In agentic commerce, AI agents negotiate deals on behalf of users. But how does a vendor know the agent’s claims are real? That’s where zkTLS comes in — cryptographic proof that data is authentic, without exposing the raw content.
Your agent claims you spend $50K annually on cloud infrastructure. A vendor hears that and thinks: prove it. They could demand your AWS bill, your Google Cloud invoice, your Stripe records. You could hand them all of it, but then a stranger has your account numbers, billing addresses, and purchase history.
There’s a better way. With zkTLS, you prove the claim without surrendering the data. The vendor gets cryptographic certainty that your agent is telling the truth. You keep your privacy intact. That balance — trustworthy data without full exposure — is what makes agentic commerce actually work at scale.
The Trust Problem in Agent Negotiation
When humans negotiate, trust builds gradually through conversation and reputation. AI agents operate differently. They move fast. They negotiate dozens of deals simultaneously. They don’t have reputations — at least not yet.
Consider a real scenario: an agent representing a B2B buyer approaches a vendor’s haggl.ai endpoint with a negotiation request. The agent claims the buyer qualifies for enterprise pricing because annual spend exceeds $200K. The vendor’s pricing engine checks: is this real?
The vendor has three options, and all of them are bad:
Option 1: Trust blindly. Accept every claim at face value. This is a fraud magnet. You’ll bleed money on discount tiers given to agents fabricating high-value accounts.
Option 2: Demand raw proof. Ask the agent to upload billing records, bank statements, tax returns — anything that proves the claim. Now you’re collecting sensitive data, you’re liable for keeping it secure, and your users hate handing over financial documents to strangers. This kills the agent’s ability to shop around (sharing your private data with every vendor is terrible).
Option 3: Verified claims. Accept proof that the data is authentic and the claim is true, without ever receiving the underlying information. The vendor knows the number is real because it’s cryptographically verified. The user’s privacy is preserved.
zkTLS makes Option 3 possible.
What Is zkTLS?
Let’s build up from first principles.
TLS is the encryption layer. When you log into your bank or check your utility bill online, your browser and the bank’s server establish a TLS connection — an encrypted tunnel. All the data flowing through it is scrambled so that eavesdroppers can’t see it. TLS proves the connection is secure, but it doesn’t generate proof of what data was in the session. You can’t take a TLS session and show it to a third party as evidence of what you saw.
zkTLS adds a verification layer. It uses a technique called secure Multi-Party Computation (MPC) to let a user and a verifier cooperatively process the TLS session so the verifier can confirm the data’s origin and content — without the server needing to do anything different. The TLS session looks the same from the server’s perspective. No changes to the bank’s infrastructure required.
The “zk” (zero-knowledge) part is the privacy trick. A zero-knowledge proof lets you prove something is true without revealing the full information. Your agent can prove “my user’s monthly energy consumption exceeds 500 MWh” without revealing the exact amount, the address, the account number, or the billing period. The vendor sees the proof. The user’s data stays private.
Think of it like this: imagine you want to prove you’re 21 without showing your driver’s license. A bouncer could use a zero-knowledge proof: a special verification device scans your license, confirms you’re 21, and hands the bouncer a signed certificate that says “this person is 21” without ever displaying your name, address, or photo. The bouncer knows it’s true. Your identity stays hidden.
zkTLS works the same way for data from the internet.
How zkTLS Works in Practice
Let’s walk through a concrete example: an energy buyer using an AI agent to negotiate a better rate.
Step 1: The agent gets instructed. A manufacturing facility tells its agent: “Find me a better electricity rate. I’m willing to share my consumption data if it helps.” The agent adds a flag: use verified data if possible.
Step 2: The agent connects to the utility portal. The agent logs into the user’s electricity provider (over HTTPS/TLS, like normal). But this time, a zkTLS verifier participates in the session via secure Multi-Party Computation. The user’s browser, the utility server, and the verifier are now cooperatively processing the encrypted session. From the utility server’s perspective, nothing is different — it’s a normal HTTPS request.
Step 3: The verifier extracts and proves the data. The verifier confirms that the data (monthly consumption: 625 MWh) came from the real utility provider at a specific timestamp. The verifier generates a cryptographic proof: “This data is authentic. Origin: [Utility Provider]. Date: [Timestamp]. Claim: consumption > 500 MWh.”
Step 4: The agent submits the proof. The agent doesn’t send the raw bill. It sends the proof to the haggl.ai negotiation endpoint. The proof is small, tamper-proof, and reveals only what the user wanted to disclose.
Step 5: The vendor’s pricing engine receives the proof. The vendor checks the proof’s signature. It’s valid. The vendor’s system knows this user is a high-consumption customer with verified consumption data. The pricing engine automatically applies a competitive rate for large-volume buyers.
Step 6: The agent completes the negotiation. Better terms, sealed with verified data. No raw electricity bills were shared. No account numbers leaked. The user’s privacy stayed intact.
This happens programmatically, in milliseconds, between agent and vendor systems. The user authorized it once (“use verified data for negotiations”). The agent handles the rest.
Three Trust Levels in haggl.ai
haggl.ai implements a spectrum of trust levels, and vendors decide which ones unlock which discounts:
dkim_verified — The gold standard. This includes zkTLS proofs, DKIM-signed emails, and other cryptographically authenticated data sources. When a vendor sees dkim_verified data, they know it’s tamper-proof and comes from a legitimate source. Unlocks the deepest discounts and best terms because the vendor has the highest confidence in the claim.
unverified — Institutional documents uploaded by the user or agent: PDFs of invoices, screenshots of dashboards, contracts. These are real data, but not cryptographically verified. An agent could theoretically edit a PDF before uploading it. Better than self-reported claims, but not as trustworthy as dkim_verified. Unlocks medium-tier personalization and discounts.
self_reported — The agent makes a claim without cryptographic proof. “My user spends $100K/year on hosting.” No proof attached. Lowest trust level. May unlock basic personalization (better than a cold outreach) but not substantial discounts. Used primarily when the user hasn’t shared any verified data and the vendor still wants to try to win the deal.
Vendors configure which trust levels unlock which pricing tiers. This creates an incentive structure: agents and users that provide better proof get better deals. It’s a market-based approach to data verification.
Why This Matters for Vendors
Pricing based on facts, not guesses. Vendors usually segment customers using crude proxies: company size, industry, location. With verified data, they can segment based on actual behavior: real spending, real consumption, real order frequency. Pricing becomes more surgical, more profitable.
Fraud prevention. You can’t fake a zkTLS proof. The cryptography is tamper-proof. An agent claiming a customer spends $1M/year when they actually spend $50K won’t get away with it. This reduces the cost of fraud and increases confidence in the verification system.
Higher-quality leads. You’re not guessing about your customer anymore. You have verified claims. You can build better customer profiles, refine your pricing, and focus on the segments that matter to your business.
Privacy compliance. GDPR, CCPA, and similar regulations make it expensive to collect and store raw personal data. With zkTLS, you never receive it. You receive verified claims instead. Your data-handling burden drops. Your compliance risk drops. Vendors can offer better pricing to regulated buyers without the overhead of processing sensitive data.
Why This Matters for Buyers and Agents
Better deals. Vendors reward verified data. If you prove your consumption or spending with cryptographic certainty, you unlock discounts that self-reported claims can’t access. For agents operating at scale, this compounds: a 5% better rate across hundreds of contracts, times millions in annual spending, is significant money.
Privacy preserved. You don’t have to hand over bank statements, utility bills, or tax records. Your agent proves what matters (you’re a high-value customer) without exposing everything (your account numbers, addresses, payment history). Privacy stays under your control.
Portability. A zkTLS proof isn’t locked to one vendor. You generate it once, and your agent can use it across any vendor that supports the haggl.ai protocol. This makes it easier to shop around, compare offers, and pit vendors against each other — the classic way buyers get better deals. Vendors know it too, which gives them extra incentive to compete on price.
The Road Ahead
zkTLS is still early. haggl.ai currently lists it as “coming soon” for full production support. The cryptography is mature, proven, and battle-tested. The infrastructure — verification nodes, proof generation, integration with major data sources — is still being built out.
But the trajectory is clear. As agentic commerce scales, agents will negotiate thousands of contracts daily. Vendors can’t manually verify every claim. They need an automated, trustworthy way to assess customers. zkTLS provides that: cryptographic proof embedded in the negotiation flow, no manual overhead, no privacy exposure.
The vendors and agents that adopt verified data early will set the standard. They’ll build the systems, establish the practices, and create network effects that make it the default. Competitors who continue accepting self-reported claims will face margin pressure. Agents using verified data will win better terms. It’s a competitive advantage that’s hard to replicate once it’s embedded in the negotiation protocol.
The future of agentic commerce runs on verified data. zkTLS is the cryptographic foundation that makes it work.
Ready to integrate verified data into your negotiations? Explore the haggl.ai Negotiation Protocol to see how zkTLS and verified claims fit into the full flow. Or dive deeper into how to prepare your site for AI agents and understand the broader shift toward agentic commerce.
Want more context? Check out our guide to agentic commerce, or compare ACP vs UCP vs haggl.ai to understand where verified data fits in the landscape.