Table of Contents
Fetching ...

Autonomous Agents on Blockchains: Standards, Execution Models, and Trust Boundaries

Saad Alqithami

TL;DR

This survey addresses the challenge of safely integrating autonomous AI agents with public blockchains by introducing a five-pattern taxonomy of agent–blockchain integration, a threat model tailored to on-chain workflows, and a comparative capability matrix of 20+ systems across 13 dimensions. It argues that secure agent-to-chain systems require defense-in-depth: programmable wallets (account abstraction), intent-based execution, policy enforcement, simulation/previews, and thorough observability. The paper then proposes a 2026 roadmap centered on two abstractions—the Transaction Intent Schema (TIS) and the Policy Decision Record (PDR)—to standardize goal specification and auditable policy enforcement, and outlines a reproducible evaluation suite for safety, reliability, and economic robustness. The work emphasizes standardization and governance as prerequisites for scalable, trustworthy autonomous blockchain automation with broad adoption in DeFi, treasury management, and governance contexts.

Abstract

Advances in large language models have enabled agentic AI systems that can reason, plan, and interact with external tools to execute multi-step workflows, while public blockchains have evolved into a programmable substrate for value transfer, access control, and verifiable state transitions. Their convergence introduces a high-stakes systems challenge: designing standard, interoperable, and secure interfaces that allow agents to observe on-chain state, formulate transaction intents, and authorize execution without exposing users, protocols, or organizations to unacceptable security, governance, or economic risks. This survey systematizes the emerging landscape of agent-blockchain interoperability through a systematic literature review, identifying 317 relevant works from an initial pool of over 3000 records. We contribute a five-part taxonomy of integration patterns spanning read-only analytics, simulation and intent generation, delegated execution, autonomous signing, and multi-agent workflows; a threat model tailored to agent-driven transaction pipelines that captures risks ranging from prompt injection and policy misuse to key compromise, adversarial execution dynamics, and multi-agent collusion; and a comparative capability matrix analyzing more than 20 representative systems across 13 dimensions, including custody models, permissioning, policy enforcement, observability, and recovery. Building on the gaps revealed by this analysis, we outline a research roadmap centered on two interface abstractions: a Transaction Intent Schema for portable and unambiguous goal specification, and a Policy Decision Record for auditable, verifiable policy enforcement across execution environments. We conclude by proposing a reproducible evaluation suite and benchmarks for assessing the safety, reliability, and economic robustness of agent-mediated on-chain execution.

Autonomous Agents on Blockchains: Standards, Execution Models, and Trust Boundaries

TL;DR

This survey addresses the challenge of safely integrating autonomous AI agents with public blockchains by introducing a five-pattern taxonomy of agent–blockchain integration, a threat model tailored to on-chain workflows, and a comparative capability matrix of 20+ systems across 13 dimensions. It argues that secure agent-to-chain systems require defense-in-depth: programmable wallets (account abstraction), intent-based execution, policy enforcement, simulation/previews, and thorough observability. The paper then proposes a 2026 roadmap centered on two abstractions—the Transaction Intent Schema (TIS) and the Policy Decision Record (PDR)—to standardize goal specification and auditable policy enforcement, and outlines a reproducible evaluation suite for safety, reliability, and economic robustness. The work emphasizes standardization and governance as prerequisites for scalable, trustworthy autonomous blockchain automation with broad adoption in DeFi, treasury management, and governance contexts.

Abstract

Advances in large language models have enabled agentic AI systems that can reason, plan, and interact with external tools to execute multi-step workflows, while public blockchains have evolved into a programmable substrate for value transfer, access control, and verifiable state transitions. Their convergence introduces a high-stakes systems challenge: designing standard, interoperable, and secure interfaces that allow agents to observe on-chain state, formulate transaction intents, and authorize execution without exposing users, protocols, or organizations to unacceptable security, governance, or economic risks. This survey systematizes the emerging landscape of agent-blockchain interoperability through a systematic literature review, identifying 317 relevant works from an initial pool of over 3000 records. We contribute a five-part taxonomy of integration patterns spanning read-only analytics, simulation and intent generation, delegated execution, autonomous signing, and multi-agent workflows; a threat model tailored to agent-driven transaction pipelines that captures risks ranging from prompt injection and policy misuse to key compromise, adversarial execution dynamics, and multi-agent collusion; and a comparative capability matrix analyzing more than 20 representative systems across 13 dimensions, including custody models, permissioning, policy enforcement, observability, and recovery. Building on the gaps revealed by this analysis, we outline a research roadmap centered on two interface abstractions: a Transaction Intent Schema for portable and unambiguous goal specification, and a Policy Decision Record for auditable, verifiable policy enforcement across execution environments. We conclude by proposing a reproducible evaluation suite and benchmarks for assessing the safety, reliability, and economic robustness of agent-mediated on-chain execution.
Paper Structure (336 sections, 5 figures, 7 tables)

This paper contains 336 sections, 5 figures, 7 tables.

Figures (5)

  • Figure 1: PRISMA 2020-style flow diagram summarizing the systematic search and screening process used in this survey.
  • Figure 2: Monochrome six-stage agent action pipeline. The top row shows core stages, the middle row summarizes common integration interfaces, and the bottom row highlights typical control points. Dashed arrows denote feedback loops; dotted arrows indicate optional multi-agent roles. Account-abstraction execution paths are commonly mediated by bundlers and smart accounts buterin2021erc.
  • Figure 3: Five agent--blockchain integration patterns as a progression across interface planes (data, decision, policy, custody, coordination). The figure is an overview model; later subsections detail each pattern’s mechanisms, threat surface, and representative systems.
  • Figure 4: Threat model for agent--blockchain systems. Solid arrows show nominal data/control flow; dashed arrows indicate representative attack classes aligned to major trust boundaries.
  • Figure 5: Reference architecture for a Transaction Intent Schema (TIS) and a Policy Decision Record (PDR) stack. The architecture separates the planner (agent), verifier (policy engine), and executor (signer / submission layer) to enable defense-in-depth.