An AI Agent can be robbed the same way a person can, by being talked into it, and it has happened twice this month. On May 19 the AI trading platform Bankr locked down after an attacker reached fourteen of its wallets, in what SlowMist’s Yu Xian called an exploit of the trust layer between automated AI Agents. Two weeks earlier, an attacker had drained an AI Agent of up to 200,000 dollars by sending it a single tweet written in Morse code. No keys were stolen and no contracts were broken. AI Agents with wallets simply did what they were told.

How an AI Agent gets tricked into sending money

The Morse code attack shows the shape of it. The attacker had first activated a Bankr Club membership on the wallet tied to Grok’s account, which silently unlocked the trading bot Bankrbot’s high-privilege tools and the ability to move real funds. Then came a Morse code message that slipped past the filters that would have flagged plain text. Grok, built to be helpful, decoded it and tagged Bankrbot, which treated the reply as a valid command and sent three billion DRB tokens out on Base. Most of the money came back after negotiation, but the lesson held. Neither that attack nor the Bankr breach was a cryptographic flaw, just a trusted component doing exactly what it was asked by someone it should never have trusted.

Why trust is the agent economy’s real bottleneck

Paying is the part we have figured out. This May AWS shipped AgentCore Payments, built with Coinbase and Stripe, which lets an AI Agent settle a bill in stablecoins for a fraction of a cent on Coinbase’s x402 protocol, no human in the loop. That is the breakthrough and the problem at once, because an AI Agent that can pay in real time can be talked into paying in real time. Payment only asks whether an AI Agent can move money. Trust asks whether the move should happen at all, given who is asking, what the AI Agent is allowed to do and whether the instruction is really what it claims to be. That second layer is still mostly assumed, which is how a Morse code tweet and a quiet membership upgrade turned a helpful bot into a thief’s instrument.

Taiko is an Ethereum Layer 2 building neutral infrastructure for AI Agents. The question stopped being whether an AI Agent can pay. It became whether the rest of the network can trust what it just did.

This post is exploratory and does not represent a specific roadmap.