Glossary/AI

AI Agent (Autonomous Agent)

An AI agent is a software system, usually built on a large language model, that pursues a goal by planning steps, calling tools or APIs, observing the results, and adapting — acting in a loop without a human approving each step.

What an AI agent actually is

An AI agent is a program that takes a goal and works toward it autonomously: it plans, acts, observes what happened, and adjusts. The distinction that matters is the action loop. A chatbot answers a prompt and stops. An agent breaks a goal into sub-tasks, calls external tools — web search, code execution, a database, a wallet — reads the output, and decides what to do next, repeating until the task is done or it gives up. IBM frames the core components as perception, reasoning, memory, planning, and tool use.

The term "autonomous agent" emphasizes the part people find unsettling: there isn't a human approving every step. That autonomy is the whole value proposition and the entire risk surface at the same time.

How it works

Most production agents in 2026 wrap a frontier LLM with three things it doesn't have on its own. First, tool access — the model emits a structured call ("search X", "run this SQL", "sign this transaction") and a runtime executes it. Second, memory that persists across the full task, not just the last message. Third, a planning loop that decomposes a goal and reroutes when a step fails.

The plumbing connecting the model to its tools is increasingly standardized. The Model Context Protocol (MCP) has become the common interface for exposing tools and data to an agent, which is convenient and, as I'll get to, the single fattest target in the stack.

Why it matters for crypto and payments

This is where the AI and blockchain worlds collide. An agent that can spend money needs an account that doesn't require a human to type a password — and a crypto wallet is a far better fit for a machine than a credit card. Coinbase's x402 protocol, which revives the dormant HTTP 402 "Payment Required" status code, lets an agent hit a paywalled API, get a 402, sign a stablecoin payment, and retry — settled on-chain in seconds, no login. As of March 2026 it had processed over 119 million transactions on Base and roughly $600M in annualized volume, mostly in USDC, and the standard now sits under the Linux Foundation with backing from Google, Stripe, Visa, and Mastercard (CoinDesk).

I think this is the most credible non-speculative use of stablecoins to emerge yet: machine-to-machine settlement where the alternatives (card rails, API keys, monthly invoices) genuinely don't work. It also pairs naturally with Account Abstraction, which gives an agent a programmable wallet with spending limits and session keys instead of a raw private key.

The risks are not theoretical

Giving software a goal, tools, and money removes the human checkpoint that used to catch mistakes. Indirect prompt injection — hostile instructions hidden in a web page, a file, or a tool description the agent reads — is the dominant attack vector, because the agent can't reliably tell data from commands (Atlan). The MCP layer is the prize: compromise it and you own the agent's entire toolset. February 2026 alone saw an RCE in a popular coding agent via repo config files, over 1,000 malicious "skills" poisoning an agent marketplace, and thousands of MCP servers exposed with no authentication (cyberdesserts).

For anyone in a regulated context — and I work at a MiCA-licensed exchange, so I think about this daily — an autonomous agent moving funds raises hard questions the rules haven't fully answered: who is liable when an agent is socially engineered into a bad transfer, and how does the FATF Travel Rule apply when neither sender nor receiver is a person? Today the honest answer is: with non-negotiable spending caps, allowlists, and a human in the loop for anything irreversible.

Current state (2026)

The gap between the slide deck and production is wide. Gartner pegs the agentic AI market at roughly $10.8B in 2026 and predicts task-specific agents in 40% of enterprise apps by year-end — but reports that while ~79% of enterprises claim adoption, only about 11% actually run agents in production, and warns 40%+ of agentic projects may be cancelled by 2027 over unclear value and weak governance (Gartner).

The builder's read: the loop works, the payment rails are real, and the security model is roughly where web apps were before anyone took XSS seriously. The teams that win the next two years won't be the ones with the most autonomous agents — they'll be the ones who figured out exactly where to put the guardrails.

Frequently asked

What's the difference between an AI agent and a chatbot?

A chatbot responds to a prompt and stops. An AI agent pursues a goal across multiple steps — it plans, calls tools or APIs, reads the results, and adapts in a loop until the task is finished, without a human approving each action. The action loop is the dividing line.

How do AI agents pay for things without a credit card?

Most agentic payment systems use a crypto wallet rather than card rails, because a wallet doesn't need a human to enter a password. Protocols like x402 let an agent settle stablecoin payments (mostly USDC) on-chain in seconds when it hits a paywalled API. As of early 2026 x402 had processed over 119 million transactions on Base.

What is the biggest security risk with autonomous AI agents?

Indirect prompt injection — malicious instructions hidden in content the agent reads, such as a web page, file, or tool description. Because an agent can act on what it reads, injected text can hijack its tools to exfiltrate data or move funds. The Model Context Protocol layer that connects the agent to its tools is the highest-value target.

Sources

← All termsStablecoin Regulation Explorer →Read the blog →