ZeroCopy Systems:
sovereign signing infrastructure

The situation

The status quo for institutional key management is KMS or CloudHSM. KMS adds 130ms. CloudHSM brings it to 5ms. Both require a network round-trip to a service you don't control, and both are black boxes. You can't inspect what happens inside.

For AI agent platforms, the stakes are different. An agent that can sign transactions autonomously, without hardware-enforced policy controls, is a liability item. Not a product feature. Regulators want evidence of guardrails. Investors want to know the blast radius if an agent misbehaves.

The question was whether hardware-verified signing at sub-millisecond latency was achievable without a dedicated HSM vendor. AWS Nitro Enclaves answered yes. The question was how.

The build

I built ZeroCopy from scratch in Rust. The architecture is layered: a Nitro enclave at the core (isolated compute, no persistent storage, hardware-attested), a policy engine above it (rules, circuit breakers, per-agent limits), and a custody layer managing the split between hot active keys and cold storage.

The enclave itself runs in a stripped environment. No network access, no filesystem write, no external dependencies. Signing happens inside the enclave with the key never leaving hardware boundaries. The attestation document cryptographically proves the enclave code hasn't been tampered with.

The policy engine enforces limits deterministically: max drawdown, position limits, forbidden commands. These aren't configuration files. They're enforced at the hardware boundary. An agent cannot bypass them by modifying its own prompt or memory state.

Outcomes