🔥BTC/USDT

Ledger launches open source AI wallet controls

Ledger has released Ledger Agent Stack, an open-source software platform designed to let artificial intelligence agents interact with digital wallets and blockchain systems without giving those agents final control over transactions. The platform allows AI bots to check balances, prepare swaps, review wallet activity and suggest on-chain actions, but every transaction still requires physical approval from the wallet owner through a Ledger hardware device.

The launch places Ledger in the middle of one of the digital asset industry’s most important technical debates: how far AI agents should be allowed to go when handling money, credentials and blockchain activity. While several wallet and software providers are experimenting with automated agents that can recommend or initiate crypto-related actions, Ledger is taking a more restrictive approach by keeping execution behind a human-controlled hardware confirmation process.

Under the model, AI can help users move faster, but it cannot independently move funds. Ledger said the system ensures that every transaction is verified inside secure hardware before it can be completed. That requirement is intended to reduce the risk of unauthorized transfers, malicious prompts, compromised software, or automated mistakes that could otherwise result in lost assets.

The company is positioning Ledger Agent Stack as a bridge between automation and custody. It gives developers and traders access to AI-driven workflows while preserving a traditional security principle in crypto custody: private keys should not be exposed to internet-connected software, and final approval should remain under the control of the wallet owner.

Human confirmation remains the core safeguard

The central feature of Ledger Agent Stack is the separation between suggestion and execution. AI agents can analyze activity, prepare transaction data, and interact with blockchain tools, but they cannot complete a transfer on their own. The final step must be confirmed on a Ledger device, meaning the user must physically review and approve the action.

That design addresses a growing concern around “agentic” software, a term used for AI systems that can take action on behalf of users. In finance and digital assets, such systems raise difficult questions because small errors can have immediate and irreversible consequences. A mistaken order, a corrupted instruction, or a malicious prompt can lead to asset movement that cannot be reversed through a bank, payment processor, or customer service desk.

Ledger’s approach limits AI agents to an advisory and preparation role. A bot may identify a token balance, generate a transaction request, or prepare a swap, but it cannot sign and broadcast that transaction unless the hardware wallet owner approves it. In practical terms, the AI can stand at the counter and fill out the form, but it cannot open the vault.

The company said this model is intended to reduce error exposure and unauthorized activity while still allowing developers to build faster, more automated tools. Traders who rely on scripts, dashboards, portfolio tools, or automated research systems could use AI to handle repetitive tasks without granting those systems full signing authority.

A response to AI security risks

Ledger is releasing the product at a time when AI security has become a major concern across software, finance and crypto. AI agents are increasingly being connected to APIs, trading tools, password managers, cloud infrastructure, and blockchain wallets. Those connections can improve productivity, but they also widen the attack surface.

According to data cited by Ledger, about 26.1% of known AI agent capabilities contain at least one security flaw. The company is using that figure to argue that AI systems should not be given unchecked authority over sensitive credentials or digital assets. Ledger also points to the broader cybersecurity problem of human error, saying roughly 60% of cybersecurity breaches are linked to manual mistakes.

The company’s conclusion is that neither people nor automated systems are safe enough on their own. Human users can copy the wrong address, approve the wrong request, or fall for phishing attempts. AI agents can be manipulated by bad prompts, poisoned data, flawed permissions, or compromised integrations. Ledger is promoting a hybrid structure in which software handles speed and scale, while humans retain the final power to approve or reject critical actions.

That balance is becoming more important as traders add AI tools to their daily workflows. Automated programs can scan markets, summarize wallet activity, prepare transactions, and monitor blockchain conditions around the clock. But if those programs also hold direct signing rights, a software failure or security breach can quickly turn into a financial loss.

How the toolkit works

Ledger Agent Stack is open source, allowing developers to inspect the code, build integrations, and adapt the system for different applications. The toolkit is designed to connect Ledger hardware devices with automated workflows, including AI agents that use structured instructions to interact with wallets and blockchain systems.

The company said the toolkit includes four command-line tools that allow programs to read past wallet activity and prepare actions while blocking hidden attempts to drain linked accounts. The idea is to give software enough access to be useful, but not enough access to move assets without a human decision.

This structure is especially relevant for automated trading environments, where scripts and bots often interact with wallet infrastructure. In many setups, private keys or signing permissions may be stored in software environments so that transactions can be executed quickly. That convenience can create serious risk if the machine, script, cloud service, or AI model is compromised.

Ledger’s system seeks to remove that direct path. AI agents can still gather information and create transaction proposals, but they must pass the transaction to a hardware device for verification. The device displays the transaction details, and the user must physically confirm before anything is signed.

The company said this protects against both direct theft and more subtle forms of manipulation. For example, a malicious instruction could try to make an AI agent approve a bad swap, send tokens to a fraudulent address, or expose sensitive account information. By requiring hardware confirmation, the system adds a final checkpoint outside the control of the AI system.

Security beyond crypto wallets

Ledger said the technology is not limited to cryptocurrency transactions. The company is extending its hardware-based security model to broader authentication use cases, including developer and productivity platforms.

The system builds on Ledger’s long-running support for the OpenPGP encryption standard. OpenPGP is widely used to secure communications, software signing keys, credentials and identity-related workflows. Ledger said its devices can be used to secure API keys and AI agent credentials for both financial and non-financial applications.

The company also said its hardware can be used for secure authentication with services such as GitHub, npm and 1Password. In those cases, access would require confirmation through the physical device before a credential or protected action is approved. That could make the toolkit useful for software teams that want to connect AI agents to development infrastructure while keeping sensitive credentials away from fully automated systems.

Developers can connect Ledger devices to automated workflows by using open-source Markdown instructions published by the company. Those instructions are intended to make it easier for teams to integrate hardware confirmations into AI-driven systems without relying on closed or proprietary documentation.

The broader goal is to prevent AI agents from holding unchecked access to API keys, private keys, deployment credentials, package publishing rights, or password vaults. In software development, a compromised credential can be just as damaging as a compromised wallet. It can allow attackers to publish malicious code, tamper with repositories, or access internal systems.

Partners begin using the platform

Ledger said partner companies including MoonPay and Shisa.ai have implemented the new toolkit. Their involvement suggests that early use cases may include payments, wallet interactions, automation, and AI-assisted blockchain activity.

The company also said the setup was tested across more than 1,000 automated programs during a private trial last month. Ledger did not provide full technical details of the trial in the material reviewed, but said the tests were designed to evaluate how AI agents could interact with hardware-backed approvals across different workflows.

The release also follows a global challenge that drew 50 college entries from eight countries to explore new uses for the technology in freight shipping. While that use case sits outside the usual crypto wallet conversation, it highlights Ledger’s effort to frame hardware-backed validation as a general digital trust tool, not only as a method for storing digital assets.

Freight shipping can involve multiple parties, documents, checkpoints, payments and identity requirements. AI agents could help automate parts of those processes, but critical actions still require reliable authorization. Ledger appears to be using such examples to show that secure agent workflows could apply to logistics, software development, finance and identity systems.

The company has also launched incentive programs to encourage developer adoption. It has posted a $5,000 reward through a college-focused network and introduced a $10,000 prize pool in New York to encourage builders to create safer connections for open finance applications. The rewards are aimed at attracting younger developers and security-focused teams to experiment with hardware-bound AI workflows.

Part of Ledger’s 2026 AI roadmap

Ledger Agent Stack is part of the company’s wider AI roadmap for 2026. Ledger said future updates are expected to add identity checks, execution governance and “proof-of-human” verification features later in the year.

Those planned additions point to a larger security framework. Identity checks could help confirm who is requesting an action. Execution governance could define which actions an AI agent is allowed to propose, under what conditions, and with what approval levels. Proof-of-human tools could help distinguish between a person approving a transaction and a fully automated system attempting to simulate user consent.

Such features may become more important as AI agents become more capable. A simple chatbot that summarizes wallet balances poses limited risk. A connected agent that can read accounts, prepare trades, interact with decentralized applications and manage credentials creates a much more serious control problem.

Ledger’s approach suggests that the company expects AI agents to become common in digital finance but does not expect users or institutions to trust them with unrestricted signing rights. Instead, the company is building around the idea that AI should operate inside boundaries enforced by hardware.

A shift in wallet design

The release marks a shift in how wallet infrastructure is being discussed. For years, the main focus of hardware wallets was private key storage. Users bought hardware devices because they wanted to keep keys offline and reduce exposure to malware. The rise of AI agents is expanding that security question from key storage to decision control.

The new problem is not only where the key is stored, but also who or what is allowed to request a signature. If AI software can repeatedly generate transaction requests, users need a way to verify that those requests are legitimate, understandable and intentional. A secure chip can protect the key, but the approval flow must also protect the user from approving a harmful action generated by compromised or manipulated software.

Ledger’s answer is to keep the approval process visible on the hardware device. The device becomes the final checkpoint between automated preparation and irreversible execution. For traders running complex systems, that creates friction, but it also reduces the chance that a background process can quietly drain funds.

This issue is likely to become more urgent as traders rely on automation during active market periods. Fast-moving markets can encourage users to grant scripts more authority in order to save time. Ledger is arguing that direct signing rights should be limited or removed from daily scripts, especially when those scripts interact with AI models or third-party services.

Company background and market position

Ledger was founded in 2014 and is based in Paris. The company became known for hardware wallets used to secure Bitcoin, Ethereum and other digital assets. Over time, it has expanded beyond crypto custody devices into broader digital security products, including identity, authentication and enterprise tools.

The company is also reportedly preparing for a potential public offering that could value it at more than $4 billion. A listing would come as the market for digital asset infrastructure becomes more focused on security, compliance, authentication and institutional-grade controls.

Ledger Agent Stack reflects that broader direction. Rather than treating hardware wallets only as storage tools, Ledger is presenting them as security anchors for AI-enabled digital activity. The company’s message is that automation will continue to grow, but critical permissions should remain tied to hardware-backed human approval.

For traders, developers and software teams, the release underscores a simple but increasingly important rule: AI can accelerate decisions, but it should not be able to independently authorize the movement of valuable assets or sensitive credentials. As more financial and operational systems connect to AI agents, tools that separate recommendation from execution may become a standard part of digital security architecture.


Explore how blockchain and AI converge in trading—discover automated strategies with AI Agent TradeKit for smarter, safer execution.

Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.

Sign up and trade to earn over 15,000 USDT
Sign up