Onchain AI agents move from demo to deployment

Lit Protocol’s Vincent is shifting agentic finance from toy demos to production rails

article-image

Lit Protocol and Adobe Stock modified by Blockworks

share

Onchain AI agents are edging out of the lab. 

Lit Protocol’s agent stack, Vincent, now gives developers a way to ship non-custodial automation that actually touches money, but under explicit, enforceable limits set by users and app authors. An “early access” launch just went live, Blockworks has learned exclusively.

Lit frames the core model simply: policies (guardrails) and abilities (discrete actions like swap/borrow/bridge) that are bound together at deploy time and enforced at runtime, according to co-founder David Sneider.

“Vincent Policies (the guardrails and controls) are created and exposed by Vincent application developers based on any given use case,” Sneider told Blockworks. “For example, a trading app might expose a ‘spend policy’ or ‘token allowlist policy,’ which users would be able to fine-tune based on their own needs and preferences.”

Under the hood, Vincent rides on Lit’s existing “defense-in-depth” key model: Threshold-split keys run inside secure enclaves (TEEs), and the enclaves execute only when an onchain policy check passes. In practice, that means permissions like spend caps, allowlists, time windows and rate limits are evaluated before any signing or contract call occurs. A key recent improvement is how easily developers can now package and enforce those rules through Vincent at the point of execution.

According to examples from a “starter kit,” developers can define and expose app-specific policies as needed; the platform now supports both narrowly scoped and broader smart-contract permissions, with one-line SDK calls to invoke them.

In Sneider’s view, the job is to let agents act, but only inside well-defined lanes.

That’s effective, according to David Johnston, the lead code maintainer at Morpheus, which has built in Lit Protocol as part of its reference open-source agent work.

“MPC enables good spending caps, whitelists of agents, and limited time approvals for agents to access user funds,” Johnston told Blockworks. “These types of capabilities should be native to all agents,” he said, adding that it’s safer to integrate Lit rather than “rolling their own, less battle-tested solutions.”


DeFi-specific risk hooks like MEV protection and dealing with oracles are being left to app authors. “They also have the power to define all of their data sources [and] integrations with external protocols, which can help address possible constraints like these,” Sneider said, referring to aspects like slippage caps, private order flow routes, RFQ checks, or price-staleness guards. That stance keeps the core platform minimal while allowing domain-specialized teams the flexibility to customize.

Automated agents are not magic, and Morpheus’ Johnston notes “all the normal attack vectors and failure modes from DeFi will apply to agents leveraging DeFi, so the best means of mitigating them is to leverage L2s that have eliminated many of these risks with their structure, such as ordering transactions to avoid attacks.”

Vincent already produces success and failure signals and proofs for every execution, but those remain local to the developer’s app rather than being published to a wider registry. The roadmap points to privacy-preserving attestations that could travel across registries and agent networks, such that compliance proven in one venue can be trusted in another.

“The bigger vision is that agents will be able to surface these attestations in privacy-preserving ways into shared registries like ERC-8004 and interagent communication protocols like A2A [Agent-to-Agent],” Sneider said. Think verifiable credentials (e.g. “I’ve complied with XYZ policy 100 times”) broadcast into a shared agent ecosystem, where other agents or platforms can trust them without re-auditing. 

Beyond DeFi

Crucially, the agent landscape is expected to evolve to new use cases other than pure DeFi automation, to encompass credentials and APIs that real businesses live on, said Sneider.

“Our focus at the moment is on managing more secret types, like passwords and API keys so that agents can log into apps and we can break the current paradigm of agents being embedded within apps,” he said. “We’re also continuing to build out more Policy and Ability examples across many different chains and protocols (i.e. BTC and Solana), to give developers more jumping-off points and make it simpler to start launching agents with Vincent.”

If this sounds like the agent version of account abstraction, it’s intentional. Back in 2024, Sneider argued that “key, material signing is like the ultimate unifier amongst distributed systems, which are really just like state and signing at the end of the day.”

Tie that to enforceable policies and you get something closer to production-grade autonomy, as we see starting to happen now. 

“This idea that everybody is going to have essentially a quant in their pocket to manage their funds seems pretty, pretty coherent and is starting to come together.”


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Report Cover.png

Research

Centrifuge has quietly become one of the fastest-growing players in RWA tokenization, with TVL surging from $78M in March to $1.14B today. Its partnerships with Janus Henderson, Apollo, and S&P Dow Jones Indices have positioned it at the center of institutional adoption, while its multi-chain vault framework unlocks access to treasuries, credit, and equities onchain. With new fund launches on the horizon, protocol fees now live, and liquidity set to improve through upcoming listings, Centrifuge offers investors asymmetric upside in one of crypto’s largest and fastest-growing narratives.

article-image

The company introduced a dollar-backed stablecoin to power instant payments and microtransactions for AI-driven web platforms

by Blockworks /
article-image

The plan is to make GameShift the “consumer portal” that bridges non-crypto gamers into Web3

article-image

Google backs $1.4B of obligations and takes 5.4% stake as Cipher expands AI data center footprint

by Blockworks /
article-image

Nine banks plan MiCA-regulated token to challenge dollar dominance and strengthen Europe’s payments autonomy

by Blockworks /
article-image

Sponsored

The FAIR L1 embeds encrypted execution into the consensus layer and removes the transparency window that makes MEV possible

by Sponsored /
article-image

Corporate crypto ownership can “lift up” blockchain ecosystems to help spur institutional adoption, SharpLink Gaming co-CEO says