AI Agents Should Be Treated as Untrusted Systems, Researchers Argue
Researchers from Google and Gray Swan AI argue for treating AI agents as untrusted systems, applying systems security principles to prevent attacks. In crypto, AI agents are increasingly used for trading and Web3, evidenced by recent exploits like Bankr, underscoring the need for robust security frameworks.
Quick Take
New research urges treating AI agents as untrusted components.
Three security mechanisms could stop most attacks: instruction-data separation, least privilege, data flow control.
Crypto AI agent Bankr disabled after attacker accessed 14 wallets.
AI agents expected to boom in crypto; security must be prioritized.
Market Impact Analysis
NeutralResearch paper proposes security framework with no direct price catalyst; long-term ecosystem improvement potential.
Speculation Analysis
Key Takeaways
- AI agents in crypto should be treated as untrusted systems, applying decades of systems security research to mitigate exploits.
- Three core mechanisms—instruction-data separation, least privilege, and data flow control—could eliminate a large fraction of attacks.
- The recent Bankr exploit, where an attacker accessed at least 14 wallets, underscores the urgency of robust agent security.
- With billions of AI agents predicted to operate on-chain within five years, proactive security frameworks could prevent catastrophic losses.
What Happened
Researchers from Google, Gray Swan AI, and several universities released a paper on May 20 arguing that AI agent security must be treated as a systems problem, not just a model robustness issue. They propose viewing agents as untrusted components, applying decades of computer security principles to prevent manipulation. The urgency was highlighted the same day when Bankr, a crypto trading assistant, disabled transactions after an attacker gained access to at least 14 wallets. The incident exposed how rapidly AI agents in crypto can be exploited without proper safeguards.
The Numbers
The research identifies just three security mechanisms that could eliminate a large fraction of current attacks. In the Bankr case, an unauthorized actor accessed 14 wallets, forcing immediate transactional shutdown. Circle CEO Jeremy Allaire predicts billions of AI agents will operate on users' behalf within five years, each potentially holding assets or executing trades. Without systemic security, the threat surface expands exponentially. The paper’s framework, if adopted, could harden these agents against instruction injection, privilege escalation, and data exfiltration.
Why It Happened
The surge in AI agent usage across crypto—from automated trading to DeFi interactions—has outpaced security considerations. Developers often treat AI models as trusted entities, granting them broad permissions and failing to isolate instructions from external data. This creates attack vectors where malicious prompts or corrupted data can hijack agent behavior. The Bankr exploit likely involved a hacker injecting rogue commands, a classic systems security failure. The research paper directly addresses this gap by reframing agents as inherently untrusted, requiring the same defenses applied to any external-facing component.
Broader Impact
As AI agents become integral to Web3—launching tokens, managing wallets, and executing autonomous strategies—the proposed framework could set an industry security standard. If implemented, it may prevent the kind of multimillion-dollar exploits that have plagued DeFi protocols. The shift from reactive patching to proactive systems design could also attract institutional capital by reducing existential risks. For builders, adopting least privilege and data flow controls now avoids reputational damage and regulatory scrutiny later.
What to Watch Next
- Adoption by major protocols: Will leading AI agent projects like Fetch.ai or Autonolas integrate the three security mechanisms into their stacks?
- New attack disclosures: Post-Bankr, more exploits may surface as whitehats audit live agents for instruction-data confusion vulnerabilities.
- Regulatory signals: If lawmakers tie AI agent security to consumer protection in crypto, frameworks like this could become compliance benchmarks.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
