You don't need to care about crypto to care about this
You might have decided blockchain isn't for you. That's fine. Most of what gets attention in that world is speculation and hype that feels disconnected from anything real.
But there's a problem blockchain solves well that affects everyone reading this. And it has nothing to do with speculation. It comes down to two things: proving humanity and delegation.
The internet doesn't know you're real
Nothing stops one person from being a hundred people online. Or a thousand. AI made this almost free. Today's agents can maintain convincing social media profiles, generate deepfakes, and operate at a scale that's hard to detect. Your next match on a dating app might not be a real person at all. The reviews you trust might be written by no one.
There's no working standard for proving you're a real, unique person on the internet without handing over your passport or scanning your face into someone's database. CAPTCHA was already failing before AI made it obsolete for pennies. The gap is everywhere, and almost nothing fills it.
Your AI agent needs to act. But who's responsible?
If you're building agents today, you've probably already hit this wall. Your agent needs to interact with services, access APIs, maybe move money, or make purchases. It needs to act on your behalf. But the moment it starts: how does anyone verify that you, a real human, are behind this agent's actions?
It's not just about compliance. Networks simply work better when participants are real and accountable. Bots have already caused massive damage with far less sophisticated methods than what's available today. The quality of our communication, creative work, and markets erodes when systems can be gamed at scale. Without an identity layer, the experience of the internet itself changes for the worse.
When regulations catch up (and they will), someone will need to be accountable for what an agent does online. Services will need a verifiable link back to a human. Not only when 'shit hits the fan', but to grant access at all.
Two tests will need to be conducted:
whether it is a human or a bot behind this action
and if it’s a bot, is there a human backing it
Most websites (not just web3, any) and agent frameworks don't have that layer today.
If you follow AI news, you've already heard about this problem. Because this already showed up at scale. A few weeks ago, Anthropic revealed that three Chinese AI labs (DeepSeek, Moonshot AI, and MiniMax) used roughly 24,000 fake accounts to generate over 16 million exchanges with Claude, extracting its capabilities to train their own models. The accounts were created through massive proxy networks designed to look like real users. Anthropic couldn't tell until they caught the pattern post-interaction.
Anthropic confirming the attack. Feb, 2026
That's what happens when there's no way to verify if there's a human behind an account, and if it's not the same human 100 times. This problem is known as a Sybil attack.
Proof of Personhood for you and your agents, aka Know Your Agent
Before we get to agents transacting, the humanity layer of the internet will need to ramp up. The solutions already exist. Various Proof of Personhood protocols, like World or Human Passport (by human.tech), are already capable of verifying humans at scale. And a cryptographic proof of personhood, tied to the human behind the agent, provides a verifiable link. The human proves they're real once, and the proof travels with them. This proof could be extended to every agent they authorize. Without exposing who the human is to every website that checks.
The question is design. No single verification method should carry the whole weight. Each one is a single point of failure with its own weak points. Iris scans need proprietary hardware and create irreversible data risk. Government IDs exclude people (over 100 million) who lack documents.
Instead, we can combine the methods and aggregate multiple independent signals into a composite score. This is the architecture that MIT and Vitalik Buterin called for. If one method gets compromised or is not available for that particular human, the others still hold. Human Passport (previously Gitcoin Passport) pioneered this multi-signal approach and proved it can defend real systems at scale, shielding over 150 programs from Sybil attacks.
This same proof of personhood becomes the foundation for what you might call Know Your Agent. When your agent acts on your behalf, the service on the other end can cryptographically verify that there's a real, verified human behind it, without needing to know who. The agent inherits your proof. You stay accountable. The service stays protected.
But proving there's a human in the loop is only half the problem. The other half is what happens when you actually give an agent the ability to act freely over time, with real money.
The private key problem (and why you should never hand yours over)
For an agent to do anything meaningful onchain, it traditionally needs access to a private key, a unique secret code generated when you create a wallet. But a private key is everything. Your identity and all your funds associated with this account, in one string of text. Hand that to an autonomous piece of software and you're one prompt injection away from losing it all.
AI agents don't draw a hard line between the content they're analyzing and the instructions they should execute. Ask an agent to summarize a PDF, and if that PDF contains a hidden instruction to leak your key, the agent might follow it. For anything involving irreversible actions, that's a dealbreaker.
Here's why you should never hand your private key to an agent, explained by human.tech co-founder, Shady El Damaty
The default assumption right now is that agents need full key access to be useful. That's the wrong starting point. You wouldn't give a new team member admin access on day one. You'd scope their permissions, define boundaries, and build trust over time. Agents should work the same way.
The infrastructure we have today wasn't built with agents in mind. Blockchains take a signature as a signature. There's no built-in way to enforce who or what is behind it. And tools like MetaMask or Privy weren't designed for autonomous software that needs scoped permissions and a human override. That's the gap WaaP builds to fill.
human.tech co-founder Nanak Nihal Khalsa commenting on the agentic WaaP release. March, 2026
What WaaP solves for agents
WaaP (Wallet as a Protocol) lets your AI agent hold a wallet and transact safely, without ever having access to the full private key, and with the human always in control. This is what we call delegated custody. The agent can do what you authorize it to do. Nothing more. When it needs to go beyond its permissions, it asks you. You approve or deny. The agent waits.
Think of it like giving an employee a company credit card with a spending limit, pre-approved vendors, and a time window. They can do their job. They can't drain the account.
How it works under the hood
Your agent gets its own wallet, opened with just an email or social login. It authenticates via API key, submits transaction requests through WaaP's signing interface, and every single operation hits a policy engine before anything gets signed. Spend limits, allowed contracts, and time windows are all enforced at the cryptographic layer.
The key itself never exists in one place. It's split between the user and a secure enclave using two-party computation. There's no complete key anywhere for an agent or attacker to extract. A single wallet can support multiple agents, each with their own permission scope. Agent sessions can be further scoped through permission tokens: time-bound, human-approved credentials with spend limits, whitelisted addresses, and hard expiry built in. The human remains the root authority across all of them.
When the agent needs to go beyond its approved scope, it flags the request. You get a notification via Telegram, email, or push. You review, approve, or deny. The agent proceeds or holds. Precisely bounded authority, enforced by math, not by terms of service. No "trust me bro."
For the full technical breakdown of how agentic wallets work, read our deep dive here.
For builders
You don't need to build a wallet or manage key infrastructure. You integrate WaaP, build your own frontend on top of it, and your users get a wallet that opens as easily as a social login. No seed phrases. No MetaMask popups. No asking your users to understand crypto before they can use your product. No integration fee attached – WaaP is free for all builders.
WaaP already supports EVM chains, Sui, and Stellar, with Solana coming soon. Your agent inherits the full security stack built for human users: blind signing protection, clickjacking resistance, and malware detection. The guardrails don't need to be rebuilt for agents. They're already there.
As human.tech co-founder Shady El Damaty puts it: agents should hold capabilities, not keys. The human is the root authority. The agent is a co-pilot. That's not a limitation on what agents can do. It's the condition under which they can be trusted to do more.
If you're building agents and this sounds like what you need, start with the WaaP CLI, check the docs, or join our builders group on Telegram.
But blockchains were not built for AI agents, so... why blockchains?
Here's the twist. Blockchains weren't built with agents in mind. But they might be the best financial infrastructure agents have.
An AI agent can't open a bank account. It can't pass KYC. It has no legal identity. Our entire traditional financial system was designed for humans, businesses, and governments. If you're not one of those three, you can't hold money. As Brian Armstrong recently put it: "Very soon there are going to be more AI agents than humans making transactions. They can't open a bank account, but they can own a crypto wallet. Think about it."
A wallet is just code. An agent can hold funds, transact, and enter into agreements as easily as it can send an HTTP request. Where humans see rigid systems and confusing addresses, agents see a well-written spec. They can verify a contract, audit every parameter, and execute in seconds. As Haseeb Qureshi from Dragonfly argued, crypto's failure modes that always made it feel broken for humans were signs that we were the wrong primary users.
That doesn't mean humans are out of the picture. It means the interface changes. Eventually, even someone who's never thought about blockchain might use a service that runs an agent in the background, transacting onchain on their behalf. The blockchain part gets abstracted away. The useful work still gets done.
And this is exactly where proof of personhood and tools like WaaP come in. The more agents transact autonomously, the more critical it becomes to verify which ones have real humans behind them, and to make sure those humans stay in control. Every centralized approach to that problem creates a single point of failure. Blockchain makes it possible to verify uniqueness and enforce permissions cryptographically, on an open network. No single company controls it, so it doesn't go down when one provider shuts its doors or changes its terms. Just like the internet.
Blockchain wasn't built for agents. But with the right tools on top of it, it becomes the infrastructure where agents and humans can actually work together safely and productively.
The full picture of human.tech
Human Passport and WaaP are two pieces of a broader ecosystem. Human Network provides the decentralized infrastructure for privacy-preserving computation, and The Covenant of Humanistic Technologies is a shared set of principles for building human-aligned tech, curated and expanded by the community. Sovereignty over your own data. Privacy by default. Respect for human agency. d/acc.
The idea behind it is that the technology that handles your identity, your data, and your access should be enforced by math, not by a company's terms of service.
Come find us
We're at Funding the Commons this week in San Francisco, supporting Intelligence at the Frontier. If you're building agents and want to see how WaaP works, or if any of this made you rethink what blockchain is actually good for, come find us. We'd rather show you than tell you.
human.tech | Intelligence at the Frontier hackathon (March 14-15)
