Ethereum co-founder Vitalik Buterin recently issued a warning regarding the security risks of AI agents. He signaled a critical turning point in the evolution of AI and its integration into financial and digital systems.
Buterin claims that current systems lack adequate safety measures as AI agents become increasingly autonomous and capable of executing tasks, interacting with tools, and even managing funds. The main problem here centers on prompt injection — a newly discovered security weakness that allows people to control AI agents through hidden or malicious instructions embedded in the data they process. 
According to research cited by the security firm Hiddenlayer, approximately 15% of AI agent “skills” or modules may already contain these malicious elements. This prompted Buterin to speak out publicly.
Hackers can exploit these system weaknesses not through traditional hacking methods, such as breaking into code, but by influencing how the AI interprets information. Prompt injection allows attackers to use a simple website or dataset to direct an AI agent to perform dangerous actions, potentially even making unauthorized money transfers.
The situation is becoming increasingly serious. AI agents can now operate independently in environments with critical financial access, finding use in market trading, wallet management, and the execution of decentralized finance (DeFi) functions. Current systems allow these agents to handle operations with autonomous capabilities that can extend to system-changing tasks.
Some recent real-world incidents have demonstrated these vulnerabilities, with AI trading agents losing between $10 million and $100 million due to prompt injection and memory manipulation.
Buterin recommends a complete redesign of how AI systems are built and implemented. His solution suggests a “local-first” approach, where users run models on their personal devices instead of depending on cloud-based systems. This model could reduce system vulnerability to external attacks while preventing data leaks and giving users greater control. He further proposes that organizations establish basic security measures, such as human validation, before an agent is allowed to perform crucial tasks.
For example, his own setup works on a “2-of-2” system, where both the AI and the user must approve any external communication or transaction. These proposed changes are more than just technical adjustments — they represent a broader vision shift in the cybersecurity field.
Standard security models protect software and physical systems, but AI agents create new challenges through their unique decision-making processes. Current AI protection requires measures that extend beyond software to include the internal logic behind this process.
The implications of such a shift are profound. Frameworks like zero-trust architectures and human-in-the-loop systems will help users achieve accountability and resilience. Ultimately, AI-driven financial tools may face greater regulatory attention due to the significant risk of extensive financial damage.
These concerns are not merely theoretical. Overall security in the DeFi sector is receiving increasingly more attention following the recent Kelp DAO exploit — the largest crypto heist of the year so far — which stemmed from a compromise of the bridge’s validation logic and resulted in hundreds of millions of dollars in losses. Although the trends on the crypto heatmap remain largely positive, with BTCUSD and ETHUSD gaining over the past month, the incident serves as a telling reminder of the critical need for rigorous security standards in automated processes.