Coinbase is rolling out a new tool that hands execution power to AI agents. The claim is simple. The scope is not.

According to Decrypt, the Coinbase product lets “AI agents execute crypto trades, payments, and portfolio management tasks within user-defined limits.” That sentence matters because it frames the real question for operators and security teams. Not whether an agent can do actions. Whether the system can keep those actions inside boundaries users and Coinbase set.

What Coinbase says the tool can do

Decrypt’s report is brief, but it specifies three buckets of work the agent can handle:

  1. Crypto trades.
  2. Payments.
  3. Portfolio management tasks.

The key constraint is “user-defined limits,” meaning Coinbase is positioning the product as policy-bounded execution rather than fully autonomous trading. The devil will sit in how those limits are defined and enforced in practice.

Why “user-defined limits” is the main risk question

In crypto, limits sound reassuring until you test edge cases. A tool can comply with a limit in one dimension and still create risk in another. Decrypt does not provide details on the limit types, such as per-trade caps, frequency throttles, allowed markets, or maximum net exposure.

The practical takeaway. The more flexibility users give the agent, the more likely the tool turns into a fast lane for mistakes. The fewer knobs users can control, the more the “limits” are effectively Coinbase defaults, even if they are technically user-configurable.

Coinbase’s framing suggests it expects users to set boundaries. The reader consequence is that onboarding and configuration become part of the security model, not an afterthought.

Agent execution raises infrastructure and policy questions

Decryption doesn’t add operational details in the snippet provided. But any trading and payments execution layer needs to answer questions that usually decide whether an “agent” is safe or just convenient.

For example.

  • If the agent submits orders, what execution venue and order handling rules apply.
  • How the system handles failures during trade or payment workflows.
  • Whether the agent can retry actions and how those retries interact with limits.
  • How Coinbase validates intent against the user’s permitted constraints.

Without those specifics, the product reads like an API concept with an AI wrapper. That can still be useful. It just changes where risk lives, from model output to execution governance.

What to watch when the tool moves from pitch to practice

Decrypt only states the capability and the boundary concept. There’s no mention here of launch date, supported assets, geographic availability, custody model, or how users grant and revoke permissions.

So the items worth demanding next are the ones that define real-world safety:

  • The shape of “user-defined limits.” Which limits exist and how granular they are.
  • The enforcement method. What happens when a requested action hits the boundary.
  • Permission controls and how quickly they can be changed.
  • Audit visibility. What records the user can review to understand what the agent did.

If Coinbase keeps the scope constrained and the limits strictly enforced, this can look less like autonomous trading and more like workflow automation. If not, it risks turning user policy into paperwork.

At this stage, the only safe conclusion from Decrypt’s report is that Coinbase is moving execution responsibilities toward AI agents while claiming boundary enforcement via user-defined limits.