The era of AI agents chatting is giving way to agents spending, and Coinbase aims to bridge autonomous software and digital commerce with security.
On Wednesday, the company debuted Agentic Wallets, positioning the product not as another agent framework but as a payments infrastructure built directly into Coinbase’s existing custody and compliance stack.
“It’s not an SDK, it’s not a library—it’s a purpose-built wallet to work with an agent as quickly as possible,” Erik Reppel, head of engineering for Coinbase Developer Platform, told Decrypt. “In itself, it’s not an AI, but it’s something you can give to an AI agent that it’s going to be really good at using.”
Operating on Base, Coinbase’s Ethereum layer-2 network, the Agentic Wallets is less a consumer app and more a technical toolkit built to work with AI models, including ChatGPT, Claude, and the viral OpenClaw.
According to Reppel, the launch targets a growing security risk in AI agents.
“Today, most agents with wallets just have a private key sitting on disk somewhere, and you’re already seeing those wallets get exploited, or people lose access when agents make mistakes,” he said.
Agentic wallets, in contrast, function as a skill within an AI environment. This allows bots to handle USDC, swap tokens, or pay for services using Coinbase’s x402 payment protocol while keeping the vault keys separate from the agent’s core logic.
The release follows the rise of OpenClaw, an open-source framework for creating self-hosted agents that can handle tasks ranging from calendar management to running terminal commands.
The autonomy has led to the development of agent-only projects. Developers have launched projects like SpaceMolt, an MMO game where AI factions mine asteroids; Moltbook, a social platform designed for AI agents to interact with one another; and services like RentAHuman, where bots hire people to perform real-world tasks and pay them using stablecoins.
Giving a bot access to funds carries risk. Experts say allowing software to control money directly creates new security, governance, and compliance challenges that crypto infrastructure alone does not solve.
In a recent report, Ellie Montgomery, a trend researcher at crypto portfolio management firm Hexn, outlined several agent risks, including prompt scams and intent hijacking; broad wallet allowances that extend control beyond a single action; and limited monitoring that makes activity hard to trace or reverse.
To mitigate prompt injection attacks, where a malicious actor might trick an AI into emptying its wallet, Reppel said Coinbase isolates private keys from the AI.
“The keys are stored within Coinbase’s trusted execution environments,” he said. A local session key and email OTP handle authentication, and while Reppel describes it as a self-custodial wallet that users can export off Coinbase, the agent never sees the private key.
“Only you can access the wallet after having authenticated or having your agent authenticate,” Reppel added. “The only thing that’s shown to the wallet is the address.”
While he acknowledged that no sandbox protocol is perfect, Reppel maintains that the system is “several orders of magnitude safer than just having a private key on disk.”
For now, the tool is aimed at developers comfortable with a command line.
“It’s a little technical right now,” Reppel said, adding that the product remains focused on Base for the time being, but future plans could extend to other blockchains.
The move reflects a view that traditional banking systems are not built for autonomous software, while crypto payment rails are.
“Your agent is going to need a way to pay for things, and your credit card is probably not the best way to do it,” Reppel said. “Having a dedicated wallet with stablecoins makes it easier to keep it safe and lowers the friction of sending money.”
