MetaMask opens Agent Wallet to govern AI agents in DeFi

MetaMask opened early access on June 8, 2026, to Agent Wallet, a self-custodial product that lets software agents execute transactions across decentralized finance while users retain their private keys and set rules for agent behavior. Agents connect through a command-line interface and can perform swaps, trade perpetuals, participate in prediction markets, provide liquidity and interact with EVM-compatible chains and Hyperliquid.

The product places a policy layer in front of agent activity. Users create agent-specific wallets that operate only within boundaries defined in advance, including daily or rolling outflow limits, protocol and address allowlists, and escalation rules for human approval. In the server-wallet configuration MetaMask describes two public operating modes. Guard Mode, the default, applies limits and allowlists and requires two-factor approval for transactions flagged as malicious, outside policy or needing a higher limit. Beast Mode is opt-in for advanced users and reduces interruptions; developer documentation notes that transactions judged malicious or risky still require two-factor approval in that mode.

MetaMask says every Agent Wallet transaction is simulated before execution and routed through Blockaid threat scanning and Smart Transactions MEV protection where supported. Transactions that pass those checks may be eligible for conditional Transaction Protection coverage, subject to eligibility terms in MetaMask materials.

The system moves the approval boundary from a manual signature on each step to pre-set policies and post-hoc checks. MetaMask’s documentation requires an agent to pause for human approval when a transaction routes to a non-allowlisted contract, exceeds limits, touches flagged addresses or is classified as malicious.

The design aims to address known failure modes while introducing new security surfaces. A high outflow limit or a broad allowlist can allow wide agent authority. Repeated approval prompts can produce user fatigue. Malicious contracts can be concealed within otherwise acceptable routes, and prompt or content injection can steer an agent toward unintended actions before a transaction is built.

Analysts and governance guidance referenced in MetaMask materials recommend continuous monitoring, enforced guardrails, rollback mechanisms, circuit breakers and clear behavioral ownership as agent autonomy increases. MetaMask will use early access to observe how users set defaults and policies when real funds are at risk and how often Guard Mode restrictions are maintained or relaxed.

The World Economic Forum projects growth in the AI agents market from $5.4 billion in 2024 to $236 billion by 2034. MetaMask plans to evaluate Agent Wallet during early access to see how policy controls operate in live user settings.