5 properties of agent custody

your AI agent can write code, book flights, manage a calendar. now hand it a wallet. suddenly we are back to "trust me bro" with a hot key. agent frameworks are everywhere. agent custody is nowhere. the gap between what agents can do and what agents can safely hold is the most dangerous problem in AI infrastructure right now. here are five properties every agent wallet needs. if your agent is missing any of them, you do not have custody. you have a liability. 1. non-drainable no single key compromise should drain the wallet. most agent wallets today give the agent a private key. or they custody it on a server. either way, one compromise and the funds are gone. the fix is threshold signing. split the key into shares. require 2 of 3 (or 3 of 5, or any t of n) to produce a valid signature. the agent holds one share. a policy service holds another. a recovery key sits in cold storage. FROST is one way to do this. 2PC-MPC is another. the mechanism matters less than the property: no single p