Original title: "The Usefulness of People: Agentic Wallet and the Next Decade of Wallets"

Original source: Bitget Wallet

In 1984, Apple (Macintosh) killed the command line with a mouse. In 2026, Agents are killing the mouse.

This is not a metaphor. Companies like Google, Amazon, NVIDIA, Visa, Microsoft, and Alibaba, which have spent billions refining graphical interfaces, are actively bypassing GUI, shifting towards CLI, API, and Agent-native interfaces. The logic is simple: 0-1 growth depends on humans, but the next tenfold user base will no longer be looking at screens.

But what everyone is avoiding is: when software users transition from humans to Agents, do humans still need to be present?

As early as 1950, Norbert Wiener, the founder of cybernetics, warned that once humanity loses the ability to observe and intervene, feedback loops will break, and systems will go out of control. Today's emphasis by OpenAI on "Harness Engineering" is essentially a continuation of this idea.

Seventy years later, Agentic Wallet faces a cryptographic version of this question. Confirmation pop-ups, signature requests, approval processes, mnemonic backups, multi-factor authentication... The security mechanisms built by crypto wallets over the past decade are all answering one question: "Is this action truly authorized by you?" Agents are causing this human interaction mechanism to begin to fail: requiring human confirmation for each transaction prevents Agents from achieving continuous, real-time, automated execution; directly handing over unfettered control of private keys to Agents exposes humans to unacceptable risks.

The answer does not lie at either extreme. Complete autonomy is the sexiest narrative of the Agent era, but Wiener's warning remains valid.

We believe that Agentic Wallet must simultaneously serve two types of entities: on one hand, providing humans with the ability to set rules, control risks, and intervene in governance; on the other hand, granting Agents constrained execution rights, allowing them to autonomously perform on-chain operations within clearly defined boundaries. In other words, the wallet needs to evolve from a container and signature tool for human assets into a system that allows humans to set boundaries and enables Agents to act within those boundaries.

What should this system look like? This is precisely what this article aims to answer.

1. Beyond Fat Wallet, Another Wallet War

Delphi Digital once presented a powerful judgment in the Fat Wallet Thesis: As protocols and application layers become increasingly homogeneous, value will concentrate at the wallet layer because wallets are closest to users, controlling distribution channels and order flows, and users will remain in a specific wallet for extended periods due to familiar interfaces, accumulated assets, and migration friction.

However, Agents do not follow the same logic. As "unfeeling" machine executors, Agents will not remain in a particular wallet due to interface familiarity, brand preference, or usage habits like humans do; they will continuously seek the combination of infrastructures with the lowest cost, minimal delay, and most stable execution. With the gradual popularization of standards like ERC-8004, the identity and reputation layers of Agents are also expected to migrate across different systems, meaning that the locking effect of wallets on Agents is inherently weaker than that on humans.

Nevertheless, this does not mean the value of wallets will disappear, but rather that the location of value concentration will change. In simple personal usage scenarios, Agents will weaken the moat formed by wallets based on interfaces, habits, and entrances; whereas in relatively complex organizational deployment scenarios, once a company has configured strategy rules, approval processes, risk control parameters, and audit systems around an entire "Agent fleet," migration costs will no longer come from the front-end experience but from the reconstruction of the entire set of permissions, governance, and operational configurations.

Therefore, Agentic Wallet answers another proposition beyond Fat Wallet: Fat Wallet competes for user entry points, while Agentic Wallet competes for control when software begins to directly manage funds.

If we review the evolution of wallets, we find that each change in product form essentially corresponds to a change in the target of user trust:

· Mnemonic wallets require users to trust themselves.

· Smart contract wallets require users to trust the code.

· Embedded wallets require users to trust the service provider.

And by the time we reach Agentic Wallet, what users need to trust is a control system composed of permissions, policies, and governance mechanisms.

The goal of this system is not to let software take over funds but to allow software to act under limited authorization while ensuring that humans always retain ultimate control. Hence, the core of Agentic Wallet is not just "allowing Agents to use wallets," but "allowing Agents to manage funds belonging to human users under conditions that are controllable, auditable, and intervenable."

2. The Boundaries of Wallets, the Starting Point for Agents

Existing wallets still operate well in their originally designed scenarios, but the problem is that an increasing number of Agent-driven use cases are exceeding the design boundaries of current wallets.

Scenario 1: Trading Agents need to act quickly, but "having the ability to execute" does not equate to "being allowed to execute."

A portfolio Agent monitors cross-chain liquidity around the clock. When opportunities arise, it needs to complete transactions within seconds. The control logic of traditional wallets is that users open the application - check the trade - click confirm. By the time this process is completed, the opportunity window is often closed.

From a technical perspective, the Agent possesses the capability to call swap functions, generate calldata, and bridge funds; the problem lies in the fact that ability does not equate to permission. An Agent can initiate a transaction, but that doesn’t mean it should be allowed to freely allocate funds.

The role of Agentic Wallet is precisely to separate the two: Agents can act immediately, but can only do so within predefined rules, such as being limited to approved assets, constrained by daily budget limits, and subject to slippage boundaries, and automatically pausing under abnormal market conditions. Skill defines what Agents "can do," while the wallet constrains what Agents "are allowed to do."

Scenario 2: Payment Agents need to spend money, but should not have full control over funds.

A payment Agent is responsible for automatically settling API bills, SaaS subscription fees, and vendor payments. In the current wallet system, it typically has only two options: either wait for manual approval for every transaction or directly hold a private key with unlimited signature rights. The former is not scalable, while the latter is too risky.

Agentic Wallet provides a form of limited authorization: it can only make payments to whitelisted merchants, can only use specified assets, can only execute payments within the daily budget, and all expenditures are fully recorded.

Scenario 3: Multiple Agents need to have mutually isolated permissions under a shared budget.

One entity may run multiple Agents simultaneously: one responsible for trading, one for payments, one for reviews. While current wallets can create multiple sub-accounts, unifying permissions orchestration for these accounts, setting global budget limits, executing cross-Agent policy constraints, and forming unified audit trails are not innate capabilities of existing wallets.

Under the Agentic Wallet model, this will be treated as a priority design issue: each Agent will have its own independent, clearly defined permissions; meanwhile, a unified policy layer will be responsible for controlling overall risk exposure, frequency limits across Agents, shared budgets, and generating consistent audit records.

These scenarios point to the same conclusion: Private key management remains the foundation of wallet security, and allowing Agents direct access to private keys is an unacceptable risk source in any scenario. But merely managing private keys is not enough.

When the operator shifts from a human to an Agent, the wallet must also answer a second question: who is allowed to act under what conditions, for what amount, on which assets, and to whom. Private key management is the first line of defense, while managing the permission boundaries of non-human operators is the new second layer of firewall introduced in the Agent era.

3. Bounded Autonomy: The Design Philosophy of Agentic Wallet

The current industry is still in the early exploration stage of Agentic Wallet, and there is no truly mature Agentic Wallet solution yet. However, as mentioned in the introduction, what we believe an Agentic Wallet is a funding control system that connects human governance and Agent execution: humans set boundaries, Agents act within those boundaries, and the wallet ensures that this constraint relationship remains executable, auditable, and intervenable.

At the same time, depending on the degree of authorization received, Agentic Wallet may serve the following four scenarios:

Human-controlled: Agents provide suggestions and assistance, but each operation still requires human confirmation. The improvement is in interaction efficiency; the logic of fund control remains unchanged.

Hybrid: Agents handle routine operations like retrieval, quoting, reminding, or low-risk execution; human intervention is reduced, but boundary cases still require human approval, such as touching fund transfers, contract calls, or exceptional branches.

Bounded autonomy: Agents autonomously act within clear rules, limits, and veto paths. Humans transition from transaction approvers to rule makers. The Agentic Wallet discussed in this article primarily refers to this category.

Fully autonomous: Agents possess near-total economic sovereignty and can independently manage funds and bear outcomes without predefined boundaries. This model theoretically exists but remains far from maturity in terms of security, governance, accountability, and compliance, currently remaining in the experimental stage.

As a reference, Stripe’s 2025 annual letter categorizes agentic commerce into five levels: L1 is form-filling elimination, L2 is descriptive search, L3 is persistence, L4 is delegation, and L5 is anticipatory purchasing; concurrently asserting that the current industry as a whole still “lingers between L1 and L2.”

From this perspective, the largest market demand currently may stem from human-controlled and hybrid scenarios, while bounded autonomy represents the real frontier today and the first production-level form of Agents truly managing funds.

Implementing this concept requires a four-layer architecture:

· Account layer: Establish independent, isolated economic containers for each Agent, such as through EOA, smart contract accounts, server wallets, or TEE environments. The system needs to impose differentiated rules on different Agents.

· Permission layer: Define the behavioral boundaries of Agents, such as disposable limits, operable assets, interactive contracts, executable time frames, and action logic after hitting boundaries. This is the core layer of the entire architecture.

· Execution layer: Target Agent interfaces rather than human clicks. Sending, paying, swapping, bridging, rebalancing, liquidating, and settling all need to be abstracted as primitives that can be directly invoked by programs.

· Governance layer: Provide logs, simulations, audit trails, alerts, pause switches, human veto rights, recovery mechanisms, and more. This layer determines whether the Agentic Wallet can truly enter production environments.

Above this four-layer architecture, four core capabilities are needed to support system operation:

Skills: Provide standardized on-chain operation modules. Agents can complete transactions, payments, bridging, and other actions like calling functions without needing to compose the underlying calldata themselves. Skills address the ability abstraction question of "what can be done."

Policies + KYA / KYT: The Policies engine is responsible for rule verification for each operation, transforming boundaries set by humans into machine-executable constraints; the KYA / KYT mechanism is used to identify the source, identity, risk context, and operational history of Agents. The former constrains behavior, and the latter identifies operators, collectively ensuring all fund actions remain within preset boundaries.

Session Key: Provides a limited-time, limited-amount, limited-scope secure delegation mechanism. Agents receive temporary and limited authorization, not full private keys. Authorization expires automatically without manual revocation, “allowing Agents to gain execution qualifications without touching complete keys.”

Audit and Notification: Provide fully traceable operation logs and real-time alert systems. Each action can be traced, every anomaly can be alerted, and every Agent can be paused at any time.

Currently, we usually control Agent's behavior logic through instructions, but task orchestration does not equate to fund constraints.

Agents may still misjudge, deviate, or suffer from attacks and malicious input contamination. The meaning of the wallet layer is precisely to consolidate issues related to fund authority, such as "whether funds can be mobilized, how much can be mobilized, which assets can be operated on, to whom interactions can occur, and how to suspend in the event of anomalies," into system rules in advance. Even if an Agent shows deviation, actual fund actions that can occur remain limited within the preset boundaries.

4. Current Status of Agentic Wallet: Four Paths and Four Gaps

Surrounding existing Agentic Wallet solutions, we have identified four typical cases that have essentially solved "how to allow Agents into the funding system," but have yet to address "how to allow Agents to safely use funds in cross-chain and complex real-world environments."

Coinbase, Safe, Privy, and Polygon have each provided feasible answers from the infrastructure, governance, permissions, and identity perspectives; what remains incomplete is the integration of these partial capabilities into a unified control system that operates cross-chain, moves across environments, and remains viable in complex adversarial scenarios. The common bottleneck faced by Agentic Wallet at this stage is primarily concentrated in the following four gaps:

First, identity and reputation are not yet portable.

An on-chain Agent identity and reputation system can be established, but a universal credit system applicable across chains, wallets, and operational environments does not yet exist. The history and reputation accumulated by an Agent in one ecosystem cannot naturally migrate to another ecosystem.

Second, the strategy layer lacks unified standards.

Coinbase uses spending limits, Safe uses on-chain modules, Privy uses a policy engine, and Polygon uses session-scoped wallets. The industry has generally recognized that the permission layer is core but has yet to form a unified strategy standard that is portable, composable, and reusable across products.

Third, adversarial security remains highly vacant.

Prompt injection, tool poisoning, malicious Skills, and contaminated external inputs are issues that traditional contract audits will not automatically resolve. The new problem introduced in the Agent era is: when the decision-making process of the model is distorted by malicious inputs, how does the wallet identify, intervene, and block the risks.

Fourth, full-chain coverage has yet to be achieved.

Existing solutions mostly depend on a single chain or a limited multi-chain scope, but the economic activities of Agents will not long remain within a single ecosystem. A truly mature Agentic Wallet must address the issues of multi-chain, multiple execution environments, and cross-domain permission consistency.

5. Below the Surface: The Next Decade of Agentic Wallet

Currently, the design focus of Agentic Wallet is to empower humans to impose refined control over Agents. In most implementations, the wallet's role is more akin to a passive signer: Agents call Skills, Skills generate transactions, and the wallet completes signatures on the backend, leading to on-chain execution.

However, if Agents truly start managing funds, simply signing at the last step is clearly not sufficient. A more reasonable approach is to ensure that permission assessments occur before execution: after an Agent calls a Skill, the request should first enter the wallet's Policy Plane, and only upon passing policy verification will execution be allowed.

The so-called Wallet Policy Plane borrows the idea from the system architecture's Control Plane and Data Plane. It sits between Agent behavior and on-chain execution, integrating the Policies engine, KYT/KYA verification, Session Key validation, risk scoring, and anomaly handling into a unified decision area.

This concept is not unfamiliar; Stripe's payment architecture employs similar logic: developers call a clean API, but before funds actually move, Stripe has already performed risk identification, rule checks, and compliance handling in the background. What Agentic Wallet aims to do is essentially the same; the upper layer provides developers with a clean execution interface, while the lower layer achieves permission adjudication through a pre-emptive policy engine.

The urgency lies in that the attack surface brought by prompt injection, tool poisoning, and malicious Skills is rapidly expanding, while the security infrastructure on the wallet side has not kept pace. A standardized Wallet Policy Plane has yet to become a universally accepted basic primitive in the industry.

However, the Policy Plane itself will not be a final state. As the Agent identity and reputation systems gradually mature, authorization logic will shift from being driven by static rules to being driven by dynamic trust. Today, it relies on preset boundaries, limit constraints, whitelists, and manual veto paths; in the future, on-chain transaction records, behavioral trajectories, and cross-ecosystem credit data will gradually form a verifiable credit foundation for Agents, with more authorization decisions being made based on identity, history, and actual performance.

When Agents start conducting economic interactions at machine speed, control mechanisms must be built into the system from inception. The role of the wallet will change accordingly: In the early stages, it is a gatekeeper responsible for preventing boundary violations; in the mature stage, it is closer to infrastructure, facilitating trusted entities to continuously connect accounts, permissions, and settlement systems with lower friction.

In the past decade, the battleground for wallets was the entry point on screens. In the next decade, the battleground will be the layer of control invisible to users.

This article is from a submission and does not represent the views of BlockBeats.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。