AI Agent Security Warning: Buterin Links Local AI to ETH Wallet Safety

Ethereum co-founder Vitalik Buterin warns that today’s “AI agent security” model is dangerously weak. He cites research saying roughly 15% of agent skills/tools can include malicious instructions, and HiddenLayer research that a single malicious webpage can fully compromise an AI agent instance—triggering shell script downloads/execution without the user noticing. To reduce risk, Buterin runs AI locally instead of relying on cloud inference. He uses a local-first setup with the open-weights Qwen3.5:35B model via llama-server on an Nvidia 5090 laptop, and he also tests other hardware. He moved to NixOS for declarative configuration and uses bubblewrap sandboxing to limit filesystem access and network ports. For “AI agent security” in messaging and outbound actions, Buterin open-sources a messaging daemon (wrapping signal-cli and email). It can read messages freely, but outbound third-party messaging requires explicit human approval under a “human + LLM 2-of-2” rule. He extends the same principle to Ethereum wallet integrations: avoid unlimited autonomous wallet permissions, cap autonomous transactions at $100/day, and require human confirmation for anything above or for transactions with calldata that could enable data exfiltration. Remote privacy ideas are also discussed (e.g., ZK-API concepts, mixnets, trusted execution environments), but fully homomorphic encryption remains too slow for practical use. For traders: this is a security framework announcement rather than a protocol change, but it can influence how wallet teams design AI-assisted signing and automation around ETH holdings.