Autonomous and semi-autonomous AI systems — planning, tool use, multi-agent coordination.
Yesterday an AI agent deployed a prediction market on Gnosis; other agents will price it, bet on it, and resolve it. The calibration data behind LLM forecasters, the FPMM math they trade against, and what breaks when the marginal bettor is a model.
ERC-8004's agent registries went live in January. We read them straight off the chain: ~90,000 registrations across Ethereum and Base, a $0.003 ERC-4337 registration dissected — and a reputation registry already farmed with vouch spam.
An autonomous agent can't sign up for an API key or swipe a credit card. x402 revives HTTP 402 and settles in gasless USDC — here's the EIP-3009 handshake, the facilitator trust model, and where prompt injection breaks it.
We pulled a live x402 settlement off Base: a $0.013 USDC transfer relayed by a facilitator wallet with a nonce past 1.7 million, at an 11% gas-to-value ratio. What on-chain evidence and 100M transactions actually say about the agent economy.
An agent hits an API, gets HTTP 402, signs a stablecoin authorization, and a facilitator settles it on-chain for a fraction of a cent. We trace one real payment on Base down to the gas — and where the trust actually sits.
An agent holding your raw key is one prompt injection from total loss — and 97% of early EIP-7702 delegations went to drainer sweepers. We read the sweeper's source off the chain, dissect a real 35.97-USDC-a-day spend permission on Base, and do the blast-radius math.
We ran multi-agent LLM pipelines against historical exploit corpora and live audit engagements. The results reshape where AI fits in a security review — and where it absolutely doesn't.