An onchain AI agent is a software system that uses blockchain execution as part of its action path. It can route inputs, call tools, and trigger state changes through smart contracts, which makes the agent’s authority and audit trail part of the security model, not just the model itself.
Expanded Definition
An onchain AI agent is not defined by “using blockchain” in a generic sense; it is defined by whether the agent’s execution path includes smart contracts that can verify, constrain, or commit actions on a ledger. That distinction matters because the agent’s authority is partly encoded in wallet permissions, contract logic, and transaction finality, not just in the model prompt or tool layer. In practice, onchain AI agents often sit at the boundary between offchain inference and onchain execution, where they may propose, sign, relay, or trigger actions that change state. This makes them a special case in agentic systems governance, as discussed in the OWASP Agentic AI Top 10 and the NIST AI Risk Management Framework. Definitions vary across vendors on whether the agent must directly submit transactions or merely orchestrate them, so the scope should be stated explicitly in architecture reviews. The most common misapplication is calling any blockchain-enabled chatbot an onchain AI agent when it has no contract-level authority or state-changing execution path.
Examples and Use Cases
Implementing onchain AI agents rigorously often introduces latency, transaction cost, and irreversible-action constraints, requiring organisations to weigh automation speed against auditability and recovery limits.
- A treasury agent prepares a token rebalance, then submits a smart-contract transaction only after policy checks and multisig approval.
- A DeFi operations agent monitors protocol risk, reads onchain conditions, and executes a hedge through a pre-approved contract wrapper.
- A compliance agent records policy decisions onchain so downstream reviewers can verify which inputs led to a state change, a pattern aligned with lessons from the AI LLM hijack breach.
- A DAO governance agent drafts proposals, but only a bounded contract call can move them from recommendation to execution.
- An incident-response bot pauses a contract or revokes a role after anomaly detection, using controls informed by the NIST AI Risk Management Framework.
NHI Management Group has shown how quickly exposed credentials can be operationalized in agentic environments, including the finding that attackers may attempt access within minutes of public AWS key exposure; that speed makes onchain permission scoping especially important. See LLMjacking: How Attackers Hijack AI Using Compromised NHIs and AI Agents: The New Attack Surface.
Why It Matters in NHI Security
Onchain AI agents elevate NHI risk because the relevant identity is no longer only the human operator or the model endpoint. The binding controls are the agent wallet, signer, contract role, delegated permission set, and any offchain secret that can authorize a transaction. If those elements are over-privileged, compromised, or poorly rotated, the resulting action may be immutable and externally visible in a way that complicates containment. This is why the OWASP NHI Top 10 and the MITRE ATLAS adversarial AI threat matrix are both relevant: one frames identity and secret exposure, the other frames adversarial manipulation of agent behaviour. NHIMG research reports that 80% of organisations say their AI agents have already performed actions beyond intended scope, while only 52% can track and audit the data those agents access, which is a direct warning for systems that can trigger ledger changes. Organisations typically encounter the operational consequences only after an unauthorized onchain action, at which point the agent’s permission model and transaction trail become unavoidable to investigate.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers secret and credential exposure that can authorize agent wallets or signers. |
| OWASP Agentic AI Top 10 | AA-03 | Addresses tool-use and action-authority risks in autonomous agent execution paths. |
| NIST AI RMF | Defines risk governance for AI systems whose outputs can trigger consequential actions. |
Bound every contract call with policy checks, approvals, and transaction-level audit logging.
