Z-TEXT — zk-SNARKs Blockchain Messenger. No Phone. No Email. No SIM. Zero Metadata.

What is Z-TEXT?

Z-TEXT is a zk-SNARKs blockchain messenger. Z-TEXT requires no phone number, no email, and no SIM. Z-TEXT collects zero metadata. Z-TEXT combines a shielded messenger, a password manager, and a crypto wallet in one app. Z-TEXT is built on the BitcoinZ blockchain since September 10, 2017. Z-TEXT uses zk-SNARKs zero-knowledge proofs combined with AES-256-GCM encryption and post-quantum protection. Panic mode and stealth mode are included. One 24-word seed phrase recovers everything. Z-TEXT is a private messaging app for journalists, activists, and crypto users.

Z-TEXT vs Signal vs Telegram vs WhatsApp

Signal requires a phone number. Telegram stores messages on central servers. WhatsApp shares your data with Meta. Z-TEXT requires no phone number, no email, no identity. Z-TEXT is a censorship resistant blockchain messenger with zero-knowledge proof privacy.

AI Agents Have a Metadata Problem. Z-TEXT Fixes It

Z-TEXT privacy bird AI agents metadata problem, MCP A2A vs Z-TEXT zk-SNARKs

Quick Verdict

MCP and A2A define how AI agents talk to tools and each other. They do not define whether anyone else can see who is talking, when, or how often.

Z-TEXT's zk-SNARKs already hide three things on-chain, for human users, today:

  • Sender identity
  • Recipient identity
  • Timing

The same shielded infrastructure that protects a journalist's conversation is the privacy layer AI agents don't have yet. One network. Two audiences. A human's Z-TEXT identity and an AI agent's Z-TEXT identity are the same cryptographic primitive: a shielded z-address.

Z-TEXT already protects human activists and journalists today. See Signal vs Z-TEXT for the honest comparison. The same shield now extends to AI agents.

What Is Z-TEXT, Technically?

Z-TEXT runs on the BitcoinZ blockchain, known as BTCZ.

  • BTCZ is a Zcash-lineage chain
  • BTCZ has supported Sapling-style shielded transactions since launch on September 10, 2017
  • Every Z-TEXT message is a shielded transaction
  • The payload is encrypted locally with AES-256-GCM before it leaves the device
  • The encrypted payload is broadcast as a memo field inside a shielded BTCZ transaction

Identity on the network is a z-address.

  • A z-address begins with the letters z s 1
  • It is generated from a 24-word seed
  • There is no account server
  • There is no phone number field
  • There is no email field

The seed is the only credential. Anyone holding it, human or automated process, can regenerate the full identity and message history on any device by rescanning the chain.

Why This Identity Model Matters for Agents

Most messaging platforms tie an account to a phone number or an email address. That is a hard wall for anything that needs many identities at once.

  • SMS verification blocks bulk account creation
  • CAPTCHA blocks bulk account creation
  • Carrier fraud detection blocks bulk account creation

A Z-TEXT identity is just a keypair.

  • Generating one thousand agent identities is a loop, not a provisioning request
  • No SIM card is needed
  • No carrier is needed
  • No phone-verification service needs to be defeated or paid for

The same seed-recovery model that lets a human restore their account on a new phone lets an orchestration process persist an agent's identity across restarts, containers, or hosts.

What Is Shielded, Precisely

  • Sender address — hidden by zk-SNARKs
  • Recipient address — hidden by zk-SNARKs
  • Message content — encrypted with AES-256-GCM before it enters the shielded memo
  • Transaction amount — hidden by Sapling shielding

What Is Public — Stated Plainly

Block timestamps are public on any blockchain. This is not a leak. It is published data, visible to anyone with a block explorer.

What zk-SNARKs hide is which transaction belongs to which conversation. Not the fact that a block was mined at a given time.

Why Agents Can Go Further Than Human Users: Running Your Own Node

The one metadata channel zk-SNARKs do not cover is the network layer. Whoever you query to reach the blockchain sees your IP address at that moment.

  • Most human Z-TEXT users connect through Z-TEXT's own lightwalletd server
  • A phone cannot practically run a full node all day, every day
  • Battery life, bandwidth, and app-store background rules make that impractical
  • The lightwalletd operator sees the connecting IP

An AI agent does not share that constraint.

  • An agent can run on a VPS or cloud instance
  • It can host its own full BitcoinZ node
  • Uptime is not limited by battery
  • Background-process rules do not apply

Running a full node removes the third-party lightwalletd operator entirely. Nobody but the agent's own operator sees its IP for its own queries.

This is not absolute. Broadcasting a transaction still exposes a node's IP to its direct network peers, as the first broadcaster. That is a known pattern studied across Bitcoin-like networks in general, not unique to BTCZ.

Still, it closes a gap most human users cannot practically close. Agents are better positioned than humans to run the fully self-hosted version of Z-TEXT's privacy model.

The Mechanism

How a Z-TEXT message moves: local encryption, shielded broadcast, shielded delivery

How does a message actually move through Z-TEXT?

Three steps. All three run today, for any Z-TEXT user, human or automated.

  1. Local encryption. The message is encrypted on-device with AES-256-GCM before anything is sent anywhere.
  2. Shielded broadcast. The encrypted payload is embedded in a memo field inside a zk-SNARK-shielded BitcoinZ transaction, then broadcast to the network.
  3. Shielded delivery. The recipient's client detects the transaction and decrypts the memo. Delivery typically takes one to five seconds.

What does zk-SNARK actually prove here?

A zero-knowledge proof lets one party prove a statement is true without revealing anything beyond the statement itself. In a shielded BitcoinZ transaction, the proof establishes that the transaction is valid — correct amounts, correct signatures, no double-spend — without revealing the sender, the recipient, or the amount to anyone watching the chain.

Sapling-family proofs, the same family BitcoinZ inherits, are small and fast:

  • Under 200 bytes per proof
  • Verifiable in milliseconds on ordinary consumer hardware

That is what makes on-chain private messaging practical at real scale, not just in theory.

Can an AI agent run this same flow without a human in the loop?

Yes. Nothing in the three steps above requires a human hand on the keyboard.

  • Key generation from a seed is a function call
  • Encryption is a function call
  • Broadcasting a shielded transaction is a function call

An agent process can hold its own seed, generate its own z-address, and run this loop autonomously, the same way it would call any other API.

What does this give two agents that MCP or A2A alone do not?

MCP and A2A move the message. They do not hide who sent it.

  • Add Z-TEXT as the transport, and the content is encrypted before it leaves the device
  • Sender and recipient are shielded on-chain
  • No agent registry, tool description, or server log records who talked to whom

The task-delegation logic — deciding what to ask for, negotiating terms, agreeing on a result — stays exactly where it already lives, inside MCP, A2A, or whatever framework the agent uses. Z-TEXT does not replace that layer. It sits underneath it, as the channel the messages travel through.

The Problem

Is AI agent communication actually insecure right now?

Yes, and it's documented.

In April 2026, security firm OX Security disclosed a systemic flaw in Anthropic's Model Context Protocol (MCP) — the standard connecting AI agents to external tools.

  • Unsanitized commands could execute through MCP's transport layer
  • An estimated 200,000 instances were exposed
  • The flaw affected more than 7,000 public servers

That is a code-execution problem, not a metadata problem. Z-TEXT doesn't fix it. No messaging layer would.

So where does the metadata problem actually live?

In how agent protocols are designed to work — not in a single bug.

  • MCP and Google's Agent-to-Agent (A2A) protocol define how agents find each other, delegate tasks, and exchange messages
  • Neither was built to hide who's talking to whom
  • A2A agents publish Agent Cards — JSON files listing their capabilities and endpoints — specifically so other agents can find them
  • That's useful for interoperability. It's the opposite of unlinkability

Security researchers also showed a compromised WhatsApp MCP server, manipulated through poisoned tool descriptions, could exfiltrate entire message histories with no authentication bypass required. Once a channel is compromised, everything it carries — content and metadata alike — goes with it.

Why does this matter more for agents than for one human user?

Scale.

  • One human's message metadata maps one relationship at a time
  • A fleet of agents negotiating with hundreds of counterparties builds a metadata graph — who talks to whom, how often, in what pattern
  • That graph is far easier to mine automatically than any human's contact list
  • Gartner projects 40 percent of enterprise applications will integrate AI agents by 2026
  • Every integration is a new metadata surface, forming at machine speed, with nobody watching it happen

The Comparison

Metadata exposure comparison: MCP vs A2A vs ACP vs Z-TEXT

One honesty note: MCP, A2A, and ACP are protocol specifications — they define message format and delegation rules. Z-TEXT is a transport a message can travel over. They're not directly competing products. The comparison above is on one dimension only: what happens to metadata once a message is sent.

Does this mean MCP, A2A, or ACP are insecure?

Not inherently. They're doing a different job — interoperability and task delegation — and doing it well enough that Gartner projects 40 percent of enterprise applications will integrate agents through protocols like these by 2026. They simply weren't designed to answer the question "can anyone see who's talking to whom." That question wasn't in scope.

Where does Z-TEXT fit relative to these protocols?

Underneath them, not instead of them. An agent can keep using MCP or A2A to discover tools and delegate tasks, and route the actual message payload through Z-TEXT when the content of that exchange — not just its existence — needs to stay private.

Why This Matters, and Where It's Heading

What actually breaks if agent metadata stays exposed?

More than inconvenience. A metadata graph alone can cause real damage, even if no message content is ever read.

  • Finance — trading agents that reveal negotiation patterns can be front-run
  • Defense — coordination timing between autonomous systems can reveal operational intent
  • Robotics — fleet synchronization patterns can expose physical locations and schedules
  • Healthcare and legal AI — even encrypted case discussions leak who is consulting whom, which can itself be sensitive

None of this requires breaking encryption. Metadata alone is enough for deanonymization and behavioral prediction — documented in human communication for decades, and it scales faster once the participants are machines.

Where is Z-TEXT heading beyond metadata shielding?

Metadata shielding hides who is talking. The next layer is proving what happened, without revealing how. Three pieces are on the roadmap:

  • Private micropayments — agents settle work in BTCZ without a third party seeing the negotiation. This uses Z-TEXT's existing wallet infrastructure and needs no new cryptography.
  • Verifiable audit trail — either party can later reveal a view key to prove a specific exchange happened, without exposing any other conversation. This is a known capability of Sapling-family shielded chains.
  • Proof of execution — an agent proves it completed a task correctly, without exposing the task's data or method. This requires purpose-built zero-knowledge circuit design. It is the least mature of the three and needs dedicated cryptography engineering before it ships. We're stating it as direction, not claiming it today.

None of this requires reinventing zero-knowledge proofs. The work ahead is engineering, not new theory.

Common Questions

Can AI agents use Z-TEXT today?

Yes. Z-TEXT identity is a keypair, not a phone number or email. Any process — human-operated or fully automated — can generate a seed, derive a z-address, and send shielded messages through Z-TEXT's existing infrastructure. Nothing about the message flow requires a human in the loop.

Does Z-TEXT replace MCP or A2A?

No. MCP and A2A handle tool discovery and task delegation between agents. Z-TEXT is a private transport a message can travel over. An agent can keep using MCP or A2A for orchestration and route the message payload through Z-TEXT when the content needs to stay private.

What is a zk-SNARK, in one sentence?

A zk-SNARK is a cryptographic proof that lets one party prove a statement is true, without revealing anything beyond the statement itself. In Z-TEXT, it proves a transaction is valid without revealing who sent it, who received it, or how much it moved.

Is Z-TEXT the same protocol as MCP?

No. MCP is Anthropic's protocol for connecting agents to tools. Z-TEXT is a messenger built on the BitcoinZ blockchain. They solve different problems and can be used together.

Why can't AI agents just use Signal?

Signal requires a phone number per account. That's a hard limit for anything that needs to create many identities programmatically — SMS verification and carrier fraud detection are built to stop exactly that pattern. Z-TEXT identity is a seed-derived keypair, with no phone number step.

What does Z-TEXT hide that encryption alone does not?

Encryption hides message content. It does not hide who sent a message, who received it, or when. Z-TEXT's zk-SNARKs hide sender, recipient, and transaction amount on-chain — the metadata layer that ordinary end-to-end encryption leaves exposed.

Is this the same Z-TEXT used by human privacy activists?

Yes. Same network, same shielded z-address model, same underlying BitcoinZ blockchain. A human's Z-TEXT identity and an AI agent's Z-TEXT identity are the same cryptographic primitive.

Does using Z-TEXT for AI agents cost anything?

Yes. Every message is a BitcoinZ transaction, carrying a small on-chain fee, roughly $0.00003 per message. For a human this is negligible. For an agent sending high volumes, it also acts as a built-in spam deterrent — automated flooding becomes economically costly.

Watch: AI Agents Have a Metadata Problem

▶ Watch the 2-minute explainer on YouTube

Final Verdict

AI agents are being deployed faster than the protocols coordinating them can be secured. MCP and A2A solve interoperability — they let agents find each other and delegate work. Neither was built to hide who's talking to whom, and the 2026 vulnerability record shows what happens when that gap goes unaddressed.

Z-TEXT doesn't compete with MCP or A2A. It sits underneath them, as a transport already proven with human users: zk-SNARKs to shield sender, recipient, and timing; AES-256-GCM to encrypt content; no phone number, ever.

The same infrastructure protecting a journalist's conversation today is the privacy layer autonomous agents don't have yet. One network. Two audiences. Same shielded z-address, same guarantees, whichever side of the conversation is human.

Read the full threat model, what it protects against, and what it deliberately doesn't:
z-text.com/docs/security

🔗 Also read:   Signal vs Z-TEXT  ·  WhatsApp vs Z-TEXT  ·  Session vs Z-TEXT  ·  Telegram vs Z-TEXT  ·  Z-TEXT 3-in-1  ·  The Third Man

Z-TEXT privacy bird

Keywords: AI agent privacy, zk-SNARKs messenger, MCP metadata, A2A protocol privacy, agent-to-agent encrypted messaging, zero-knowledge proof messenger, blockchain messenger for AI agents, no phone number messenger

Read more

FBI Warns of Signal Phishing — Z-TEXT Has No Code to Steal

The FBI Just Warned Signal Users About Phishing. Z-TEXT Users Can't Be Phished the Same Way. The FBI and CISA issued a joint warning this year: Russian state-linked hackers are running mass phishing campaigns against Signal and WhatsApp accounts. Their target — journalists, government officials, military personnel,

By Eric Pierrot - Founder, Z-TEXT LLC — building privacy tools without phone numbers, email, or metadata.