MetaMask is the world's leading self-custodial crypto wallet and gateway to decentralized finance, built by Consensys.
Read all articlesCompare MetaMask, Coinbase, Cobo, Ledger, BitGo, and OKX on custody, permissions, security checks, and human approval—see what's actually shipped in 2026 versus still on the roadmap.

As of July, 2026, agentic wallet infrastructure is no longer a single-product category. MetaMask, Coinbase, Cobo, OKX, Ledger, and BitGo all approach the problem differently: some offer dedicated wallets for agents, some provide developer tooling, some act as hardware approval layers, and others focus on institutional policy controls.
This guide compares those approaches from a buyer or builder's perspective. For the underlying definition of the category, see What is an agentic wallet. The following covers what each option currently provides, how control is enforced, and where the product is live versus still developing.
This guide uses five practical criteria: custody, permissions, pre-execution checks, human approval, and funding/execution model. These are the areas where agentic wallet products differ most in practice, and they're a useful checklist regardless of which product you land on.
Custody model: does the agent get its own dedicated wallet, or does it act through the user's existing wallet within a delegated scope?
Permission model: how are spend limits, contract allowlists, network boundaries, or session rules defined and enforced?
Pre-execution security checks: does the wallet inspect a transaction before signing, and is that mandatory or opt-in?
Human approval logic: when does a human get pulled back in: for every action, only exceptions, or only when a transaction is flagged?
Funding and execution surface: does the agent operate from a dedicated balance, or from the user's existing funds inside narrow limits?
| Custody model | Permission model | Pre-execution security checks | Human approval logic | Funding & execution surface |
MetaMask Agent Wallet | Self-custodial, dedicated agent wallet; TEE-secured keys, exportable by the user | User sets daily spend limits, protocol allowlists, and a risk profile before the agent starts transacting; choice of Guard Mode or Beast Mode | Mandatory 3-step pipeline on every transaction: simulation, Blockaid-powered threat scanning, MEV protection via Smart Transactions | Guard Mode (default) requires 2FA approval for anything outside policy or flagged as a threat, delivered via mobile push or email; Beast Mode allows more latitude but still requires 2FA on flagged/malicious transactions | Dedicated agent wallet, user-funded; framework-agnostic; live on Ethereum, Linea, Arbitrum, Avalanche, Optimism, Base, Polygon, BNB Chain, Sei, plus Hyperliquid |
Coinbase AgentKit / Agentic Wallet CLI & MCP | Non-custodial wallet infrastructure; private keys stay isolated from agent code | Spending limits are configured by the human in the wallet UI; agents can't change them. Agents can pay for x402 services but can't transfer funds to arbitrary addresses | KYT screening blocks transactions to sanctioned addresses and known scam contracts | Enforcement is programmatic—limits are set by the human ahead of time and enforced by wallet infrastructure, rather than a default per-transaction human review flow | AgentKit supports EVM-compatible networks and Solana; Agentic Wallet CLI/MCP is a narrower product for wallet operations (send, trade, pay-for-service) |
Cobo Agentic Wallet | Non-custodial by default (MPC); optional custodial mode for specific enterprise workflows | Agent authority is defined through Cobo's "Pact" model, which sets task intent, execution boundaries, and completion conditions per workflow | Pre-signature policy checks; when a proposed action falls outside policy, Cobo returns denial feedback the agent can use to retry within scope | Human-in-the-loop approvals available via web, mobile, Telegram, or Discord; an Emergency Freeze function can halt agent activity | Multi-network, enterprise-oriented; detailed audit logging of agent actions and the policy decisions behind them |
Ledger | Not a dedicated agent wallet—private keys stay on a Ledger hardware device; the agent operates a separate software wallet or API | Policy tooling for spending caps and contract boundaries is on Ledger's 2026 roadmap, not fully shipped yet | No autonomous execution by design: agent-proposed transactions can require hardware confirmation before signing | Human confirmation is the core model—the agent proposes, a person confirms on the device (MoonPay is the named production integration) | Positioned as a hardware root of trust to pair with an agent stack, not a standalone agentic wallet product |
BitGo | Institutional custody infrastructure (MPC/multi-sig); agent activity is layered on top of existing wallet policy and approval systems | Wallet-level policy controls: spending limits, approval rules, destination restrictions, and transaction limits | Deterministic policy checks before execution; BitGo's published guidance emphasizes wallet controls over agent discretion | Institutions retain approval and governance authority; BitGo recommends agents start with narrow, low-risk, repeatable workflows | Best understood as institutional governance infrastructure for agentic activity, not a standalone consumer agent wallet |
OKX Agentic Wallet | Self-custodial; TEE-based key management inside Onchain OS | Transactions are risk-graded; critical actions are auto-blocked | Every transaction is simulated first, with a plain-language summary before execution | Approval is largely automated risk-grading rather than mandatory per-transaction human sign-off; one-click revocation of malicious approvals | Up to 50 sub-wallets for parallel strategies; nearly 20 networks including gas-free X Layer; native x402 support |
MetaMask Agent Wallet gives the agent its own dedicated, self-custodial wallet rather than routing activity through the user's primary account and applies the same mandatory security pipeline to every supported transaction regardless of which operating mode is active.
Custody and keys: Keys are secured using a trusted execution environment (TEE) while remaining exportable by the user at any time. The wallet is fully self-custodial throughout.
Permissions: Before the agent starts transacting, the user sets daily spend limits, protocol allowlists, and a risk profile, then chooses an operating mode. Guard Mode is the default—any transaction outside those rules, or flagged by threat scanning, pauses for human approval via 2FA (delivered by MetaMask Mobile push notification or email, with a five-minute window before auto-decline). Beast Mode is the opt-in alternative for users who want fewer interruptions; the security pipeline still runs on every transaction and 2FA still applies to anything flagged as malicious, but the agent has more latitude around policy edge cases.
Security pipeline: Every supported transaction passes through three mandatory steps before it lands onchain—transaction simulation (surfacing balance changes, approvals, and gas estimates), Blockaid-powered threat scanning (auto-rejecting malicious transactions), and Smart Transactions MEV protection. None of this is opt-in.
Coverage and integrations: At launch, the security pipeline runs on several networks including Ethereum, Linea, Arbitrum, Avalanche, Optimism, Base, Polygon, BNB Chain, and Sei, plus Hyperliquid. The wallet is framework-agnostic, with support for OpenClaw, OpenAI Codex, Claude Code, Nous Research's Hermes Agent, and Cursor.
Where it stands today: MetaMask Agent Wallet is in Early Access (opened June 8, 2026) and available through a CLI-based workflow for accepted users. Transactions that pass the security pipeline and meet eligibility requirements are backed by Transaction Protection coverage of up to $10,000 per month. General Availability is coming soon.
For full product details and setup, see the MetaMask Agent Wallet product page and the MetaMask Agent Wallet docs.
Each entry below covers what the product is, its custody model, notable characteristics, and notable limitations, drawn from official product pages, documentation, and company announcements.
What it is: Coinbase offers multiple agent-facing tools rather than one single wallet product. AgentKit is a developer toolkit for giving AI agents onchain capabilities. Agentic Wallet CLI and Agentic Wallet MCP are narrower wallet-operation surfaces that let agents authenticate, send, trade, and pay for x402 services without handling private keys directly.
Custody model: Non-custodial wallet infrastructure with private keys isolated from the agent runtime.
Notable characteristics: AgentKit supports EVM-compatible networks and Solana, and integrates with frameworks including LangChain, Eliza, and the Vercel AI SDK. Agentic Wallet CLI is narrower and confirmed on Base and Solana: it gives an agent a standalone wallet for actions like sending, trading, and paying for x402 services via pre-built skills (authenticate, send, trade, search-for-service, pay-for-service, monetize-service). Notably, spending limits are configured by the human in the wallet UI—agents can view but not change them—and agents can pay for x402 services but cannot transfer funds to arbitrary addresses.
Notable limitations: The Coinbase model is primarily programmatic: limits and screening are enforced by the wallet/signing infrastructure ahead of time, not through a default human-in-the-loop approval flow for policy exceptions the way MetaMask Agent Wallet's Guard Mode works.
What it is: An enterprise-oriented agentic wallet built around MPC custody and Cobo's Pact model for defining what an agent is allowed to do.
Custody model: MPC-based and non-custodial by default, with custodial options available for specific enterprise workflows.
Notable characteristics: A Pact defines the task intent, execution boundaries, policy conditions, and stopping point for an agent workflow. When a proposed action falls outside policy, Cobo returns denial feedback so the agent can adjust and retry within the approved scope. Human approvals are supported through web, mobile, Telegram, and Discord, and the product includes an Emergency Freeze function for stopping agent activity.
Notable limitations: Cobo is positioned more for enterprise automation than lightweight consumer or prosumer use. Teams should expect more setup, policy design, and operational overhead than with a simpler, CLI-first wallet.
What it is: Not itself a dedicated agentic wallet product—a hardware approval layer for agent workflows, built around a 2026 AI security roadmap.
Custody model: Private keys remain on the Ledger hardware device at all times; the agent operates through a separate software wallet or API, with Ledger acting as the confirmation layer.
Notable characteristics: Ledger's Device Management Kit supports hardware-based human approval for agent-proposed transactions today, with MoonPay named as a production integration. Ledger's 2026 roadmap adds hardware-anchored agent identity, policy tooling for spending limits and contract boundaries, and proof-of-human attestation.
Notable limitations: Ledger's model prioritizes human confirmation over autonomous execution. For workflows that need an agent to execute repeatedly without device confirmation, Ledger functions as a hardware approval layer rather than a full agentic wallet.
What it is: An institutional custody provider applying agentic-wallet concepts to governance, approval workflows, and wallet policy controls, rather than shipping a consumer agent wallet.
Custody model: Existing institutional custody infrastructure, including MPC and policy-governed wallets. Agent activity is layered on top of that infrastructure rather than replacing it.
Notable characteristics: BitGo's published guidance emphasizes deterministic wallet controls—spending limits, destination restrictions, approval workflows, transaction limits, and auditability—and recommends institutions start agents on narrow operational workflows such as monitoring, reporting, reconciliation, and policy-checked execution. BitGo has also shipped an MCP server that gives AI tools access to its documentation and API guidance.
Notable limitations: BitGo is not a consumer agentic wallet. Its published guidance argues that governance decisions, policy changes, new counterparties, and large discretionary transfers should remain with people, not agents.
What it is: A self-custodial wallet built for AI agents, launched as part of OKX's Onchain OS platform.
Custody model: Self-custodial; keys are generated, stored, and used for signing inside a TEE.
Notable characteristics: Supports natural-language transaction execution via MCP or CLI; every transaction is simulated first with a plain-language summary; transactions are risk-graded, with critical actions auto-blocked; up to 50 sub-wallets allow parallel multi-strategy execution; nearly 20 networks supported, including the gas-free X Layer; native x402 support for agent-initiated API payments.
Notable limitations: Approval is largely automated through risk-grading rather than a default interactive human-approval step comparable to Guard Mode; newer entrant to the category, launched March 2026.
If you're... | Consider | Why |
A developer or prosumer wanting a self-custodial agent wallet that's usable today | MetaMask Agent Wallet | Dedicated agent wallet, mandatory security pipeline, framework-agnostic agent support |
Building on Coinbase's Developer Platform | Coinbase AgentKit / Agentic Wallet CLI | Deep skills-library integration and native x402 support |
Running enterprise automation that needs a formal approval workflow | Cobo Agentic Wallet | Pact system and multi-channel human-in-the-loop approvals |
Prioritizing a hardware root of trust over software-only guardrails | Ledger | Physical confirmation on every agent-proposed transaction |
An institution with existing custody infrastructure evaluating agent use cases | BitGo | Policy controls and auditability built for institutional governance, not a standalone product swap |
Running parallel automated strategies across many sub-wallets | OKX Agentic Wallet | Up to 50 sub-wallets and native x402 support inside one platform |
A few themes are worth tracking as the category matures. First, "agentic wallet" now covers several product types—dedicated wallets, SDKs, CLI/MCP tools, hardware confirmation layers, and institutional governance systems—and a useful comparison shouldn't treat all of those as interchangeable.
Second, policy enforcement is becoming the real differentiator. Some products emphasize autonomous execution inside predefined limits. Others require human confirmation by default. Institutional providers tend to be more conservative, keeping governance, policy changes, and large-value approvals with people rather than agents.
Third, agentic payments standards are becoming part of the surrounding stack. Coinbase and OKX support x402 natively in their agent tooling, and MetaMask has publicly supported both x402 and Google's AP2. These protocols matter, but they're a distinct layer from wallet custody and transaction-permission design—see what is an agentic wallet for where that boundary sits.
Disclaimer: This content is intended for educational purposes only. It should not be considered financial advice or a solicitation. It is not intended for UK audiences. Cryptocurrencies and digital assets carry risk, and are not suited for all users.