Mapping the Agentic AI Infrastructure Landscape

Want an accurate map of the unchartered agent-infrastructure landscape? Read the replies on the recent article A16z posted on X – The missing infrastructure for AI agents: 5 ways blockchains can help.

Among the competing voices seeking to bring clarity, three cut through:

Your points 1, 4, and 5 converge on the same gap, and it's not identity.

Identity tells you who the agent is.
Authorization tells you what it's allowed to do.
Evidence proves what it actually did.

Your article calls for "cryptographic guarantees," "execution logs," and…

— Manny (@lordzenith0) April 21, 2026

Onchain governance without pre-execution control is theater. Whoever controls the runtime still controls the outcome.

— ATBASH (@ATBASHai) April 21, 2026

good framing. the part that doesn't get enough attention: governance by agents only works if the AI layer itself is auditable and user-portable
decentralized voting on top of a centralized model stack isn't actually decentralized. it's a UI

— Katrina (@kukaisuperfly) April 23, 2026

Read those three together and you have the diagnosis the original A16z piece points at. 

“In the end, governing AI systems is really an infrastructure challenge, not a policy one. Real authority depends on building enforceable guarantees into the system itself.”

• You can register an agent on ENS
• Anchor it in ERC-8004
• Give it a Treebeard score
• Route its payments through Spritz
• Store its memory on Filecoin
• Adjudicate disputes through GenLayer.

Every layer in that stack runs in software the agent’s runtime already controls. Whoever owns the runtime owns the outcome.

Ledger published its 2026 AI Security Roadmap on April 14, and, because it’s based on a hardware root of trust, it offers a unique alternative within this crowded field of software-based solutions.

The Reality Of Ledger’s Root Of Trust

Now, many misread Ledger’s value in this conversation based on the “human oversight capacity collapse” framing. This logic assumes the only hardware option requires a human pressing a button on every agent action. That is not what Ledger is offering to the Enterprise market (and soon to be rolled out to retail).

What we built is this: 

• The human sets the policies, but the Hardware Security Module (HSM) enforces that policy on every agent action thereafter.
• Agents act autonomously, at machine speed, inside the policy. 
• When an action falls outside the policy, the human signs that specific action on hardware. 
• Two ways to be in the loop. 
• Both anchored in hardware. 
• Autonomy and security, not autonomy or security.

As we move into a world where Enterprises employ more agents than people, we are looking for companies and teams who would like to get an early start on this new product from Ledger. Please contact Ledger Enterprise if you are interested.

Agentic AI Infrastructure: Ledger’s Position

So, where does Ledger sit relative to the thread A16z kicked off?

Above us, complementary. ENS, ERC-8004, BAP-6174, DIDs, x402, MCP, NEAR Intents, Filecoin, Treebeard. Whichever identity standard, payment rail, or trust score wins, the secure element underneath stays the same.

Anchor any of those layers to a hardware root of trust and they finally have the enforceable guarantee the a16z piece is asking for.

Below us, unanswered. Runtime control. The thing ATBASH, Katrina, and Manny each circle. Software agents cannot enforce on themselves what they are allowed to do. The HSM can.

Also of interest!: One open-weight LLM team has shipped the pattern at the developer scale. shisad, the agent security daemon from Shisa AI in Tokyo, features Ledger as the trusted-display signer for the highest-risk tier of approvals. The full story is its own post (also coming soon).

Read the a16z piece. In the middle is a simple truth that aligns with what Ledger has been saying for years, “The only security is by design. Security theatre is not security.”

Read Ledger’s AI roadmap. Then come back to that line. Real authority is built into the system, not bolted on. Hardware is what makes built-in possible.

Humans sign the policy. Hardware enforces it. Agents run inside.

ian c rogers,
Chief Human Agency Officer, Ledger