Coinbase’s latest product launch gives AI agents the ability to trade, pay, and manage portfolios autonomously—but the architecture underneath it reveals a tension that the industry has been avoiding. The company’s new agentic trading platform and agent wallets, reported this week, rely on multi-party computation (MPC) wallets that split private keys across multiple parties so no single entity ever holds the full key. That design has worked well for human users who occasionally sign transactions. But when the signer is an autonomous agent executing trades at machine speed, the assumptions that make MPC safe start to look fragile. The question isn’t whether agents can trade—it’s whether the custody architecture can survive them.
How Coinbase’s Agent Wallets Actually Work
The agent wallets Coinbase is deploying use MPC to generate and manage private keys. In a standard MPC setup, the key is split into shards held by different parties—typically the user’s device, Coinbase’s servers, and sometimes a third-party backup service. To sign a transaction, the parties run a cryptographic protocol that produces a valid signature without ever reassembling the full key. For human users, this works because there’s a natural pause between transactions: you open the app, review the details, and approve. The MPC protocol has time to complete its rounds. But an AI agent executing a trading strategy might need to sign dozens of transactions per minute. Each signature requires multiple rounds of communication between the shard holders. Latency becomes a real constraint, and the system has to decide: do you optimize for speed or security?
The Policy Engine Is the New Attack Surface
Coinbase’s architecture adds a policy layer on top of the MPC wallets—pre-authorized spending limits, allowed counterparties, and trading parameters that users configure before the agent goes live. This is the circuit breaker: the agent can only operate within the bounds the user set. But defining those bounds for a trading agent is orders of magnitude harder than setting a daily spending limit for a consumer wallet. A trading strategy that’s safe under normal volatility might become catastrophic during a flash crash. The policy engine has to interpret market conditions in real time and decide whether to halt the agent—which means it needs access to price feeds, volatility data, and liquidation thresholds. Every data feed the policy engine consumes is a potential manipulation vector. If an attacker can spoof the price feed that triggers the circuit breaker, they can either freeze the agent at a profitable moment or let it run past its safety limits.
The Autonomy-Security Spectrum
The deeper problem is that MPC wallets were designed for a world where a human is always in the loop, even if the loop is slow. The MPC protocol itself assumes that the parties holding key shards are independent and won’t collude. But when an agent is signing transactions autonomously, the user’s device shard has to be available and responsive at all times—which means it’s likely running on cloud infrastructure, not a phone in someone’s pocket. If both the user’s shard and Coinbase’s shard are running in data centers, the independence assumption weakens. An attacker who compromises the orchestration layer that manages both shards could potentially coerce them into signing malicious transactions. Coinbase hasn’t publicly detailed how it maintains shard independence for agent wallets, but the architecture demands it: without true independence, MPC degrades to single-point-of-failure security with extra steps.
What This Means for the Agentic Payment Stack
Coinbase’s move into agentic trading is part of a broader pattern we’ve been tracking: the agentic payment stack is splitting into two layers. Visa and Mastercard are building identity and authorization layers that plug into legacy rails, while crypto-native platforms like Coinbase are building settlement layers where agents hold and move value directly. The MPC wallet is the interface between these layers—it’s where the agent’s identity meets its treasury. If Coinbase can make MPC work at trading speed and scale, it establishes a template for how agents hold assets without custodial risk. If it can’t, the industry will drift toward simpler models: either fully custodial wallets where the exchange holds the keys, or smart-contract wallets where the agent’s logic and its assets live on-chain together. Both alternatives sacrifice something—custodial wallets sacrifice self-sovereignty, smart-contract wallets sacrifice flexibility and upgradeability. The MPC stress test is really a test of whether we can have all three: speed, security, and autonomy.