MetaMask has launched Agent Wallet, a self-custodial wallet designed to let AI agents autonomously trade and interact with decentralized finance protocols while operating within user-defined security controls. (Disclaimer: MetaMask is a product of Consensys, one of numerous investors in an editorially independent Decrypt.)

The launch comes as crypto developers increasingly move to develop AI agents capable of managing portfolios, executing trades, and interacting directly with decentralized applications. The product is currently available to roughly 200 users through an Early Access Program, with a wider rollout expected later this summer.

"It’s genuinely day one for agents, but the infrastructure decision can’t wait because agents are already touching real money, and most of them are doing it the wrong way," MetaMask Senior Director of Product Zhen Yu Tong told Decrypt.

According to Tong, many projects currently on the market are developed giving AI agents direct access to private keys, creating the risk that agents could execute unintended transactions or lose funds through errors rather than hacks.



"If the first generation of trading agents normalizes giving away your keys, we'll be rebuilding the custodial mistakes crypto spent a decade escaping," he said.

According to MetaMask, Agent Wallet routes transactions through the company’s existing security infrastructure, including transaction simulation, scam and malicious-contract detection, Blockaid-powered threat scanning, Clear Signing, and Servo MEV protection.

Rather than assuming AI models can be fully protected from manipulation, MetaMask said it developed the wallet around controls designed to limit the consequences when agents make mistakes.

"The honest premise first: You cannot guarantee an LLM won't be tricked,” Tong said. “Prompt injection is an open research problem, not a bug you patch once.”

Prompt injection attacks happen when malicious instructions are used to compromise an AI system, causing it to do something it wasn't supposed to do. In crypto, that could mean being fooled into approving transactions, moving funds, or interacting with a malicious smart contract.

To prevent this, in the Agent Wallet's default Guard Mode, users define spending limits, approved protocols, and other operating parameters. Transactions that exceed those rules or are flagged as suspicious require two-factor authentication before they can proceed.

A less restrictive Beast Mode allows agents to operate more independently, while still requiring approval for transactions identified as malicious.

“Beast Mode is for users who want genuinely hands-off operation—the agent acts without a pop-up on every transaction,” Tong said. “What Beast Mode does not do is switch off the safety net. If our threat detection flags a transaction as malicious, 2FA still fires no matter what mode you’re in. That’s non-negotiable.”

As Tong explained, operating without approval doesn’t mean without limits. Beast Mode still operates within user-defined guardrails, including spending limits, approved assets and protocols, and time-based restrictions, allowing agents to rebalance portfolios, interact with verified contracts, and settle payments autonomously without requiring approval for every transaction.

“Think of it like banks or exchanges, where you need to add recipients to an allowlist before you can send to them. That's Guard Mode—the user pre-approves who the agent can interact with, and anything outside that list triggers 2FA,” he said. “Beast Mode flips it: addresses are scanned in real time, and 2FA fires if any are flagged as bad—but the user doesn't have to add anyone to an allowlist upfront.”

The wallet supports Ethereum Virtual Machine-compatible chains, Hyperliquid, and agent frameworks, including OpenAI Codex, Anthropic's Claude Code, Cursor, OpenClaw, and Hermes Agent. It uses Cubist's trusted execution environment technology to keep private keys inside a hardware-isolated enclave during signing, which Tong said prevents MetaMask and Consensys from accessing users' key material.

MetaMask's Agent Wallet launch follows other crypto companies rolling out infrastructure for AI agents.

In February, Coinbase introduced Agentic Wallets, a self-custodial wallet designed to let AI agents send payments and manage crypto assets while keeping private keys isolated inside trusted execution environments. In March, MoonPay expanded its own agent strategy by integrating Ledger hardware wallets for human-approved AI transactions.

The crypto payments firm later launched the Open Wallet Standard, an open-source framework backed by contributors including PayPal, the Ethereum Foundation, Solana Foundation, Ripple, and Base that aims to standardize how AI agents manage wallets and funds across blockchains. (Disclaimer: MoonPay Ventures is an investor in Decrypt's parent company, Dastan.)

Last week, MoonPay followed with a desktop app for Claude Code and OpenAI Codex that lets users connect AI assistants to wallets, token swaps, prediction markets, and other blockchain tools through a graphical interface.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。