What happens when an AI agent can trade your portfolio, pay for API access, and deploy smart contracts, but there is no guaranteed mechanism ensuring you remain in charge?
That question has moved from philosophical to urgent. Daily active on-chain AI agents crossed 250,000 in early 2026, showing more than 400 percent growth compared to 2025, and more than 68 percent of new DeFi protocols launched in the first quarter of 2026 included at least one autonomous AI agent for trading or liquidity management. The infrastructure, however, has largely assumed that agents will be supervised through custom code written by developers for each deployment. There has been no standard for what "human oversight" looks like at the wallet layer, the point where decisions become transactions.
On March 31, Human.tech launched Agentic WaaP (Wallet as a Protocol) at WalletCon 2026 in Cannes, with a specific answer to that question. The company describes it not as a wallet product, but as agent security infrastructure: a system where AI agents operate within cryptographically enforced boundaries set by users, and where actions beyond those boundaries require active human approval before they execute.
What Agentic WaaP Actually Does, and Why It Is Different
To understand why this matters, consider how current AI agent deployments handle money. When a developer builds an agent using frameworks such as Coinbase AgentKit, LangChain, or CrewAI, they typically grant the agent access to a wallet with a private key. That key is held somewhere in the system, often in a server environment controlled by the developer or a third-party custodian. The agent can spend, trade, or transfer from that wallet within whatever limits the developer programmed. If those limits are wrong, or if the system is compromised, the user has limited recourse.
Agentic WaaP changes the custody model. The system uses a two-party computation approach, where the private key is split between the user's device and a secure enclave. Neither the agent, the developer, nor Human.tech can independently initiate a transaction. Think of it as a dual-key safe: both keys must be present for the safe to open, and one key never leaves your possession. This is a meaningful structural shift from how most wallet-as-a-service products operate today, where developers effectively hold root authority over user funds.
The practical interface for users is a system of what Human.tech calls Privileges, formerly named Permission Tokens. A Privilege defines what the agent can do: which contracts it can interact with, how much it can spend, and for how long those permissions are active. When the agent attempts something outside those parameters, the user receives a Telegram notification requiring a single tap to approve or deny. Shady El Damaty, co-founder of Human.tech, explains, "Privileges let you define exactly what an agent can do, how much it can spend, which contracts it can interact with, and for how long. Above your threshold, you receive a Telegram approval request. One tap confirms or denies the action."
The Custody Problem at the Core of the Agent Economy
The phrase "agent economy" describes a world where software systems act on behalf of humans without requiring human input at each step. That capability is genuinely useful: an agent that can monitor a DeFi position and rebalance it at 3am is more efficient than one that wakes a human up to approve every transaction. Coinbase has argued that AI agents "hit a wall when they need to actually do something that requires money," noting that agents today can recommend trades but cannot execute them, and that financial actions still require human approval. The question is not whether agents should act autonomously at all, but how much autonomy is appropriate and how that boundary is enforced.
The current answer, in most systems, is trust. Developers trust their code. Users trust developers. That model works until it does not. The history of crypto includes dozens of incidents where trusted custodians or misconfigured smart contracts resulted in user losses. Extending that model to autonomous agents, which act faster and at greater scale than humans, raises the stakes considerably.
Human.tech's architecture addresses this at the protocol level rather than through operational policy. The WaaP model keeps a user's key share local, while a decentralized network operates the co-signing share under zero-trust conditions, meaning no single party, including Human.tech itself, can unilaterally move funds. The company states the system is designed to evolve toward full decentralized key management through integration with Ika Network, which operates a parallel multi-party computation network on Sui.
The Regulatory Clock Is Running
The timing of this launch is not incidental. The EU AI Act will be fully applicable on 2 August 2026, with transparency rules and core high-risk system requirements taking effect on that date. Among those requirements is a hard obligation on human oversight. Under Article 14, high-risk AI systems must be designed in a way that allows humans to effectively oversee them, with the goal of preventing or minimizing risks to health, safety, or fundamental rights.
This creates a compliance problem for anyone deploying AI agents in financial contexts within or serving the EU. The regulation does not specify what technical mechanism must enforce human oversight, but it is clear that the obligation falls on deployers. Key obligations taking effect in August 2026 include requirements around risk management, data governance, human oversight, and accuracy, alongside penalties for non-compliance that can reach EUR 35 million or seven percent of worldwide turnover. An agent with unchecked wallet access operating in that environment is an obvious compliance liability.
Human.tech positions Agentic WaaP as a solution to that liability, not just a product feature. The Privileges system creates an auditable record of what the agent was authorized to do, while the approval flow for higher-risk actions creates a documented instance of human-in-the-loop control. Whether regulators will accept that mechanism as satisfying Article 14's requirements is a question that will likely take years of enforcement guidance to resolve, but it is a more defensible architecture than relying on developer-written limits with no cryptographic enforcement.
What the Company Brings to This Problem
Human.tech is not entering this space without an existing base. The company's Human Passport product, which handles proof-of-personhood verification for blockchain applications, has more than three million users and over 175 ecosystem partners. The underlying infrastructure has reportedly protected more than $500 million from sybil attacks (coordinated fake-account fraud) and is secured by over $3 billion in restaked ETH, a mechanism where Ethereum validators put their stake at risk to provide economic security to other protocols.
That existing infrastructure gives the company a distribution advantage. Developers already building on Human Passport have a reason to adopt WaaP for agent deployments on the same platform, rather than integrating a separate custody solution. The company has stated that Agentic WaaP is available for developers with no API key requirement, which lowers the initial friction for experimentation. El Damaty framed the product's positioning clearly:
The wallet is no longer something you open. It is something that acts for you. But that only works if the human remains root authority. Agentic WaaP is the first wallet infrastructure where AI agents earn autonomously, and every action traces back to a human who authorized it, enforced by cryptography, not trust.
The scope of the secret management layer is also broader than crypto wallets alone. Human.tech states the two-party custody model extends to bank accounts, API keys, and root authority privileges for other sensitive systems, which suggests the company is positioning WaaP as general-purpose agent security infrastructure rather than a crypto-specific product.
Final Thoughts
The broader race to build agentic wallet infrastructure is competitive. Coinbase launched its Agentic Wallets on the x402 protocol in February 2026, and BNB Chain deployed infrastructure for autonomous agent payments on February 4, 2026, including the ERC-8004 standard that creates verifiable on-chain identities for AI agents. What differentiates Human.tech's approach is the emphasis on user-controlled constraints enforced cryptographically, rather than developer-controlled limits enforced through code. That distinction may seem technical, but it has real consequences: code limits can be changed by developers; cryptographic key splits cannot be bypassed without the user's device.
The Telegram-based approval flow is practical but also reflects a design choice worth scrutinizing. Real-time notifications for high-stakes actions are useful, but the user experience of approving or denying agent actions on a mobile device, potentially for a fast-moving DeFi position, introduces its own risks. A user who approves without understanding the action, or who misses a notification during a market event, is still a human in the loop, but not necessarily a well-informed one. The quality of that oversight matters as much as its existence.
What Human.tech is building is genuinely useful infrastructure for a transition that is already happening. The question is whether the industry will adopt cryptographic oversight mechanisms voluntarily before August 2026, or whether it will wait for regulators to define the standard and then scramble. Human.tech is placing its bet on the former.
Don’t forget to like and share the story!