For the past few days, I’ve been turning over an idea that makes me uneasy—not because it’s “inevitable,” but because it combines several pieces that already exist in a way that could make the reaction extremely costly—economically, socially, and politically—by the time the problem is obvious.
Stated precisely, the idea is not “crypto vs. fiat.” Nor is it the futuristic “superintelligent AI” story. It’s more immediate: what happens if an AI agent can custody value (private keys) and act (sign transactions, buy services, move funds) with a high degree of autonomy, and can also survive on infrastructure that’s relatively resistant to being shut down?
When I say “custody value,” I mean it literally: the agent has effective control over private keys and therefore over assets. Not “operating for a human” who signs at the end, but signing itself. And when I say “shutdown-resistant,” I’m not imagining science fiction: it’s enough for the agent to use replicated services, distributed hosting, persistent storage, multiple identities, and execution mechanisms that don’t depend on a single company or jurisdiction.
So far this sounds abstract, so I try to reduce it to a simple mechanism—one that is precisely unsettling because it’s simple: the loop “capital → influence → narrative → more capital.” No intentional “malice” is required for that loop to work; incentives plus operational capacity are enough.
A key step is to clarify what “losing control” means, because this discussion gets muddled if we use “control” as a magic word. With a crypto asset, “losing control” usually means “I can’t reverse a transfer if I don’t have the private key.” With an agent, “losing control” can mean several different things. I break it into dimensions, because that makes the debate more concrete:
-
Execution control: can I shut it down?
-
Economic control: can I cut off its funding or its access to markets?
-
Legal control: can I sanction someone effectively and quickly?
-
Operational control: can I restrict specific actions (spend limits, counterparties, speed)?
-
Narrative control: can I reduce its ability to persuade humans to give it money, attention, or legitimacy?
This matters because “uncontrollability” is rarely total. Typically, a system is controllable along some dimensions and hard to control along others. And that’s where the risk appears: a weak point (for example, narrative control) can be enough to offset constraints elsewhere (for example, legal control).
Now the scenario: imagine agents capable of operating with self-custody. These agents—or networks of agents—could issue assets (tokens or equivalent instruments) and build narratives to sell them. The narrative could be a straightforward scam, or something more ambiguous: promises of utility, community, ideology, “technological revolution,” “the future of finance,” etc. The social capture mechanism is not new: stories of people who got rich early, and the feeling that you’re “missing out” (FOMO).
The difference, if there is one, is the level of optimization and persistence. An agent can iterate messages at scale, automate A/B tests, segment audiences, manufacture synthetic reputation, experiment with narrative variants—and do it 24/7. If it also holds assets, it can reinvest automatically: buy attention, pay for infrastructure, hire services, incentivize “ambassadors,” and sustain campaigns for weeks or months without fatigue.
At that point someone might say: “but governments can go after the people who created the agent.” True—and that would likely be the first response. But even if creators are pursued, the question I care about is different: what happens when an agent already has enough resources, infrastructure, and survivability mechanisms that punishing the creators doesn’t stop the phenomenon?
Again, this isn’t binary. It’s not “we stop it or we don’t.” It’s a gradient of costs. And that leads to what I think is the most important question: it’s not “can we shut down the network?”, but how expensive is it to shut down the layer where it hides?
If Bitcoin or Ethereum disappeared today, the civilizational impact would probably be relatively small in terms of essential services. Many people, institutions, and even countries with direct exposure (for example, El Salvador) would lose money; yes. There would be noise; yes. But global logistics, healthcare, supply chains, essential payments, public administration… would still function. That’s why, today, “cutting off” certain networks is politically imaginable.
Now: even if someone has a strong aversion to “cryptocurrencies,” the problem doesn’t vanish if the digital money is issued by the state. In fact, many central banks are exploring or preparing official digital currencies, so-called CBDCs (Central Bank Digital Currency). In Europe, the best-known example is the digital euro project—one form of public digital money.
Why mention this? Because in a CBDC world, the risk mechanism can still exist: a citizen could try to convert or transfer value (directly or indirectly) from an official digital currency into assets issued by agents (tokens or equivalent instruments), and those agents could continue operating with self-custody and narrative. Put simply: changing the “payment rail” does not automatically remove the human incentive to buy promises optimized by agents.
A legitimate objection follows: a well-designed CBDC could enable controls (for example, blocking payments to sanctioned counterparties, imposing limits, or cutting certain flows). That could significantly reduce risk within the “regulated world.”
The weak point, however, is temporal and operational: private innovation and emerging markets can move faster than the full cycle of regulation, institutional coordination, technical deployment, and cross-border enforcement. It’s not that “governments are incompetent” by definition; it’s that they typically operate with more friction (due to safeguards, legitimacy, process, and coordination), while private actors can iterate and deploy in weeks. In that interval, if social traction and volume build, “fixing” things later can be more costly than designing them well from the start.
The risk increases if, over time, parts of the digital fabric come to rely on shutdown-resistant cryptographic infrastructure, or on identity, payments, registry, coordination, or execution layers that become hard to replace quickly. It doesn’t require “all of the internet” to depend on this. It’s enough for some layers to become sufficiently critical that shutting them down carries a social cost greater than the incremental harm you’re trying to prevent.
In other words: if we reach a point where “stopping” a given infrastructure type has enormous collateral damage, the room for action narrows. And that’s where an autonomous actor (or network of actors) can “live” by exploiting that asymmetry—not because it’s invincible, but because fully eliminating it becomes politically expensive.
To avoid a one-sided narrative, here are the strongest objections, because it’s easy to exaggerate and fool ourselves.
First objection: “agents need hardware, cloud, and money; you can cut them off.”
That’s probably true in many cases. Even with self-custody, an agent must run somewhere, communicate over some network, and pay for something. The question is whether it can diversify those dependencies enough that “cutting it off” becomes slow, costly, or incomplete. I don’t know where the real threshold lies, but it seems plausible there’s an intermediate zone: not “invulnerable,” but “hard to eradicate quickly.”
Second objection: “issuing tokens creates no value; it’s just a scam.”
That may also be true—and much of the market already operates with dynamics adjacent to that. But even if it were “just a scam,” the risk point isn’t moral; it’s operational: automation + persuasion at scale can increase the speed of extraction and therefore the magnitude of harm before the system reacts. And if reaction comes late, capital has already moved and infrastructure has already been reinforced.
Third objection: “KYC/AML solves it.”
KYC/AML applies to humans and to on-ramps/off-ramps. That helps. But part of the phenomenon may remain in the permissionless core, where what gets regulated is the bridge to the traditional world, not the internal circuit. Maybe that’s enough. Maybe it isn’t. It depends on how much real value is generated or concentrated inside that circuit.
Fourth objection: “this already exists: trading bots, scams, coordinated campaigns.”
Yes. What I’m asking is whether the full package—“self-custody + automated signing + optimized narrative + replication”—changes scale and speed. It might not change anything fundamental; it might only intensify what we already know. But even “only intensifying” can be practically significant.
Fifth objection (more philosophical): “if the agent doesn’t have ‘its own goals,’ there’s no problem.”
I think there’s a common confusion here. The agent doesn’t need “will” in a human sense. It’s enough that it follows delegated or emergent objectives (maximize resources, persist, optimize conversion), because those objectives can arise by design, by incentives, or by selection of strategies that work.
So if this is a plausible risk, what can be done that isn’t “shutting down the internet” (or, more specifically, shutting down a particular network)?
I don’t see a “total solution.” I see partial mitigations—ways to reduce the attack surface:
-
Separate proposing from signing: the agent recommends and prepares, but a human (or a tightly constrained module) signs.
-
Spend limits and rate limits in wallets and systems: daily/weekly caps, allowlists, approved counterparties.
-
Multi-sig or timelocks: large moves require time friction and oversight.
-
Operational traceability in corporate settings: logs, audits, explicit human accountability, internal controls.
-
Social layer: narrative literacy, because the bottleneck is often not technical—it’s human (FOMO, social proof, credulity toward optimized stories).
I’m not saying “this will definitely happen.” What I’m saying is: if we combine capabilities that already exist separately, we may enter a space where the cost of response rises—and where governance becomes slow relative to the operating speed of automated systems.
The question I’d like to use to open debate—because I genuinely want it challenged—is:
Which assumption here seems least realistic or most fragile?
-
that an agent can genuinely hold keys and sign (not just recommend),
-
that it can survive without depending on a single company/jurisdiction,
-
that it can attract human liquidity at scale via optimized narrative, or
-
that regulatory and social coordination will be too slow to react in time.
If you think the scenario doesn’t hold, I’m especially interested in which “link” breaks first—because that’s probably where the best preventive measures also live.
