Skip to content
Changelog

XMTP

XMTP is an open-source messaging protocol that uses end-to-end encryption (E2EE) across a decentralized network. It protects messages through their entire lifecycle (including at rest) and hides metadata from unauthorized parties. Via a decentralized network, XMTP rewards node operators and fosters network growth. Its open, interoperable design also simplifies developer integrations across AI, Web3, and enterprise environments.

Privacy

XMTP provides end-to-end encryption to ensure private and secure communications.

  • End-to-end: Servers only see cipher text, preventing data exfiltration through server breaches or insider threats.
  • Trustless: Traditional TLS depends on certificate providers for trust. XMTP avoids single points of failure by leveraging mathematics.
  • Ephemeral identities: Users can remain pseudonymous, minimizing data collection while still enabling secure conversations.
  • Metadata protection: Prevents tracking of additional data like timestamps and message routes, IP, location or device
  • Compliant: Enterprise regulations increasingly require that sensitive data be inaccessible to employees or intermediaries, something server-level TLS cannot guarantee.

Decentralized network

XMTP runs on a network enabling peer-to-peer messaging without relying on central servers.

  • Decentralized: Node operators can form decentralized networks.
  • Permissionless: Anyone can participate in the network by following simple instructions.
  • Transparency: All the data from the network is available to see via the nodes exposing its true secure and private nature.
  • Identity: Agents can automatically verify counterparties using on-chain or decentralized identifiers like ENS
  • Open-source: Easier customization and audibility, with community-driven improvements.
  • Cross-platform: XMTP-based communications can flow across different frontends, backends (multiple SDKs), and AI agent architectures.

Security

XMTP is built on the IETF-standard Messaging Layer Security (MLS) protocol – the same open-source security foundation trusted by Mozilla, Google, Wire, and Cisco.

  • Post-compromise: XMTP offers stronger protection than TLS by using per-message ephemeral keys (ensuring that if a key is compromised, old messages remain safe) and continuous key rotation (so future messages remain secure even if someone gains access to a current key).

Not using E2EE may expose multi-agentic systems to the following threats:

  • Man-in-the-Middle (MitM) attacks
  • Data leakage
  • Insider threats