Ledger, the company best known for securing $100B+ in cryptocurrency assets through hardware wallets, published its 2026 AI Agent Security Roadmap on April 14. The roadmap commits Ledger to a multi-quarter product buildout aimed at a specific problem: AI agents that hold API keys, credentials, and crypto wallets need hardware-anchored security, not just software guardrails.
The core argument is blunt. Useful AI agents require access to email, calendars, login credentials, browser extensions, files, databases, CLIs, and wallets. That access creates what Ledger calls the “lethal trifecta”: prompt injection, autonomous execution, and access to real resources. “The agent doesn’t have to be the attacker,” the roadmap states. “It just has to be compromised mid-task.”
The Threat Model
Ledger names three specific attack vectors: malicious webpages, poisoned documents, and hijacked MCP server responses. Each can redirect an autonomous agent toward catastrophic action starting from what looks like a routine operation. The roadmap explicitly references OpenClaw’s MCP Skills and Claude Code’s tool-use pipeline as environments where these vectors apply.
The framing matters because it extends the AI agent security conversation from software governance (where Microsoft’s Agent Governance Toolkit and AWS Agent Registry operate) and endpoint security (Palo Alto’s Koi AES acquisition) into a third layer: hardware-anchored trust boundaries.
The Product Timeline
Ledger’s rollout spans three quarters:
Q2 2026: Identity and Tooling. Agent Identity provides hardware-anchored, on-chain identity for each agent in a fleet, replacing spoofable software strings with verifiable provenance. Agent Skills and CLI expose Ledger’s wallet stack (send, swap, earn, monitor) and hardware-derived secret management via the Ledger Keyring Protocol, discoverable through AGENTS.md and SKILL.md formats.
Q3 2026: Authorization and Governance. Agent Intents introduce a human-in-the-loop approval layer where agents propose actions and humans review them on a Trusted Display, confirming with a physical button. Agent Policies add configurable spending limits, time windows, and per-agent permissions.
Q4 2026: Proof of Human. Hardware-backed verification that a human authorized a specific agent action, designed for high-stakes transactions where cryptographic proof of human approval is required.
What Ships Today
The Device Management Kit (DMK) is available now. Moonpay has built the first production integration, using Ledger signing so that while an AI agent identifies trading opportunities and proposes transactions, private keys remain confined to hardware and every transaction requires a physical button press.
New Executive Role
Ledger’s CXO Ian Rogers is transitioning to Chief Human Agency Officer, a title the company says is “meant to start a conversation about what it means to keep humans secure and in-the-loop as verifiers in our agentic future.” The role signals organizational commitment beyond a product launch.
Paris Blockchain Week Context
The timing is deliberate. Paris Blockchain Week 2026 opens today (April 15-16) at the Carrousel du Louvre with 10,000+ attendees. Ledger is hosting an Agents Anonymous and OpenClaw Meet-Up at Ledger HQ tonight, where the company will demonstrate Ledger Skills, CLI, and Koda, its internal agentic development tool.
The Hardware Layer
This is the first time a major hardware security company has committed a dedicated, multi-quarter product roadmap to AI agent threat surfaces. Software-only solutions (policy engines, runtime monitors, API gateways) can be compromised if the underlying execution environment is compromised. Ledger’s bet is that the signing boundary provided by a secure element holds even when surrounding software fails. For builders deploying agents that handle credentials, financial transactions, or identity, the question is whether hardware-anchored trust becomes a production requirement, not an optional hardening step.