Cobo Agentic Wallet: A New Paradigm for Autonomous AI Agent Transactions and Payments

It has been just over three years since the launch of ChatGPT, yet the speed of AI’s evolution has been remarkable.

What began as simple interactions within a chat interface has rapidly expanded into multimodal capabilities—generating content, editing documents, creating images, and writing code. Now, with the rise of AI Agents, the interface itself is evolving. The chatbox is giving way to something more powerful: a digital counterpart capable of organizing files, responding to emails, and even placing orders on a user’s behalf.

AI is no longer confined to conversation. It is beginning to act.

As AI moves from dialogue to execution, AI Agents have quickly become one of the most active new participants in the Web3 ecosystem. Enabling agents to engage in payments and transactions is a natural progression. In doing so, they are starting to take on one of the most critical responsibilities of all: managing money.

Autonomous DeFi portfolio rebalancing, micro-payments, tipping, and cross-protocol arbitrage are no longer theoretical—they are already taking shape and scaling. By 2025, an estimated 19% of on-chain activity is expected to originate from autonomous or agent-driven operations. Analysts project that by the end of 2026, AI Agents could account for up to 30% of total on-chain transaction volume.

At the same time, as enthusiasm builds around AI-driven value creation, the risks introduced by autonomous agents are becoming increasingly difficult to ignore.

The Invisible Risks Behind “Transaction Complete”

Security researchers have repeatedly shown that general-purpose agent frameworks contain dozens—sometimes hundreds—of documented vulnerabilities, including high-risk exposures. More importantly, AI Agents introduce an entirely new attack surface at the semantic level, driven by their ability to plan and act autonomously:

• Prompt Injection: Attackers embed malicious instructions into web pages, emails, or tool outputs, influencing the agent’s context and causing unintended actions.

• Data Poisoning: Corrupted training data or retrieved external documents distort the agent’s understanding of facts and norms.

• Hallucinated Parameters: Agents confidently generate incorrect contract addresses, ABI parameters, or signature fields.

• Goal-Oriented Constraint Bypassing: When objectives conflict with constraints, agents may attempt to “work around” restrictions—modifying parameters, bypassing limits, or interacting with explicitly disallowed protocols.

The last category is particularly challenging. From the agent’s perspective, it is simply completing the task. From the user’s perspective, it is acting beyond its authority.

This is not a traditional hack, nor a simple coding flaw. It is a systemic risk introduced by autonomy itself.

At its core, this reflects an inherent limitation of AI Agents built on large language models. Constraints expressed in natural language—even highly specific prompts—are ultimately interpreted, not enforced. To an agent, they remain suggestions that can be reinterpreted under pressure.

If AI Agents are to operate safely in financial environments, their security boundaries cannot rely on semantics alone. They must be enforced at the infrastructure level—shifting from “agents choosing to comply” to “systems that enforce compliance by design.”

Guided by this principle, and drawing on nearly nine years of experience in digital asset custody and security, Cobo introduces the Cobo Agentic Wallet (CAW)—an MPC-based wallet purpose-built for AI Agents.

What Is the Cobo Agentic Wallet?

The Cobo Agentic Wallet is designed to enable AI Agents to perform autonomous transactions and payments—while ensuring that every action remains secure, controlled, and verifiable.

More than just a wallet, CAW serves as a dedicated on-chain trust layer for AI Agents. Built on highly secure Multi-Party Computation (MPC), and enhanced by Cobo’s proprietary Pact authorization framework and Recipe execution layer, it introduces a new approach to financial infrastructure in the age of machine-driven economies.

CAW is built around three core innovations:

• The first MPC-based wallet for AI Agents, eliminating the need to hand over private keys

• The first infrastructure-enforced human-agent authorization protocol (Pact), ensuring agents cannot exceed defined boundaries

• The first Recipe-driven execution layer, enabling agents to perform tasks reliably without relying on model improvisation

With full open-source support, developer-friendly SDKs, and compatibility across 80+ blockchains and 3,000+ tokens, CAW is designed to scale with the evolving AI ecosystem.

Pact: Turning Constraints into Enforceable Infrastructure

“Traditional agent wallets simply delegate wallet capabilities to agents. Cobo Agentic Wallet goes further by introducing Pact—a framework enforced at the infrastructure level to ensure agents cannot breach security boundaries.” — Changhao Jiang, Co-Founder and CTO, Cobo

One of CAW’s core innovations is Pact, a protocol-level control mechanism that redefines how constraints are applied.

In most agentic wallets today, rules such as spending limits or approval flows are manually configured through interfaces designed for humans. These rules exist outside the agent as external guidance. As agents become more autonomous and more numerous, this model quickly breaks down.

Pact takes a fundamentally different approach.

Constraints are not pre-configured—they are generated dynamically as part of the task itself, and enforced by the wallet before every transaction is signed.

The workflow is as follows:

1. The AI Agent receives a task and generates a Pact, containing four elements: intent, execution plan, policy constraints, and completion conditions

2. The user reviews, approves, rejects, or tightens the Pact via the Cobo mobile app

3. Once activated, Cobo’s three-layer policy engine (global → wallet → delegation) validates every transaction against the Pact before MPC signing

4. Any request that falls outside the Pact’s scope is automatically rejected

Critically, when an agent encounters constraints or friction, its only valid action is to stop and report. It cannot reinterpret the task, modify parameters, or attempt alternative execution paths.

Without a valid signature, no transaction can be executed or broadcast.

This removes the possibility of silent manipulation and ensures full auditability, with the ability to freeze all activity instantly if needed.

Recipe: Giving Agents Reliable Execution Capabilities

If Pact defines what an agent can and cannot do, Recipe addresses a different question: how to ensure the task is executed correctly.

Recipe is a structured execution framework that packages all the necessary components of an on-chain task—including contract addresses, parameter constraints, execution paths, and risk controls—into predefined templates.

This allows agents to execute reliably without relying on ad-hoc reasoning from large models.

The initial Recipe library covers the most common AI Agent use cases:

• DeFi yield optimization: Monitoring APY and reallocating assets across approved protocols such as Aave V3, Compound, and Morpho

• Token swaps via Uniswap V3 and Jupiter: Optimized routing with slippage protection

• DCA and grid strategies: Automated investing and market-making based on user-defined schedules and price ranges

• On-chain derivatives: Including perpetuals on Drift and prediction markets such as Polymarket

• Micropayments via X402 and Stripe: Enabling pay-per-use access to APIs, content, and compute

• Social tipping bots: Distributing token rewards to Discord or Telegram communities based on predefined rules

• Institutional payroll automation: Supporting multi-party approvals and budget constraints

• Emergency freeze: Instantly revoking all active Pacts and cutting off agent payment permissions

With Recipe, agents no longer hallucinate contract addresses, fabricate parameters, or miscalculate gas. They execute along verified, pre-defined paths.

In simple terms: Pact defines the boundaries. Recipe provides the capabilities.

Together, they make delegating on-chain operations to AI Agents both practical and reliable—while preserving control.

Institutional-Grade Security: MPC at the Core

In addition to Pact and Recipe, CAW inherits Cobo’s security foundation built over nearly a decade of serving institutional clients and safeguarding billions in digital assets.

CAW leverages MPC threshold signature technology, splitting private keys into encrypted shares—one held by the user, one by Cobo infrastructure—eliminating single points of failure.

Even in extreme scenarios—such as severe prompt injection or data poisoning—an AI Agent never has access to a complete private key and cannot independently generate a valid signature.

This fundamentally removes the risk of unilateral asset compromise by an agent.

This architecture stands in contrast to solutions that rely on Trusted Execution Environments (TEE), API keys, or delegated accounts. MPC provides guarantees at the cryptographic level, rather than relying on software-based trust assumptions.

Ecosystem Enablement: From Developers to End Users

CAW is designed to lower the barrier to integrating AI Agents with Web3 through a comprehensive, ready-to-use toolkit:

• Developer-friendly design: Open-source SDKs with seamless integration into frameworks such as LangChain, OpenAI Agents, Claude MCP, CrewAI, and Agno

• 3 lines vs. 500 lines: The CAW CLI compresses complex policy logic into a simple Pact declaration

• 2 operational modes: Custodial mode (coming soon) for high-frequency, low-latency use cases; MPC mode (available today) for high-value, high-risk scenarios

• Immutable audit logs: Fully searchable across policies, timestamps, agent identities, and actions for compliance and governance

• One-click freeze: Instantly disable all active Pacts from mobile, without key rotation or system downtime

Controlled Freedom Enables Real Adoption

Just as the invention of brakes made high-speed driving possible, meaningful adoption of AI Agents requires strong, enforceable safeguards.

By combining the Pact authorization framework, the Recipe execution layer, and institutional-grade MPC security, CAW establishes a trusted foundation for the emerging agentic economy—one where AI Agents can operate autonomously, but always within clearly defined boundaries.

Cobo believes that as AI Agents move toward mainstream adoption, security and trust will define the final mile.

The Cobo Agentic Wallet is not simply an evolution of wallets—it is a foundational layer for the future machine economy.

Agents gain autonomy. Users retain certainty. That is the CAW model.