Securing Your Agents With A Hardware Root of Trust: Ledger’s 2026 AI Security Roadmap

AI Agents are our current and future co-workers. AI is powerful and collectively we want to harness that power for usefulness. Humans will orchestrate that work. As Balaji Srinivasan said, “AI is middle-to-middle but humans are end-to-end.” AI will handle a tremendous amount of work for us in the middle, but humans will guide and verify at endpoints throughout the process. 

Yet we are facing what Marc Andreesen called “The Computer Security Apocalypse”. To be useful, agents need access to resources like Email/Calendar, Logins/Credentials, Browser/Web Extensions, Files/Databases, Command Line/CLIs, Credit Cards/Crypto Wallets and much more. Access to these resources introduces the “lethal trifecta“:

1. Prompt injection
2. Autonomous execution
3. Access to real resources

A useful AI could easily be tricked into sending your secrets to a malicious actor.

Even an apparently benign action like reading a file, searching the web, or checking email can be the entry point for a chain of destructive consequences. The agent doesn’t have to be the attacker. It just has to be compromised mid-task. A malicious webpage, a poisoned document, a hijacked MCP response ; any of these can redirect an autonomous agent toward something catastrophic, starting from an action that looked routine.

The solution is not to run away, it’s to lean-in and use Ledger to keep humans secure and in-the-loop.

I joined Ledger five years ago as the Chief Experience Officer, a title meant to start a conversation about improving the user experience in crypto, and never forcing users to make a trade off between ownership and security. Since I joined, Ledger has introduced the first secure touchscreens with Ledger Stax, Ledger Flex, and Ledger Nano Gen5. These Ledger signers, along with Ledger Wallet 4.0 are the most comprehensive, easiest-to-use security devices on the planet.

Five years ago we already knew at Ledger that crypto was the first step towards a greater journey of providing that same secure infrastructure for digital identity, or what we now call Proof of You. Humanity spends more and more of their time within a digital world, where their memories, value, and access is controlled by fewer centralized platforms, with hacks and phishing attempts increasing on a daily basis. Ledger’s mission is not only a nice to have, but an essential part of daily life for individuals and institutions around the world. 

With the Ledger consumer business for crypto in a truly great place, I needed to bring that same attention to the critical issue of the role humans play in AI, and the rights humans have to controlling their value and identity in an increasingly always-online world. I’ve spent my career at the frontier of technological innovations, some of which are painfully difficult to adapt at the start. Here we are again!

I am taking on a new role at Ledger, Chief Human Agency Officer, a title meant to start a conversation about what it means to keep humans secure and in-the-loop as verifiers in our agentic future. Ledger’s OS and Open Development environment are the perfect solution for agent developers and operators, and this year we will bring you the toolset to securely create and operate agents without losing control, backed by Ledger’s hardware root of trust.  

<TLDR>

The Announcement: Ledger is launching a comprehensive security stack for AI Agents throughout 2026. While AI agents need access to money, credentials, and identity to be useful, software-only security is insufficient for production-grade risk.

Ledger is bridging this gap by bringing hardware-anchored security to the agentic economy. This includes Agent Identity, Ledger CLIs and Skills (Q2 2026), Agent Intents and Policies (Q3 2026), and Proof of Human (Q4 2026). Our Device Management Kit is available now, as demonstrated by Moonpay’s new Ledger-secured agent integration.

Join us at Ledger HQ tonight for the Agents Anonymous and OpenClaw Meet-Up during Paris Blockchain week where we will demonstrate Ledger Skills, CLI and Koda, the tool powering our agentic development at Ledger.

</TLDR>

Last October 2025, I stood on a stage and said:

“An agentic future is coming. But an agentic future where we give agents our logins, credit cards, and identities is a security nightmare.”

Silence. Stares. “Yeah yeah, security guy. We know, you’re paranoid.” If anyone heard what I said, it wasn’t the slightest bit obvious.

It’s shocking how different the response is just a few months later. Every conversation about autonomous agents and the future of work is now accompanied by a security warning.

At its core, Ledger’s bet is simple: digital private property is real, and you have the right to own and control it. That belief has driven everything we’ve built for over a decade. When we started in 2014, the problem was crypto: how do you let someone truly own a digital asset, not just hold an IOU? The answer was a hardware root of trust.

The agent economy raises the exact same question. Your agents will hold your API keys, your credentials, your identity, and your money. Who authorized that action? How does your agent know it was really you? Am I talking to the agent I think I am? We believe ownership and control must be grounded in hardware. A secure element doesn’t care if the surrounding software is compromised. The signing boundary still holds. Human approval still holds.

In 2026, Ledger is building the security layer that ensures autonomy doesn’t come at the cost of control.

Available Now: The Device Management Kit (DMK)

You don’t have to wait for the future to start securing your agents. The Device Management Kit is available today, allowing agents to leverage Ledger hardware for human-in-the-loop approval.

Moonpay has already built a production example of this, integrating Ledger signing into their AI agent wallet to ensure that while the agent identifies opportunities and proposes trades, the private keys remain confined to the hardware and every transaction requires a physical button press.

The 2026 Roadmap

Ledger is building a suite of security primitives specifically for AI developers and agent operators. Each one addresses a distinct infrastructure gap.

Q2 2026: Identity and Tooling

• Agent Identity: Hardware-anchored identity for your agents. Instead of a spoofable software string, your agent gets a real identity and wallet anchored to Ledger hardware and registered on-chain. This provides verifiable provenance for every agent in your fleet.
• Agent Skills & CLI: We are providing programmable access to Ledger’s full wallet stack (send, swap, earn, monitor) and hardware-derived secret management via the Ledger Keyring Protocol. These capabilities will be discoverable by AI coding tools through Skills documented in the AGENTS.md and SKILL.md formats, available via npm and documented at developers.ledger.com.

Q3 2026: Authorization and Governance

• Agent Intents: A human-in-the-loop approval layer. Agents propose actions, and you review them on a Trusted Display. You confirm with a physical button, ensuring the agent never sees or touches a private key.
• Agent Policies: Safe autonomy through hardware-enforced rules. You define the boundaries (e.g., “Spend no more than $500/day” or “Only interact with these three smart contracts”). These rules are enforced inside a HSM; if an agent attempts an action outside these bounds, it is automatically routed back to the human for approval.

Q4 2026: Attestation

• Proof of Human: As agents become indistinguishable from humans, platforms need a way to verify the “principal” behind the curtain. We are delivering progressive attestation to prove that a real, unique individual is behind an agent interaction, preventing multi-accounting and bot-spam at the hardware level.

The Questions Every Agent Developer Is Facing

Building a production agent that touches real value raises questions that software alone cannot answer:

1. Am I talking to the agent I think I’m talking to? (Solved by Agent Identity)
2. How does my agent know it is actually me issuing a command? (Solved by Proof of You/Human)
3. How can my agent work autonomously but keep me in the loop for what matters? (Solved by Agent Intents)
4. How do I govern a fleet of agents? (Solved by Agent Policies)

Think of it this way: the agent logic, the model, and the tools live in the software layer. But the moment that agent proposes to do something consequential, Ledger is the layer that ensures the right human authorized it.

Compute is moving to the edges, but freedom comes with responsibility. Ledger has been working on the security infrastructure for this for twelve years. We built it for crypto. It turns out we built it for this.

If you are building in this space and need a security partner, we look forward to collaborating with you.

---

ian c rogers
Chief Human Agency Officer, Ledger