On-chain AI security and wallet monitoring

Crypto startups are building tools that watch wallet activity like a bank’s fraud desk, then score whether an AI agent’s next on-chain move looks safe before it signs. (coindesk.com) An on-chain AI agent is software that can read blockchain data and send transactions with a wallet, often without a human clicking “confirm” each time. Coinbase’s AgentKit, one of the best-known developer toolkits in the category, was the subject of an April 11, 2026 disclosure describing a prompt-injection flaw that could trigger transfers or token approvals in some setups. (coindesk.com, x402warden.com) That attack did not require stealing a private key. The researcher said untrusted input could push the model toward sensitive tool calls, including native token transfers and effectively unlimited ERC-20 approvals, and Coinbase validated the report after it was filed on February 24, 2026. (x402warden.com) The new security products target that execution layer: not just “who owns this wallet,” but “should this action happen right now.” Sumsub’s crypto monitoring product, for example, already offers wallet and transaction risk scoring through integrations with TRM Labs and Merkle Science, showing how risk scoring has moved into live payment flows. (docs.sumsub.com) In plain terms, blockchain telemetry means the public trail of wallet balances, transfers, contract calls, and counterparties that anyone can inspect on-chain. Machine-learning systems turn that raw trail into patterns, such as whether a wallet suddenly changed behavior, touched known scam infrastructure, or is about to route funds through a risky contract. (chainalysis.com, scorechain.com) Some teams are also trying to keep the monitoring itself from exposing too much user data. A March 2026 paper in *Scientific Reports* described a self-custody wallet design with real-time transaction scoring, adaptive authentication, programmable policy controls, and zero-knowledge privacy features. (nature.com) The timing is tied to a jump in agent activity and a run of costly mistakes. Claw Wallet, which launched on April 2, 2026 as wallet infrastructure for autonomous agents, cited a February liquidation in which an agent sold 52.43 million LOBSTAR tokens, turning holdings valued at about $250,000 into roughly $40,000 after misreading a request. (prnewswire.com) That is why another branch of the market is pushing verifiable records for agents, which function more like tamper-evident receipts than fraud scores. Hedera Foundation said in October 2025 that its agent framework stores attestations of compliance, provenance, and lineage on-chain, while newer tooling such as NexArt and WeilChain markets cryptographically signed execution records for each workflow run. (hedera.foundation, nexart.io, weilliptic.ai) The split is becoming clearer: one set of companies tries to stop a bad transaction before it happens, and another tries to prove exactly what the agent did after it runs. Both approaches are aimed at the same problem identified in recent agent-wallet incidents: the weak point is often execution control, not wallet identity alone. (x402warden.com, coindesk.com)