Think of AI agents like new interns with admin access to every system in the building. They’re eager, capable, and potentially catastrophic. Security researchers are now making the case that the crypto industry should stop treating AI agents as reliable tools and start treating them the way operating systems treat untrusted code: with guardrails, monitoring, and minimal privileges.

The argument comes as AI agents proliferate across crypto, handling everything from automated payments to wallet interactions. Circle CEO Jeremy Allaire has projected a future with tens of billions of AI agents performing economic work, many of them relying on stablecoins like USDC to transact.

The case for distrust

A May 2026 paper outlined the core thesis: the AI models behind autonomous agents should be classified as inherently untrusted components.

A March 9, 2026, submission to the US government reinforced this thinking, recommending layered safeguards for capable AI agents. The authors pointed to significant gaps in current evaluation techniques, meaning the industry lacks reliable ways to verify that an AI agent will behave as intended before giving it access to sensitive systems.

The $500K wake-up call

The theoretical risk became very real in April 2026. CoinDesk reported on April 13 that vulnerabilities in LLM routers, the infrastructure layer that directs queries between different AI models, had been exploited in a $500K crypto wallet theft.

LLM routers sit between the user-facing agent and the underlying models. They decide which model handles which request. When attackers compromised this layer, they were able to redirect agent behavior in ways that drained funds.

The researchers’ framework addresses this by shifting focus from model-level security to system-level security. Instead of trying to make the AI model itself bulletproof, the approach wraps the model in external controls: access restrictions, behavioral monitoring, transaction limits, and anomaly detection.

What this means for crypto investors

For DeFi users, the immediate takeaway is caution. If you’re using any service that delegates wallet authority to an AI agent, the security of that arrangement depends not just on the agent’s code, but on every infrastructure layer it touches. The LLM router exploit demonstrated that attacks can come from components most users don’t even know exist.

The March 2026 submission to the US government signals that policymakers are already thinking about AI agent oversight. If regulators adopt the untrusted-system framework, compliance requirements for crypto platforms using AI agents could expand significantly.