What is an agent wallet?

An agent wallet is a programmable account designed for autonomous AI agents. Unlike a user wallet, where a human clicks sign, an agent wallet uses a delegate key — often hardware-isolated in a TEE — to sign transactions within pre-defined guardrails. The wallet layer enforces spending limits, allowlists, and time windows so the agent can act autonomously without the platform taking custody of funds or the agent holding unrestricted spend authority.

What are the approaches to building an agent wallet?

Two approaches dominate in 2026. Full-stack platforms (Crossmint, Coinbase AgentKit, Thirdweb Engine) bundle the wallet, payment rails, and compliance into one product so you ship faster but accept their stack. Signing primitives (Turnkey, Privy, Openfort, Dynamic, Alchemy x402, Phantom MCP) give you the key management layer and leave onramps, offramps, card rails, and orchestration for you to assemble. Full-stack is the fast path for payment-heavy agents. Signing primitives are the right fit when you need architectural control, on-chain verifiability, or self-hosting.

Do agent wallets need card networks, or are stablecoins enough?

It depends on where the agent transacts. If the agent only interacts with crypto-native systems (DeFi, on-chain marketplaces, other agents), stablecoins are sufficient and usually preferable: sub-cent fees, 24/7 settlement, and no interchange. If the agent needs to pay merchants that do not accept crypto — SaaS subscriptions, travel, physical goods — card network integration (Visa, Mastercard via Crossmint's Lobster Cash) bridges the gap. Some products need both rails; dual-rail platforms cover that case natively.

How do spending controls work in agent wallets?

Spending controls enforce what the agent can do with its delegated key. Common patterns include spending limits (per-transaction, per-day, per-month), approved recipient allowlists, protocol allowlists, time windows, and human approval flows above a threshold. The enforcement layer matters: on-chain policy (session keys, smart contract guardrails on Openfort) is composable and independently verifiable, off-chain API policy (Privy server wallets) is flexible but relies on every code path calling the API, and TEE-enforced policy (Turnkey, Crossmint) binds enforcement to the signing path.

Can an agent wallet be autonomous and non-custodial at the same time?

Yes — that is the point of the Owner-Operator key model. The user or platform keeps an owner key with full authority (kill switch, policy updates, recovery). The agent gets a separate operator key, typically TEE-bound, that signs within pre-defined guardrails. The platform never has unilateral access to funds, so it is not custodial in the regulatory sense, and the agent acts autonomously within its lane. Openfort, Crossmint, and Turnkey all implement variants of this model.

Agent Wallet Solutions for Developers

AI agents are writing code, managing inboxes, and executing trades. The blocker on autonomous products is no longer whether agents can decide — it is whether they can spend safely. Agent wallets solve that: a programmable account that lets software sign transactions within pre-defined guardrails, without the platform taking custody or the agent holding unrestricted spend authority. This guide walks through the agent wallet landscape in 2026, the two main architectural approaches, and how to pick the right one for what you are shipping.

For a deeper architectural read on the custody model, see The Agentic Wallet Problem.

What Makes an Agent Wallet Different

A user wallet is optimized for humans. A human opens an app, reads a prompt, and clicks sign. That flow assumes a present operator, slow decision cycles, and UX friction as a feature — the friction is the consent.

An agent wallet is optimized for software. The operator is a process. Decision cycles are milliseconds. There is no one to click sign. The wallet has to:

Act autonomously within pre-defined rules, without a human in the loop per transaction
Enforce those rules in a way the platform cannot silently bypass
Preserve a kill switch and policy authority for the human owner
Support the payment rails the agent actually needs to transact — stablecoins, cards, or both
Scale to the transaction volume and signing frequency autonomous systems generate

Those constraints map to a specific architecture: split keys (owner plus operator), hardware-isolated signing (TEE), programmable policy enforcement (on-chain, off-chain, or TEE-bound), and a payment layer that matches the agent's transaction surface.

The Two Architectural Approaches

Agent wallet solutions in 2026 fall into two tiers. The tier you pick determines what you build versus what you assemble.

Tier A: Full-Stack Agent Wallet Platforms

Full-stack platforms bundle the wallet, payment rails, spending controls, and compliance into one product. You get an agent wallet plus the means to move money in and out of it. The trade-off is ecosystem lock-in and less room to customize the wallet layer.

What you get:

Agent wallet with TEE-isolated operator keys
Payment rails (stablecoin, and in some cases card networks)
Spending controls and policy enforcement
Onramps and offramps
Compliance tooling (KYC, AML, Travel Rule in some cases)
Framework integrations (OpenAI Agents SDK, LangChain, CrewAI, AutoGen, LlamaIndex, MCP)

Players in 2026:

Crossmint Agent Wallet (Lobster Cash): Only full-stack platform supporting both stablecoin and card network rails (Visa, Mastercard agentic payment protocols). Non-custodial dual-key model, MiCA CASP licensed in the EU, KYC/AML/Travel Rule built in. Free tier covers 1,000 monthly active wallets including wallets, payments, and compliance.
Coinbase AgentKit: Open-source SDK for agent wallets on Base. Stablecoin-only rails, no built-in spending limits, but free and easy to integrate for Base-native agents. Works with the OpenAI Agents SDK.
Thirdweb Engine: Full-stack agent wallets with session keys, scoped permissions, gas optimization, and transaction queuing. Broadest AI framework compatibility (OpenAI, LangChain, CrewAI, AutoGen, LlamaIndex, MCP). Self-hostable Engine. 700+ EVM chains. Stablecoin-only rails.

When to pick full-stack:

Agent needs to move money in and out of fiat — not just crypto
You want one vendor for wallet plus compliance plus framework plumbing
Time to first transaction matters more than architectural flexibility
EU compliance (MiCA) is a hard requirement

Tier B: Signing Primitives (BYO Payment Layer)

Signing primitives give you the key management layer for agents and leave the rest to you. You bring the onramp, the offramp, the bridge, the card rails if you need them, and the application logic. The payoff is architectural control: you pick each component, you own the data flow, and you avoid ecosystem lock-in.

What you get:

Agent key management (TEE-isolated, MPC, or smart contract with session keys)
Spending controls (on-chain, off-chain API, or TEE-enforced policy)
Signing APIs and SDKs
Chain support (varies by provider)

Players in 2026:

Turnkey Server Signing: TEE-based key management with full remote attestation, sub-150ms signing, and org-level policy enforced inside the enclave. Ed25519 and Secp256k1 at the curve layer — EVM, Solana, Bitcoin, TRON, 50+ chains. Enterprise-only for agent use cases, per-signature pricing as low as $0.0015 at scale. Strongest key-level security model.
Privy Server Wallet: TEE plus Shamir Secret Sharing with off-chain policy enforcement. Transfer limits, approved protocol allowlists, recipient restrictions, operating time windows. Included in platform pricing (Core $299/month and up). Requires user sessions — not natively compatible with fully autonomous, sessionless agents. Stripe ecosystem opens fiat payment paths indirectly.
Openfort Backend Wallet: Native smart accounts (ERC-4337 and EIP-7702) with on-chain permission enforcement via session keys. Open-source and self-hostable via OpenSigner — the only agent wallet option where you can run the signing infrastructure yourself. 2,000 operations per month free with gas sponsorship included.
Dynamic Embedded Wallet: MPC or smart contract wallet architecture, configurable. EVM, Solana, and Cosmos support. Agent-specific capabilities are less developed than dedicated agent platforms — Dynamic's strength is onboarding UX for products that serve both humans and agents. Now part of Fireblocks.
Alchemy Agent Wallet (x402): TEE-based signing purpose-built for the x402 pay-per-call API protocol on Base. Automated USDC top-up when an agent's compute credits run out. Narrow fit — clean for API metering, not general-purpose.
Phantom MCP Server: Integrates MCP-compatible AI clients with a user's Phantom wallet on Solana. Sign transactions, execute swaps, transfer tokens. Free. Consumer wallet with an agent access layer — limited spending controls, not purpose-built for agents.

When to pick a signing primitive:

You need hardware-isolated keys with independent cryptographic verifiability
You need on-chain verifiable policy that composes with other contracts
You need to self-host the signer for regulatory or sovereignty reasons
You already have onramp, offramp, or payment rails and only need the wallet layer
You are signing at high frequency and per-signature cost dominates

Spending Controls: Where the Policy Lives

The biggest architectural choice after picking a tier is where policy is enforced. Each approach has a different failure mode.

On-chain policy (session keys, smart contract guardrails)

The smart contract enforces the rules. If the agent key tries to sign a transaction outside the policy, the contract rejects it. This is the most transparent and composable approach — any on-chain consumer can verify the policy is in effect, and the policy itself can be composed with other contracts (vaults, recovery, multi-sig).

Example: Openfort's session keys encode allowed contracts, method selectors, spend limits, and time windows directly in the session key permissions. The smart account enforces them at execution time.

Failure mode: Policies that need real-world context (off-chain signals, fraud detection, velocity checks across sessions) have to be layered above the on-chain primitive.

Off-chain API policy

The wallet provider's API enforces the rules before the signing request reaches the signer. This is flexible — arbitrary logic can run — but it relies on every code path calling the policy API.

Example: Privy server wallets scope policy per wallet. If an API call misses the policy check, the wallet signs without coverage.

Failure mode: Per-wallet scoping plus any path around the policy API equals uncovered signing. Platform-wide policy coverage requires discipline on the integrator's side.

TEE-enforced policy

Policy runs inside the same trusted execution environment that holds the key. A transaction cannot be signed if it violates the policy, because the policy and the signer share a trust boundary.

Example: Turnkey runs its policy engine inside the AWS Nitro Enclave. Org-level policies are enforced at the curve-layer signing step.

Failure mode: The trust model is strong but tied to the provider's infrastructure. You cannot self-host the enforcement, and the policy is opaque to third parties unless the provider exposes remote attestation (Turnkey does).

Payment Rails: Stablecoin Only vs. Dual-Rail

Where the agent transacts determines whether stablecoins are enough.

Stablecoin-only is the default for agents that interact with on-chain systems — DeFi protocols, NFT marketplaces, other agents, crypto-native merchants. Stablecoin rails offer sub-cent fees, near-instant settlement, 24/7 availability, and no interchange. Every agent wallet solution on this list supports stablecoin rails.

Dual-rail (stablecoin plus card networks) is required when agents need to transact with merchants that do not accept crypto. Crossmint's Lobster Cash — built with Visa, Solana, Circle, and Stytch — gives agents virtual credit cards (with spending limits) alongside USDC wallets (with human approval flows). Raw card data and private keys are never exposed to the agent's context. Card rails bring interchange fees back into the equation, but in exchange the agent can pay for a SaaS subscription, a hotel, or a plane ticket. Crossmint is the only full-stack agent wallet platform offering both rails.

Framework and Protocol Support

Different agent frameworks have different integration ceilings. In 2026, the state of the market:

OpenAI Agents SDK: Thirdweb Engine, Coinbase AgentKit
LangChain: Thirdweb Engine
CrewAI: Thirdweb Engine
AutoGen: Thirdweb Engine
LlamaIndex: Thirdweb Engine
MCP (Model Context Protocol): Thirdweb Engine, Phantom MCP
x402 (pay-per-call): Alchemy Agent Wallet
API-first (BYO integration): Turnkey, Openfort, Privy, Dynamic, Crossmint

If you are committed to a specific framework, framework coverage narrows the pick quickly. If you are API-first and integrating on your own terms, all the signing primitives are on the table.

Decision Framework

Pick a wallet solution by answering four questions in order.

1. Does the agent need to pay merchants that do not accept crypto?

If yes → you need dual-rail (stablecoin + card). Crossmint is the only full-stack platform that ships both natively.

If no → stablecoin-only is sufficient, and every provider on this list works.

2. Do you need to self-host the signer or have on-chain verifiable policy?

If yes → Openfort (open-source, self-hostable via OpenSigner, on-chain session keys) or Coinbase AgentKit (open-source SDK, Base-native).

If no → TEE-isolated options with provider-managed infrastructure work: Turnkey, Crossmint, Privy.

3. What is your signing frequency and per-signature cost sensitivity?

High-frequency (market-making, arbitrage, trading desks): Turnkey — sub-150ms signing, $0.0015/signature at enterprise scale.

Moderate-frequency (consumer agents, individual assistants): any full-stack platform or signing primitive on the list.

Low-frequency, narrow use case (pay-per-call APIs on Base): Alchemy x402.

4. What AI framework are you building on?

Multi-framework commitment (LangChain, CrewAI, AutoGen, LlamaIndex, MCP): Thirdweb Engine.

OpenAI Agents SDK: Coinbase AgentKit or Thirdweb Engine.

API-first, framework-agnostic: any signing primitive.

Summary Table

Provider	Tier	Payment Rails	Spending Controls	Chain Support	Free Tier
Crossmint	Full-stack	Stablecoin + Card (Visa/MC)	Dual-key + limits + human approval	EVM, Solana, Stellar	1,000 MAW
Coinbase AgentKit	Full-stack	Stablecoin (Base only)	None built-in	Base	Free (SDK)
Thirdweb Engine	Full-stack	Stablecoin only	Session keys with scoped permissions	700+ EVM chains	Free (self-hosted)
Turnkey	Signing primitive	Stablecoin / crypto (BYO)	TEE-enforced policy engine	EVM, Solana, Bitcoin, TRON, 50+	25 signatures/mo
Privy	Signing primitive	Stablecoin / crypto (BYO)	Off-chain policy API	EVM, Solana, Bitcoin	499 MAUs
Openfort	Signing primitive	Stablecoin / crypto (BYO)	On-chain session keys + basic off-chain API	Multi-chain EVM (+ Solana wallets)	2,000 ops/mo
Dynamic	Signing primitive	Stablecoin / crypto (BYO)	Basic	EVM, Solana, Cosmos	Free tier
Alchemy x402	Signing primitive	USDC (Base)	Auto top-up only	Base	Not specified
Phantom MCP	Signing primitive	Stablecoin / crypto	None specified	Phantom-supported chains	Free

Building Your Own vs. Buying

A few teams will still ask whether to build the wallet layer in-house. The answer in 2026 is almost always no for agent wallets specifically. The security model that protects platforms from custody risk — TEE-isolated keys, remote attestation, policy enforcement at the signing boundary — is genuinely hard to build and genuinely easy to get wrong. Storing keys in environment variables or in a Postgres column is custodial by default, which means money transmitter licensing risk, which means legal work that dwarfs the cost of any agent wallet vendor.

Self-hosting a vetted open-source signer (Openfort's OpenSigner, Coinbase AgentKit, Thirdweb Engine) gives you most of the control benefits of building without the cryptographic engineering surface.

Where Openfort Fits

Openfort's agent wallet surface is the backend wallet product: native smart accounts with on-chain session keys, open-source signer with a self-hostable path via OpenSigner, and gas sponsorship from the free tier. The on-chain policy enforcement is the differentiator — session keys encode scope directly in the smart account, so the enforcement is transparent, composable, and verifiable by any on-chain consumer. The trade-off is that the payments layer is BYO: Openfort does not ship onramps, offramps, or card rails, so agents that need fiat settlement need a separate payment provider or a full-stack platform like Crossmint.

If you are building an agent product and want to start with the signing primitive approach, the Openfort docs cover session keys, policy configuration, and backend wallet automations. For the ranked head-to-head across all nine platforms, see Best agent wallet for developers in 2026.