Your AI Will Need a Wallet

Pull out your wallet. Now pull out your agent's. The leather one has plastic, paper, and a Starbucks card with $4.13 on it. The cryptographic one has tokens, attestations, and memberships sitting on a dozen different blockchains. At every transaction, every door, every gated API, someone has to read across all of them and answer one question. Yes or no.

Pull out your wallet. The leather one. The one that's been in your back pocket since 2017 and is now shaped like the curve of your hip.

Open it up.

You'll see a driver's license. Maybe a passport card. Two or three credit cards, one for travel, one for groceries, one for emergencies. A health insurance card. A Costco membership. A hotel keycard you forgot to return. Business cards from people whose names you can't remember. Twenty bucks in case the WiFi is down. A folded receipt. A Starbucks card with $4.13 on it.

Each of those things was issued by somebody different. The DMV. The State Department. Visa. American Express. Aetna. Costco. The Hilton. The Federal Reserve. Starbucks.

None of those issuers know about each other. None of them coordinate. They don't need to. They share a piece of leather, and they share you, and that's enough. You carry them. You decide which one to pull out. You walk up to a counter, a doorway, a TSA agent, a bouncer, a checkout, and somebody asks a question. Are you 21? Can you pay? Are you a member? Do you have access? And you flip past the things they didn't ask about and hand over the one they did.

That little ceremony, the can I see your... and the here you go, is the most underappreciated piece of infrastructure in the modern economy. We do it forty times a day and never notice.

We've been doing some version of it for a thousand years.

From the king's seal to a hundred passwords (and back)

A king sent an envoy with a sealed letter. The seal, pressed into wax with a signet ring nobody else could replicate, was the proof. Anyone who recognized the seal recognized the authority behind it. The envoy didn't recite a secret. The envoy carried something. The verifier looked at the something. Decision made on the spot.

That was the model for most of recorded history. Wax seals. Signet rings. Papal bulls. Notarized warrants. Passports stamped by consulates. Driver's licenses issued by states. Credit cards embossed with raised letters. Things you carried, things others looked at, decisions made in front of you.

Then computing happened. Suddenly authority was being checked by a machine that couldn't see your face, couldn't touch a seal, couldn't recognize a signature. So in 1961, at MIT, on the first time-sharing system in the world, we invented the password. A secret string you remembered, that the machine compared against a stored string. It worked beautifully. When each person had one.

You don't have one anymore. The average professional today has 168 passwords and counting. They get reused. They get phished. Google's password manager tells you, every other week, that one of yours has been found on the dark web and politely suggests you go change it on the seventeen sites where you reused it. Every few months a company you barely remember signing up for sends you an apologetic email: we regret to inform you that we have experienced a data security incident. You scan the rest of it for the words you know are coming. Out of an abundance of caution. Complimentary one-year subscription to Experian credit monitoring. You sigh. You add the breach to the pile.

That's the steady state. That's what the password era looks like at scale: a constant low-grade leak that everyone has stopped being shocked by. We bolted multi-factor auth on top, then hardware keys, then biometrics, and the whole tower wobbles every time somebody finds a new way to intercept a code over SMS. The password era is ending the same way it began: a kludge nobody loves but everyone uses, because it's what we have.

What replaces it is, in a sense, the king's seal. Except cryptographic, public-key-verifiable, and impossible to forge with the math we have today. Your wallet, the on-chain one, holds things. Tokens. NFTs. Attestations. Each one issued by a different authority, exactly like the items in your leather wallet, exactly like the seals and stamps and warrants before that. The verifier doesn't ask you to recite a secret. The verifier reads the wallet, evaluates the conditions, and decides on the spot.

It's the seal again. It's just a thousand years older, and a thousand times harder to forge.

And your agent will never type a password. It doesn't have fingers. It doesn't have the kind of memory that holds 168 secrets without one of them leaking. It would be a catastrophic password-handler if it tried. What it will have is a wallet. And the question every counterparty asks of that wallet (does it hold the things our conditions require?) is exactly the question a guard at the medieval gate asked when an envoy rode up.

The mechanism is older than computers. The technology is newer than most living things on earth.

The agents are coming. A lot of them.

Marc Benioff wants Salesforce customers to deploy a billion AI agents by the end of fiscal 2026. Gartner predicts that 40% of enterprise applications will feature task-specific AI agents by 2026, up from less than 5% the year before. By 2028, a third of enterprise software will be agentic, with at least 15% of day-to-day work decisions made autonomously. McKinsey estimates that agentic commerce, agents buying things on your behalf or their own, could orchestrate $3 to $5 trillion in transactions by 2030.

That's not a future. That's four budget cycles away.

These agents won't be browsing the web in a Chrome tab. They'll be checking into hotels, paying for compute, voting in DAOs, joining communities, negotiating with other agents, buying coffee, subscribing to APIs, getting turned away at doors they're not supposed to enter, and getting let into ones they are. They'll need to prove who they represent, what they hold, where they have access, and whether they can pay.

In other words: they'll need a wallet.

What's in an agent's wallet?

It's not leather. It's cryptographic. But the contents are the same shape.

Here's a fairly normal one:

• Payment, fast and cheap. USDC on Base. About a cent to send. Most of the agent's day-to-day spend moves through this rail. If the agent is paying counterparties in regions where USDT is the norm, it also holds USDT on Tron. Same dollar, different chain, different fee structure.
• Payment, store of value. Some BTC on the Bitcoin network. Some ETH on Ethereum mainnet. The agent doesn't move these often, but it holds them because some counterparties demand them.
• Identity-style evidence. A "verified human-operated" attestation issued to the agent's wallet on Base, sitting in the Ethereum Attestation Service registry. A KYC-passed assertion from a regulated provider, also on Base. A "this agent is owned by Company X" attestation, issued on a different chain entirely.
• Membership. A Bored-Ape-style NFT on Ethereum mainnet, which gives the agent access to a community its principal is part of. A DAO governance token on Arbitrum. A Farcaster channel pass, technically on Optimism. A Friends-of-Pudgy NFT somewhere else.
• Access. A token that says "this agent works for this organization," minted on Polygon because it was cheap that week. A subscription receipt NFT on Base that says the agent's API credits are paid through October.
• Loyalty. An SPL token on Solana that the agent's principal earned at a coffee shop. Some SHIB on Ethereum or PEPE on Base, because those holders get discounts at certain merchants and the agent might as well take advantage.

Count the chains. Base. Tron. Bitcoin. Ethereum. Arbitrum. Optimism. Polygon. Solana. That's eight, and we haven't even mentioned XRPL, XDC, Sui, Stellar, Avalanche, or BNB Chain, all of which hold meaningful stablecoin volume and real assets right now.

The driver's license, the credit cards, the membership tags, the keycards. They don't sit together in one leather wallet anymore. They sit on a dozen separate ledgers, each maintained by a different network of validators, each with its own protocol and data format, each one indifferent to the others.

The contents are richer than your wallet. The fragmentation is worse.

The moment of action

Here's where the analogy breaks down. And where new infrastructure has to begin.

When you walk up to a bar, the bouncer asks for one thing. Driver's license. You hand it over. He looks. He hands it back. Done.

When an agent walks up to anything, a checkout, a DAO vote, a gated API, an agent-to-agent session, a regulated marketplace, a tier-pricing decision, the question is rarely about one thing. It's almost always a stack.

• Is this agent operated by a verified human? (Identity attestation on Base.)
• Does it hold the minimum balance for our tier? (USDC on Base, or equivalent on another chain.)
• Does it represent a member of our community? (Membership NFT on Ethereum.)
• Has it been flagged on any compliance registry? (Compliance attestation, somewhere else.)
• Is its API subscription current? (Receipt NFT on Base.)

Five questions. Three or four chains. One moment of action. Milliseconds to answer. And the answer has to be one thing: yes, this agent meets all of those conditions, let it through. Or no, it doesn't, turn it away.

If every merchant, every DAO, every API gateway, every agent-to-agent counterparty has to build that themselves, write the code, run the connections, parse the data from a dozen chain formats, evaluate the logic, do it again next time, the economy stalls. Not because the data isn't there. Because nobody can read across it fast enough, cheaply enough, privately enough, or verifiably enough.

This is the gap. It's not the glamorous part. It's not what gets press when someone announces a new agent. But everything else, the agent's autonomy, its ability to transact, its ability to be trusted by a counterparty it has never met, runs through this checkpoint.

What the bouncer doesn't need to see

When the bouncer at the bar asks are you 21?, you don't open your wallet, dump it on the counter, and let him flip through your credit limit, your insurance card, your business cards, your hotel keycard, and the $4.13 Starbucks balance. You hand him one thing. He looks at the one thing. He hands it back.

Even that isn't perfect. The one thing you handed him is your driver's license. He asked one question, are you 21? He got the answer. He also got your full date of birth, your home address, your height, your eye color, your weight, and (depending on the state) whether you donate organs and whether you wear glasses to drive. He didn't need any of that. The system you grew up with doesn't have a way to answer the actual question without spilling the rest. You shrug. You go inside.

That's the charitable version of how privacy used to work, before anyone got distracted enough to forget what it was for.

The crypto market spent the last few years doing something much worse. The way most token gates work, and still work in the wild, is: the merchant or DAO reads the wallet's full holdings directly on the chain, makes a decision, and moves on. That read is public. Anyone watching the chain sees that the gate operator just looked at that wallet. Anyone who already knew the wallet's address now knows it holds exactly this NFT collection, exactly this much of that token, exactly this membership. The whole handbag, dumped on the counter, every time.

In jurisdictions that take privacy seriously, that's a GDPR problem. In jurisdictions that don't, it's just bad manners. But bad manners at the scale of a billion agents a day stops being bad manners and starts being a surveillance system that nobody asked for.

That's the part of the market we walked into. The market was opening the handbag, dumping it out, and pretending that was a feature. Until we came along.

What we built

We built the thing that lives in that checkpoint. It's called InsumerAPI.

The category is wallet auth, the same way OAuth is a category, except instead of asking "is this user logged in?" it asks "does this wallet meet these conditions?" The primitive is simple: you send the conditions in, we read across 37 blockchains, evaluate them, and return a cryptographically signed yes or no.

Four things matter about that:

It's a primitive, not a platform. There is no key. No password. No bearer token. No long-lived shared secret to steal, replay, or quietly harvest in a breach and exploit years later. The agent's wallet is the access. And the conditions the merchant or counterparty sets determine whether that access opens or closes. The reason static credentials keep ending up on the dark web is that a single compromise exposes long-lived access to everything they unlock. Condition-based verification doesn't store anything of that shape.

It's multichain by default. 37 chains, one request. Every chain on the list above, plus a couple dozen more. Ethereum, Base, Arbitrum, Optimism, Polygon, Solana, Tron, Bitcoin (yes, native Bitcoin, not wrapped), XRPL, XDC, Sui, Stellar, Avalanche, BNB Chain. And twenty-three others. You don't ask us five questions across five chains. You send one request with the full stack of conditions, we read the chains in parallel, evaluate the logic, and return one signed answer. The agent's wallet doesn't move. No tokens get transferred. No private keys get touched. The wallet sits where it is, and the conditions get evaluated against its state.

It's private by design. What comes back is a signed yes or no. Not the wallet's balances. Not its NFT inventory. Not the list of attestations it holds. Not the wallet's date of birth, address, height, or eye color, to extend the analogy. The conditions are hashed into the response so a court or counterparty can verify later that the answer was for exactly this question. But the contents of the wallet stay where they were. The bouncer learns one thing. The bar gets in. The driver's license stays in the pocket. The handbag stays closed.

It's verifiable. Every answer is signed against a public key you can verify offline, with no callback to our service at verification time. A counterparty, a court, or another agent can take the signed response, check it against the published key, and know the bytes weren't altered after the fact. Trust isn't eliminated. It's narrowed. The only thing left to trust is that the issuer evaluated the conditions honestly. Every other authentication system on the market has a much longer list.

This is what we mean by condition-based access. The wallet holds evidence; the conditions ask questions of that evidence; the answer is signed; the contents stay private. That's the whole shape of the thing.

We've written about why agents need this before they pay, about how trust profiles for agents actually work, and about why Coinbase opening Agentic.Market makes this not an academic question but a now-question. Mastercard is drafting an agent-payment standard. NIST is running workshops on agent identity. The standards-body conversations are happening. The shape is settling.

Close the wallet

Open your wallet, close it, put it back in your pocket. You'll use it forty more times today and not think about it once. That's the sign of infrastructure done right. You don't notice it.

Your agent will use its wallet a thousand more times today than you'll use yours. And somebody has to think about it for every one of them.

What we built is that somebody. Not the wallet, the wallet is the agent's, and it sits on whatever chains the agent's principal chose. Not the rules, the rules belong to the merchant, the DAO, the gateway, the counterparty asking the question. We're the thing in the middle. The bouncer at the door who can read every form of ID at once, across the blockchains already in active economic use. And sign a yes or no that anyone in the room can verify, against a published key, without picking up the phone.

The agent walks up. Someone asks the question. We answer it.

That's all the infrastructure of leather wallets ever was. We just rebuilt it for a world where the wallets are cryptographic, the chains are many, and the agents, by every credible forecast, are about to outnumber us.