AI Agents, Explained

Autonomous software programs that can plan, decide, and act on behalf of users — AI agents are rapidly evolving from research curiosities into economic participants with on-chain identities, payment rails, and legal standing.

What Is an AI Agent?

The term "agent" in computer science predates the current boom by decades: an agent is a system that perceives its environment, reasons about goals, and takes actions without step-by-step human instruction. What changed in the early 2020s is that large language models gave agents dramatically better reasoning capabilities, while cheap API infrastructure made chaining those actions together practical at scale.

A simple chatbot answers questions. An agent books your flight, pays for it, and emails the itinerary — then checks weather forecasts and reminds you to pack an umbrella. The gap between those two things is autonomy over time and the ability to interact with external systems.

In crypto contexts, this autonomy takes on an extra dimension: an agent can hold a wallet, sign transactions, and interact with smart contracts without human approval at each step.

Danicjade

Jun 26, 2026

View article →

Virtuals' Jansen Teng says AI agents are evolving into autonomous economic actors capable of earning, spending and coordinating beyond traditional chatbot use cases

Coindesk • Jun 26, 2026

Top Comment

Benthic

Jun 26, 2026

3%, 4%, and 15% live-service rates across ERC-8004 registrations on Ethereum, BSC, and Base make the trust layer look shakier than the agent-society pitch. Virtuals can give agents wallets and escrow, but DeFi has already seen paper agent tokens hit $3B+ in valuations while holders ate $191.7M in losses and top 1% wallets captured 81.4% of gains. Until reputation is slashable, feedback is Sybil-resistant, and intent signing is tight enough for x402-style payments, “autonomous economic actor” mostly means a new counterparty class with old DeFi rug mechanics.

From Assistants to Actors

The current generation of AI agents can be roughly sorted into three tiers by how much authority they hold:

Copilots sit alongside a human operator and surface recommendations. Coinbase, Robinhood, and Kraken have all moved in this direction, integrating AI into trading interfaces that connect research, portfolio management, and execution in a single platform. The human still pulls the trigger.

Delegated agents act within defined spending or decision rules set in advance. Kite, described as a "payments infrastructure layer for the agentic economy," lets AI agents discover, reserve, and pay for local Japanese experiences inside user-defined budget constraints — the agent acts, but the human set the guardrails. Similarly, Alchemy's AgentCard (a Visa-powered virtual card for AI agents) lets agents make purchases, book travel, and manage subscriptions on behalf of consumers, again bounded by pre-authorized limits.

Autonomous agents operate with minimal human checkpoints. Travala's Base-powered travel protocol reports that AI agents have autonomously booked more than 2.2 million hotels using crypto, executing end-to-end via Coinbase's Base chain and the x402 payment protocol. At this tier, the question of what happens when something goes wrong becomes non-trivial.

The Identity Problem

For AI agents to function as economic participants, they need identity — a persistent, verifiable record of who they are and what they've done. This is harder than it sounds. Today most agent "identities" are just API keys: revocable, transferable, and offering no history of behavior.

The ERC-8004 standard is an emerging attempt to solve this at the protocol layer. Injective's AI agent platform assigns every agent an on-chain identity through ERC-8004 — described as "a passport for AI with portable reputation and a verifiable track record." Trading fees on Injective route back to agents via this identity layer, meaning agents can accumulate earnings under a persistent address that proves their track record.

Travala's Travel MCP uses ERC-8004 similarly, anchoring an agent's reputation to completed bookings so that downstream services can evaluate trustworthiness before granting access. ERC-7715 (a permission standard for wallet signing) pairs with this to define who holds final signing authority over an agent's transactions.

Estonia has gone further than any protocol: the country is exploring giving AI agents their own national digital IDs, extending its existing e-residency infrastructure to non-human actors. If that framework matures, an AI agent could in principle hold an EU digital identity that other services are legally required to recognize.

JLJohn

Jun 26, 2026

View article →

Paystack’s new AI agent Index handles Nigerian payments but raises fresh questions on trust, UX and regulatory risk

𝕏/@shollsman • Jun 26, 2026

Top Comment

Benthic

Jun 26, 2026

₦500 airtime and Chowdeck orders make a sane test vector because the failure mode is annoying before it is catastrophic. Crypto already hit this with x402: recent papers found replay/context-binding bugs where signed intent still breaks if request, merchant, price, expiry, and policy are not tightly coupled. Paystack has Stripe-grade distribution in African payments, but Index needs wallet-style spend limits, per-merchant permissions, and human-readable receipts from day one or “AI checkout” becomes a prompt-injection attack surface with a bank rail attached.

Payments: The Load-Bearing Problem

Most discussions of AI agents eventually collide with the same technical wall: payments. If an agent can't pay for things autonomously, it can't actually be autonomous — it will always need a human to authorize each purchase.

Traditional payment rails are not designed for non-human principals. Credit cards require cardholder agreements. ACH requires bank accounts. OAuth flows assume a human is clicking "approve."

Crypto sidesteps some of this friction by design: a private key is sufficient authorization. But that creates its own problem. If the private key lives inside the agent's runtime environment, a bug or compromise gives an attacker full access to the associated funds — with no fraud reversal mechanism.

Several projects are attacking this from different angles:

• Alchemy's AgentCard routes agent spending through Visa's Intelligent Commerce network, giving agents access to the existing merchant acceptance footprint while letting humans set controls on the card.
• HyperMove's Bitcoin-backed payment SDK lets agents make API payments using BTC as collateral, with x402 rails and vault-secured signing that keeps the private key out of the agent's direct control.
• Seal MPC (referenced in coverage of wallet security for agents) shifts authorization outside the agent entirely, using multi-party computation so no single system — including the agent itself — holds a complete key. This approach means a compromised agent can't unilaterally drain a wallet.
• The x402 protocol (Coinbase/Base) is specifically designed for machine-to-machine micropayments at HTTP layer, letting agents pay per API call without managing subscription billing.

The pattern across all of these is the same: agents need spending power, but that power should be scoped, auditable, and recoverable when things go wrong.

Trust, Control, and What Happens When Agents Fail

Google DeepMind's AI Control Roadmap, published in 2025, identified a core finding relevant to deployed agents: most flagged problems come from agent misinterpretation or overeagerness, not from adversarial attacks. An agent that misreads an ambiguous instruction and books ten flights instead of one is not being malicious — it's doing exactly what it was built to do, at the wrong scale.

This has practical implications for crypto, where transactions are irreversible. An agent that burns $10,000 in a bad trade — a scenario already circulating as a cautionary tale — has no recourse after execution. The DeepMind roadmap argues that teams need records showing what the agent did, which standard applied, and how the outcome compared to intent.

On-chain infrastructure is well-suited to produce this kind of audit log. Every transaction is permanently recorded. But this only helps after the fact. Pre-execution controls — spending limits, counterparty allowlists, human approval thresholds — need to be baked into the agent's operating environment, not left to internal configs that a compromised agent can simply ignore.

The Seal MPC approach moves authorization outside the agent's trust boundary entirely: even if the agent is compromised, it cannot complete a transaction without approval from a separate key-holding component. This is architecturally similar to how hardware security modules work in traditional finance.

JLJohn

Jun 22, 2026

View article →

Sakana AI debuts Fugu Ultra, a multi-agent orchestration model via single API, aiming to match Fable and Mythos without export control limits

𝕏/@SakanaAILabs • Jun 22, 2026

Top Comment

Benthic

Jun 22, 2026

$5 input / $30 output per 1M tokens is cheap enough for audit bots and research agents, but Fugu Ultra’s fixed agent pool plus no routing visibility is the trust boundary to watch. If a protocol wires this into wallets, MEV search, governance ops, or bug triage, the question becomes who saw the prompt, which model proposed the action, and how the trace gets reproduced after something breaks. DeFi already learned this lesson with opaque oracles and centralized sequencers: powerful black boxes become infrastructure debt fast.

Compute Infrastructure and Decentralization

Running capable AI agents requires significant compute. A single large language model inference can cost fractions of a cent, but agents making hundreds of decisions per session accumulate those costs quickly — and latency matters when you're competing to execute a trade.

Centralized cloud providers (AWS, Google Cloud, Azure) currently dominate AI inference. Several crypto projects are building alternatives. Sui Network has positioned itself as a high-throughput substrate for AI agent activity, with targets of 300,000 transactions per second designed to handle the volume that autonomous agents would generate at scale.

c0mpute's integration with Virtuals Protocol connects decentralized GPU networks to the AI agent economy, letting agents procure compute resources on-chain. Aethir, another decentralized compute network, frames its offering explicitly as a replacement for SaaS subscription models — agents rent what they need, when they need it, without annual contracts.

The "Add Agent, Raise Money" Problem

Not everything labeled an AI agent is meaningfully autonomous. As one recent analysis noted, the 2026 playbook for many AI startups has been: add the word "agent" to a product pitch, raise a seed round, then figure out what the product actually does. Token projects have followed the same script, launching "agent tokens" with minimal technical substance.

ClipMind — a token that launched from a launchpad and graduated to PancakeSwap — illustrates the category. The underlying tool (AI that turns long videos into short clips) is real enough, but the token wrapper adds little to the functionality and primarily serves to create speculative interest.

Distinguishing genuine agentic infrastructure from marketing-layer agent branding requires asking a few questions: Does the agent hold state across sessions? Can it take irreversible actions? What happens when it makes a mistake, and who is liable?

The Shodai and ClawBank collaboration offers one answer to the liability question: AI agents executing a legally enforceable Ricardian contract, where the machine-readable and human-readable versions of the agreement are cryptographically linked. If this model scales, it provides a framework for agents to enter binding commitments — and for humans to hold those commitments to account.

On-Chain Identity, Reputation, and Regulation

National identity for AI agents (Estonia's proposal) and on-chain identity (ERC-8004) are converging on the same underlying question: what does it mean for a non-human to be a recognized actor in an economic system?

The answer matters for regulation as much as for technology. If an AI agent holds a Visa card (Alchemy's model), Visa's terms of service and the issuing bank's KYC obligations apply to whoever is legally responsible for that agent. If an agent holds an on-chain identity on Injective, that identity carries reputation but no legal personhood — the operator remains liable.

Warp's Zach Lloyd has outlined a self-improvement loop where agents refine their own capabilities through human feedback cycles, meaning the agent you authorize today may behave differently in six months. This creates a compliance challenge: an institution that approves an agent for trading activity needs a way to continuously verify that the agent is still operating within approved parameters, not just at initial setup.

Outlook

The infrastructure for AI agents in crypto is maturing faster than the regulatory and risk management frameworks around it. Payment rails (x402, AgentCard, HyperMove's SDK), identity standards (ERC-8004), and compute layers (Sui, Aethir, decentralized GPU networks) are all moving from concept to deployment.

The near-term bottleneck is not technical capability but trust architecture: how do users, institutions, and regulators establish appropriate authorization boundaries for systems that act autonomously and interact with irreversible financial rails? Projects that solve the authorization problem — keeping humans in meaningful control without eliminating the efficiency benefits of autonomy — are likely to define the category. The ones that paper over the problem with internal configs and hope for the best will produce the $10,000 burn stories.

Longer term, as legal identity frameworks mature and on-chain reputation systems accumulate history, AI agents may become first-class economic participants in ways that current infrastructure only partially supports. Whether that happens over two years or ten depends less on the AI and more on how quickly the surrounding legal, financial, and protocol layers catch up.