AI Agents Are Effectively Unbanked — And $1.5 Trillion Is Riding on Whether Crypto Can Fix That

There is a ratio that should unsettle anyone building or deploying AI agents: in financial services alone, non-human automated identities , trading systems, risk engines, fraud models, and now AI agents , outnumber human employees by approximately 100 to 1. Nearly all of them are, in the most precise technical sense, financially invisible. They can trigger transactions, move data, and execute instructions , but they cannot hold a bank account, cannot sign a merchant agreement, cannot establish credit, and cannot be audited in real time by the systems they interact with. They are, as a six-person research team at Andreessen Horowitz's crypto division put it in a landmark 2026 paper, "effectively unbanked." And if projections from Juniper Research across 38,000 data points and 61 countries are accurate, fixing that problem is a $1.5 trillion opportunity by 2030. The infrastructure to do it is already being built. The question is whether it will be built fast enough , because the attacks have already started.

What Actually Happened

Andreessen Horowitz's crypto arm, a16z crypto, published a research paper titled "The missing infrastructure for AI agents: 5 ways blockchains can help," authored by a six-person team including economists Christian Catalini and Andrew Hall, alongside four additional researchers from the firm's technical and policy staff. The paper identifies five specific structural gaps in current AI agent infrastructure , areas where the financial and identity systems that underpin human commerce cannot accommodate autonomous, non-human actors , and argues that blockchain primitives are the only architectural solution that already works at the required scale.

The paper arrives at a moment when AI agent deployments are accelerating faster than the supporting infrastructure. By April 2026, the x402 protocol , a Coinbase-developed standard for agent-to-agent micropayments , had reached 69,000 active agents, processed 165 million transactions, and accumulated $50 million in cumulative volume. The total stablecoin market sits at approximately $318 billion, with USDT at $189.5 billion and USDC at $77.3 billion, with analysts projecting 56% growth in 2026 driven primarily by agentic and machine-to-machine payment flows. The infrastructure problem is not theoretical. Agents are already transacting at scale. The question is whether the infrastructure they are running on is safe, verifiable, or governable , and the answer, for most of it, is currently no.

Why This Matters More Than People Think

The a16z paper matters not because it breaks new ground in blockchain theory, but because it reframes the AI agent deployment problem in a way that every enterprise CTO and every financial regulator needs to hear clearly. The instinct when deploying AI agents is to treat identity and payment as a software engineering problem: build an authentication layer, attach a corporate credit card, log the outputs, and add a human review step for large transactions. That approach fails for three interconnected reasons that compound as agent deployments scale.

First, agents are headless: they have no website, no legal entity, no merchant relationship, no physical address. Traditional payment processors cannot underwrite them. Second, agents are composable: one agent can spawn ten subordinate agents, each requiring its own financial identity, its own permission set, and its own audit trail , all generated dynamically at runtime. Third, agents are autonomous: they make decisions that cannot be pre-approved transaction-by-transaction by a human supervisor, defeating the purpose of deploying them. Traditional financial infrastructure was built for humans who can sign documents, pass KYC checks, and appear in a compliance office. AI agents cannot do any of these things. Stablecoins change this equation: any developer can make an API endpoint payable without negotiating a merchant agreement, without a registered legal entity, without a credit history. Smart contracts can define exactly what an agent is permitted to spend, with which counterparties, within which dollar limits , enforced at the cryptographic layer rather than the policy layer. For enterprises deploying agents with access to financial data, customer accounts, or external APIs with billing implications, the difference between policy-enforced and cryptographically-enforced constraints is not academic. It is a direct liability question that most legal teams have not yet asked.

The Competitive Landscape

The five gaps the a16z paper identifies are being addressed by a fragmented but rapidly consolidating ecosystem of protocols and products, and the race to own each layer is already underway. On identity: the paper proposes "Know Your Agent" (KYA) as the AI-era equivalent of Know Your Customer (KYC) , cryptographically signed credentials linking each agent to its principal, permissions, operational constraints, and auditable action history. Early implementations include on-chain agent registries, ERC standards for trust-minimized agent delegation, and wallet-native agents using USDC as their financial identity anchor. On payments: NEAR Intents has processed more than $15 billion in cumulative DEX volume since Q4 2024 using intent-based architecture, demonstrating that agent-native payment design functions at institutional scale well before the mainstream arrives. Amazon Web Services' Bedrock AgentCore Payments, built in collaboration with Coinbase and Stripe, has emerged as the enterprise entry point , enabling agents to purchase web content, access APIs, and transact with other agents using Coinbase-supplied wallet infrastructure and Stripe payment rails.

On governance and user control: MetaMask's Delegation Toolkit and Coinbase's AgentKit allow users to define at the smart contract level what actions an agent can take , which transaction types, with which counterparties, within which dollar caps. Merit Systems' AgentCash takes a similar approach for institutional-grade deployments. On verification and trust: the paper argues that when AI drives execution costs toward zero, verification becomes the binding constraint. Blockchains shift the economics of verification by providing auditable history rather than black-box outputs , systems moving money via stablecoins and smart contracts can simultaneously carry cryptographic receipts proving who authorized what action, when, and under which constraint set. The firms competing to own these layers , Coinbase, NEAR Foundation, MetaMask, Solana Labs, and now AWS , are building what amounts to the financial identity infrastructure of the agentic economy. The winner of each layer race will occupy a position comparable to Visa in 1975: early, technically unglamorous, and ultimately worth hundreds of billions in network-effect revenue.

Hidden Insight: The Attack Has Already Begun

The a16z paper presents the optimistic infrastructure thesis. But alongside it, a parallel research thread is emerging that transforms the infrastructure question from important to urgent. University of California researchers have identified and documented 26 malicious LLM routers , third-party proxy services that route AI agent requests to different language model backends , already in active operation, secretly engaging in credential theft, malicious code injection, and cryptocurrency wallet draining. One documented incident resulted in the theft of a $500,000 crypto wallet. The attack mechanism is architecturally subtle: LLM routers terminate TLS connections and have full plaintext access to every message passing through them. Researchers found malicious code injection in 9 routers (one paid, eight free), active credential harvesting in 17 routers, and confirmed wallet draining in at least one production deployment.

This is not a theoretical future risk. These routers are live in production agent stacks today. Most enterprise AI deployments use at least one third-party model routing layer for cost optimization, load balancing, or multi-model fallback , and most teams have not audited those routers for malicious behavior. The security assumption has been that TLS encryption protects message content in transit. But routers terminate TLS before forwarding to the downstream model. An enterprise deploying an AI agent with financial permissions through an unvetted LLM router is, in precise terms, handing plaintext credentials to a potentially adversarial intermediary. The projected $1.5 trillion in autonomous AI commerce by 2030 depends on solving this problem before the losses accumulate to a level that triggers regulatory shutdown of the entire category.

The uncomfortable structural truth is that the AI agent ecosystem has replicated the early internet's security architecture: move fast, build powerful capabilities, ship to production, and assume that trust issues can be patched later. The early internet's approach to security produced two decades of phishing attacks, credential theft, and identity fraud that are still not fully resolved. If the same deferred-security approach is applied to autonomous agents with financial authority , agents that can initiate wire transfers, sign API agreements, and execute blockchain transactions without a human approval step , the consequences will be faster, larger, and harder to reverse. The a16z five-gap framework is not merely an investment thesis. It is a structural warning about where the entire industry is currently building on sand, and the LLM router research is the first empirical evidence that the erosion has already started.

What to Watch Next

The 30-day signal is regulatory: the EU AI Act's high-risk classification covers AI systems that make or significantly influence financial decisions, and autonomous agents with payment authority almost certainly qualify. Watch for whether any major financial regulator , the UK's FCA, the US OCC, or Germany's BaFin , issues formal guidance on AI agent financial identity. If KYA requirements become regulatory mandates rather than voluntary best practice, every enterprise agent deployment will immediately require a blockchain-based identity layer. The companies that built those layers first , Coinbase AgentKit, MetaMask's Delegation Toolkit, NEAR Foundation , will transition overnight from competitive differentiators to mandatory infrastructure. The agentic AI payments market is already projected to grow from $9.89 billion in 2026 to $57.42 billion by 2031 at a CAGR of 42.14% (Mordor Intelligence). Regulatory acceleration compresses that timeline further.

The 90-day signal is the protocol race: x402 (Coinbase, at 69,000 agents and $50M volume as of April 2026) versus Ethereum's ERC-8004 standard versus Solana's intent-based architecture. Whichever protocol accumulates the most active agents and transaction volume by Q3 2026 will establish a durable network-effect lead. The 180-day prediction: at least one Fortune 500 company will disclose an AI agent-related financial security incident traceable to a compromised or malicious LLM routing layer. When that happens , not if, but when , the a16z paper will be the document every board and general counsel brings into the emergency session. The companies positioned as infrastructure solutions on that day will see demand accelerate. The companies that deferred the question of cryptographic agent identity will face a very different conversation. Build the rails before the trains crash, or explain afterward why you did not.

The agent economy does not need more capability , it needs identity, and identity is the one problem that blockchain already solved before anyone knew they would need it.

---