Security in the AI Agent Era

If I had a time machine, I’d go back and tell 1992 me, “The Command Line will be sexy in 2026.”

1992 me would never believe it, yet here we are.

I was on stage at SXSW in Austin last week with CoinDesk’s Brian Keoun for a discussion about AI and security. Here’s the Reader’s Digest version of our talk:

If I had a time machine, I’d go back and tell 1992 me, “The Command Line will be sexy in 2026.”

1992 me would never believe it, yet here we are.

I was on stage at @sxsw in Austin yesterday with @CoinDesk’s @Liqquidity for a discussion about AI and security.

Here’s the… pic.twitter.com/8xBtP4C5fR

— ian c rogers (@iancr) March 15, 2026

A lot of people still think agents such as OpenClaw are hype. I think that’s like saying Netscape was hype because we already had AOL, CompuServe, and Gopher.

What OpenClaw and tools like it have done is make something click for normal people the same way the web did in the 90s. ChatGPT showed people that AI could bring them information in a more satisfying way than Google. Agents are the next step. They do work. You can delegate work to them.

That is a very different world.

For me, the definition is simple: an agent is AI that can use tools. The second it can use tools, it has access to value. That could be your logins, your data, your API keys, your identity, your money, your credit card, your crypto wallet.

And that means the real problem is security.

My own OpenClaw agent is incredibly productive. He has shipped code, handled feedback, fixed bugs, and generally been more useful than a lot of software people imagined was possible this early.

He has also crashed his own gateway 487 times in a row, which is kind of like giving yourself food poisoning.

He tells me things are done before they’ve passed code review. He apologizes. Then he does it again.

That is not a criticism. That is just reality. These things are powerful, useful, intelligent in a very real sense, and non-deterministic. You cannot leave precious information with something non-deterministic and call that a plan.

Future humans are orchestrators of agents.

Not everybody, not in every case, but for a huge number of knowledge workers, that is where we are going. Just like in the 1990s, people couldn’t imagine that their work would someday mostly happen sitting in front of a computer, many people today cannot yet imagine that their job will be to delegate, supervise, and validate the work of agents.

Which is why proof matters so much.

If my agent is talking to Amazon’s agent, how do I know it’s really Amazon’s agent?

If my agent is taking an action on my behalf, how does it know I am really me?

If an agent has access to secrets, how are those secrets scoped, protected, revocable, and auditable?

Those are not edge-case questions. Those are the product.

This is why the move from securing crypto to securing agents at Ledger feels so natural. Ledger hardware is fundamentally designed to protect information, not share it. Crypto was an incredible first use case because it involved digital value. Agents are the next one because they also involve digital value, just in more forms.

MoonPay recently announced Ledger support in their CLI wallet, which is a great example of where this is all going. More command-line tools, more agent-accessible tools, more automation, more leverage, and therefore much more need for deterministic guardrails around non-deterministic systems.

the security and control of @Ledger

the payments and ramps infrastructure of MoonPay

now compatible with the Agentic Economy via a simple CLI

live now for agents everywhere

🤖🔐🤖🔐 pic.twitter.com/IH7RJ9Lv9M

— MoonPay 🟣 (@moonpay) March 13, 2026

That can mean provenance. It can mean approval queues. It can mean secure handling of secrets. It can mean different permissions for different stakes. Asking an agent if my flight is on time is one thing. Letting it remove files from my hard drive or move money is another.

Humans become validators. But validation without security is nonsense.

One thing I’ve learned after a few platform shifts is that you can often know the direction of travel while getting the specifics totally wrong. In 2002, I was convinced the future of music was subscription at about $10 a month. I was right about the direction. If you had told me the company that cracked it would come from Sweden, I would have told you that you were out of your mind.

That is how this feels now.

The direction of travel is clear: future humans will orchestrate agents.

The cost of building has collapsed. The means of production are now in the hands of individuals in a way we have never seen before. What has not collapsed is the cost of trust.

That’s the problem.

And it’s a very big one.

If you’re building agents, don’t treat security like a feature.

It’s the foundation.

For more on how we’re addressing this, check out the recent piece from Ledger Chairman and CEO, Pascal Gauthier, Revenge of the Atoms.

---

ian c rogers

Chief Experience Officer, Ledger