Coinbase has launched a tool that lets artificial intelligence agents make payments and trade crypto on behalf of users, but the headline obscures the more interesting story: the custody architecture that decides what an agent can actually do with your money. The tool, announced this week, bundles Coinbase’s existing MPC wallet infrastructure, its recently released Agent SDK, and its trading APIs into a single interface that an AI model can call. The agent never holds a raw private key. Instead, it operates within a sandbox of pre-authorized spending limits and allowed asset types, turning the agent from a principal into a delegated actor with a strictly bounded mandate. That distinction—between giving an agent the keys and giving it a permission slip—is the whole ballgame.
The Architecture: API Keys, Not Private Keys
The tool’s core design choice is that AI agents authenticate via API keys that map to a user’s Coinbase account, not by controlling an on-chain address directly. Under the hood, Coinbase uses multi-party computation (MPC) wallets where the private key is split into shards held by the user, Coinbase, and optionally a third-party backup service. The agent’s API key can request a signature from this MPC setup, but only if the requested transaction falls within the policy bounds the user has set—maximum spend per transaction, daily volume caps, whitelisted counterparties, and permitted asset types. This is the same architecture we described last week when Coinbase released its Agent SDK, but the new tool makes it accessible to non-developers by packaging it into a consumer-facing product. The agent is not a signer; it is a requester. The MPC enclave is the signer, and the policy engine is the gatekeeper.
What the Agent Can Actually Do
According to Coinbase’s announcement, the tool allows AI agents to send USDC payments, execute market orders on Coinbase’s exchange, and manage a portfolio of supported assets. The agent can also interact with Base, Coinbase’s Ethereum layer-2 network, where much of the on-chain agent activity already happens. The practical use cases Coinbase highlights include an AI assistant that pays a freelancer in USDC after the user approves an invoice, or a trading bot that rebalances a portfolio within pre-set allocation bands. Notably, the agent cannot withdraw funds to an external address without explicit human approval—a limitation that is both a safety feature and a constraint on the kind of autonomous commerce the industry has been promising. This is not an agent that can independently discover a service, negotiate a price, and pay for it. It is an agent that can execute pre-authorized actions within a walled garden.
The Rebranding Problem: New Wrapper, Same Infrastructure
What Coinbase announced this week is less a new product than a rebundling of existing pieces. The MPC wallet architecture has been live since Coinbase launched its Wallet-as-a-Service in 2023. The Agent SDK, which we covered on June 12, already exposed trading and payment endpoints to AI models. The trading API has existed for years. The new tool stitches these together with a user interface that lets someone connect an AI model—Coinbase name-checks ChatGPT but the tool is model-agnostic—and configure spending policies without writing code. The market positioning is clear: Coinbase wants to be the default financial layer for AI agents, and it is betting that its custody infrastructure, regulatory licenses, and existing user base give it an edge over crypto-native competitors like Skyfire or Payman. But the product itself is an incremental step, not a leap.
The Open Question: How Much Autonomy Is Enough?
The tension at the heart of this product is the same tension that runs through the entire agentic-payments space: how much autonomy do you give an agent before the risk profile becomes unacceptable? Coinbase’s answer is conservative. The agent can spend within limits, trade within guardrails, and never move funds off-platform without a human signature. That makes it safe enough for retail users, but it also means the agent cannot do the things that would make agentic commerce truly transformative—like discovering and paying for services on the open web, negotiating with other agents, or managing a treasury without human intervention. Visa and Mastercard, as we wrote earlier this week, are building a different model where agents get a persistent identity on legacy rails and can initiate payments within a delegated-authorization framework. Coinbase’s model keeps the agent on a shorter leash. The question is whether the market wants a financial agent that is more like a smart autocomplete for payments, or one that can act as an independent economic actor. Coinbase is betting on the former, at least for now.