2025-12-25 04:23:22

Recently, I was studying active wallets on a certain blockchain. At first, it was quite pleasing—positions were disciplined, entries and exits were orderly, and there was never any reckless chasing of hot trends. It was a textbook example of risk management.

But suddenly, a detail made me cautious. An operation itself was not excessive, but it carried a strange aura—like turning on the turn signal while the car subtly drifts to the side without realizing it. At that moment, I had a crazy thought: if this wallet is controlled by an AI proxy, who is the real decision-maker?

This question may seem absurd, but it hits the core contradiction in the crypto world. In the on-chain universe, the private key is like the steering wheel. It is the only key that can sign transactions. Every transfer and contract call requires a private key signature—similar to signing a check to confirm. Many users, for convenience, directly give their private keys to AI proxies for management. Once the proxy is hacked, malfunctions, or receives malicious instructions, the wallet can be looted in an instant. Imagine that helpless feeling.

Recently, I came across the idea proposed by KITE (KITE). Honestly, it was a revelation. Their solution is simple yet deadly: using two keys to divide authority.

The first is called the Human Key, which holds the root authority and control. It must be kept in an absolutely secure place and is not used regularly. The second is called the Agent Session Key, designed for temporary use by the AI proxy. The session key is like a temporary access card—check-in at work, and after finishing, swipe the card to leave. The permissions on the card are limited, and it automatically expires after a set time.

Some might ask: doesn’t this mean signing twice? Actually, no. The role of the Human Key is to set rules—creating, updating, or revoking session keys at any time—and to impose various fine-grained restrictions on the session keys. For example, daily transaction limits, asset types allowed, permitted counterparties, and so on. Permissions are tightly controlled from the source, so even if the AI proxy behaves abnormally, the scope of damage is firmly confined within the preset boundaries.

The brilliance of this logic is that it allows the AI proxy to work efficiently while ensuring users retain absolute control over their assets. Private keys are not a black-and-white choice; through meticulous division of authority, technology and trust can coexist.

KITE5.17%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

11 Likes

Reward
11
4
Repost
Share

Comment

0/400

BasementAlchemist

· 4h ago

Wow, I love the logic of these two keys. Finally, someone has explained the AI proxy thing thoroughly. Handing the private key directly to AI is really brainless; the risk is too high, brother. The automatic expiration of session keys is brilliant, like installing a timed bomb on the proxy. This is the way Web3 should go—decentralization and checks and balances are always more reliable than centralized trust. KITE's solution is indeed a wild method, smarter than those various multi-signature schemes. Basically, it's about letting the machine do the work but not giving away the entire master key. This move is absolutely

View OriginalReply0

APY_Chaser

· 4h ago

Hmm... Actually, the concept of decentralization has been overhyped for a long time. The key issue is who ensures that the human key is truly secure at the execution level? --- Having two keys sounds good, but in reality, most people will still end up losing both. --- Wait, no, what I care more about is what happens if this AI agent learns to bypass restrictions. Is the framework on paper effective for machine learning? --- Damn, this is the solution I've been wanting to see. Finally, someone pointed out the core issue. --- The private key is fundamentally a trust issue. No matter how encrypted the keys are, human greed can't be changed, haha. --- I need to look into the KITE idea, but it still seems that a strong enforcement audit mechanism is necessary to be reliable, right? --- By the way, who came up with the idea of handing the keys over to AI? That’s really Web3. --- The premise of decentralization is that your Human Key hasn't been social engineered. That’s the biggest black hole.

View OriginalReply0

GasOptimizer

· 4h ago

The dual-key scheme indeed solves the permission granularity issue, but I am more concerned about the gas costs of this architecture—creating session keys, updating restriction conditions, revoking permissions... The number of on-chain operations has increased. Can the fee model handle it? What does the historical data look like?

View OriginalReply0

PortfolioAlert

· 4h ago

I have to give some feedback on this idea. Two keys sound great, but in practice, they are still troublesome to use. AI taking over wallets is inherently a false proposition; ultimately, it's just for convenience. Wait, could this logic actually give hackers more opportunities? Basically, it's like putting a leash on AI, but it's definitely safer than passing the buck directly. What a revelation—still, you have to trust the AI itself; decentralization is useless. Wow, the two-key system sounds like adding an extra layer of skin to yourself. This方案 doesn't solve the fundamental problem—how can you trust that AI won't betray you? It's better to honestly manage your wallet yourself; no matter how fancy the technology is, it can't escape human nature.

View OriginalReply0