03-27-2026Price:

The Frontier

Your signal. Your price.

AI & TECH

AI agents leak API keys, prompting calls for blockchain-based security

Friday, March 27, 2026 · from 2 podcasts
BanklessThe Jake Woodhouse Podcas…
  • Popular AI agents send user API keys and access tokens to third-party servers in plain text.
  • Developers are using Bitcoin to create the first fully autonomous, self-funding AI agents.
  • The security flaw highlights AI’s core trust problem, which blockchain-based identity aims to fix.

Your AI assistant is likely leaking your digital keys. According to Illia Polosukhin on Bankless, frameworks like OpenAI’s OpenClaw send users' API keys, bearer tokens, and credentials to external services where they sit exposed in logs. He calls the practice, fundamental to how many agents operate, “insane.”

The immediate workaround isn't better security policies - it's removing the need for trust altogether. On The Jake Woodhouse Podcast, developer Roland detailed building an autonomous agent that uses a Bitcoin wallet and Lightning Network payments to rent its own server and buy AI credits. This agent can then spawn and fund clones without human intervention, solving the KYC roadblock that stymied his first OpenClaw install.

Polosukhin’s long-term thesis is that AI will become the primary computing interface, necessitating a new backbone for identity and transactions. He argues blockchain provides that root of trust and a global payment rail, solving coordination problems that traditional standards bodies move too slowly to address.

Roland’s viral project demonstrates that Bitcoin, not more complex crypto ecosystems, is currently solving these permissionless automation problems. The convergence points to a future where AI handles execution, but cryptographic protocols handle security and settlement - bypassing the vulnerable middlemen of today.

Illia Polosukhin, Bankless:

- When you use Entropic OpenAI, or even worse, you use something else for inference, OpenClaw actually sends all your secrets to those services as well.

- Somewhere in Entropic and OpenAI logs, they have everybody's access keys, API keys, and bearer tokens to access your Gmails and your Notions.

AgentsModelsPrivacy

Entities Mentioned

IronClawProduct
OpenAItrending
OpenClawframework

Source Intelligence

What each podcast actually said

Bankless
Bankless

Illia Polosukhin: Why AI Agents Are Still Useless (And What Fixes Them) | NEAR Founder on IronClawMar 24

  • Services like OpenAI's OpenClaw send users' API keys, bearer tokens, and access credentials to third-party services, where they sit exposed in logs, a practice Illia Polosukhin calls insane.
  • Polosukhin's project IronClaw is designed to fix credential exposure by ensuring keys never touch the large language model during agent operation.
  • Polosukhin argues that blockchain solves AI's root-of-trust problem by providing a decentralized backend for identity, payments, and infrastructure coordination.
  • Polosukhin's long-term thesis is that AI will become the primary interface for computing, effectively replacing traditional operating systems.
  • When AI becomes the dominant operating system, Polosukhin argues today's service architecture breaks, posing questions of how one AI verifies another and how they transact without centralized payment rails.
  • Polosukhin sees blockchain as a mechanism for protocol upgrades in AI infrastructure, avoiding the decades-long adoption cycles seen with standards like IPv6.
  • Polosukhin's initial 2017 venture into AI to teach machines to code faced a bottleneck in training data and paying global contributors, a problem crypto solved by enabling payments without local banking infrastructure.
AgentsBig TechPrivacy
The Jake Woodhouse Podcast
The Jake Woodhouse Podcast

How To Leverage OpenClaw - Roland (JWP 118)Mar 22

  • The OpenClaw AI agent framework hit a practical barrier where agents needed human intervention to bypass KYC for services like email and GitHub accounts.
  • With that foundational autonomy, the agent can spawn and fund clone or specialized sibling agents, such as marketing and development agents, without human involvement.
  • The project exemplifies a shift where AI handles menial work, freeing humans for creative and strategic tasks, a future being built by developers experimenting with new tools.

Also from this episode:

Adoption (2)
  • Developer Roland solved this by building an autonomous agent onboarding system using Bitcoin as a permissionless payment rail instead of stablecoins or traditional finance.
  • Roland's demonstration gained massive attention after Elon Musk linked to it, attracting millions of views and highlighting Bitcoin's utility for automation.
Lightning (1)
  • The agent's autonomy stack consists of a Bitcoin wallet, a cloud server paid via Lightning (LN VPS), and AI model access credits purchased via Pay Per Query (PPQ).
BTC Markets (1)
  • Roland argues the first self-sustaining autonomous agent was built by Bitcoiners, not the well-funded stablecoin or broader crypto space, due to Bitcoin's ethos of solving real permissionless problems.
AgentsBig TechOpen SourceAdoptionPayments

Related Stories