For teams capable of navigating both Web3 and AI dimensions, the current moment represents a window of opportunity—whether in building more reliable on-chain Agent systems at the execution layer or in bridging key aspects of data, permissions, and trust at the infrastructure layer, there are significant gaps waiting to be filled.

Before diving into the analysis, it is necessary to clarify a core concept: DeFAI.

DeFAI is a fusion abbreviation of DeFi (Decentralized Finance) and AI (Artificial Intelligence), referring to the introduction of AI Agents into on-chain financial scenarios, enabling them to perceive market conditions, autonomously formulate strategies, and directly execute on-chain operations—thus completing a series of financial actions traditionally requiring professional personnel, such as asset allocation, risk management, and protocol interaction, without relying on real-time human intervention.

In short, DeFAI is not merely a simple AI upgrade of DeFi tools but attempts to construct a self-operating financial execution layer on-chain.

This sector has rapidly gained momentum since Q4 2024, with three significant events worth noting, each corresponding to three levels of AI Agent entry into Web3: narrative breakout, assetized infrastructure construction, and the real implementation of execution capabilities.

• The first event occurred in July 2024. The Twitter bot Truth Terminal, built by developer Andy Ayrey, quickly gained attention after receiving a $50,000 BTC donation from a16z co-founder Marc Andreessen, sparking viral dissemination of the GOAT coin. This marked the first time AI Agents as participants in the on-chain economy truly entered the public eye.
• The second event took place in October of the same year. Virtuals Protocol exploded on the Base network, tokenizing the AI Agent itself, with its ecosystem market cap surpassing $3.5 billion, becoming a typical representative of the assetization infrastructure construction phase in the DeFAI sector.
• The third event saw projects like Giza, HeyAnon, and Almanak successively land on the on-chain execution layer, pushing the industry from a narrative-driven phase to a productization stage—AI Agents began to truly "get hands-on" with on-chain operations, rather than merely remaining at the information interaction level.

From a global market size perspective, multiple research institutions have a high degree of consensus on the growth expectations for the AI Agent sector:

Chart 1: Global AI Agent Market Size Forecast Comparison

Data Source: MarketsandMarkets (2025), Grand View Research (2025), BCC Research (2026.01)

However, there remains a significant gap between capital enthusiasm and industry implementation. According to McKinsey's November 2025 report "The State of AI in 2025" (based on 1,993 respondents from 105 countries), although 88% of organizations have used AI in at least one business function, nearly two-thirds remain in experimental or pilot phases. Specifically in the AI Agent field: 62% of organizations have begun experimenting, and 23% are advancing scaling in at least one function, but the proportion achieving scaled deployment in any single function is less than 10%.

This data suggests that the narrative enthusiasm for the DeFAI sector currently outpaces the actual implementation progress. Understanding this gap is a prerequisite for objectively assessing the value of this sector.

The technical foundation of DeFAI: How AI Agents interact with the on-chain world To understand how DeFAI operates, a key question must first be answered: What mechanism does AI use to intervene in on-chain financial operations?

The core execution unit of the DeFAI system is the AI Agent built on large language models. According to the academic review by Wang et al. (2023), its core capabilities can be summarized into a three-layer architecture, with each layer having its corresponding specific functions in on-chain scenarios:

• Planning layer, responsible for goal decomposition and path optimization, corresponding to strategy generation and risk assessment in on-chain scenarios;
• Memory layer, achieving cross-cycle information accumulation through external storage like vector databases, carrying historical market data and protocol status;
• Tool layer, extending model capabilities to enable calls to DeFi protocols, price oracles, and cross-chain bridges.

However, it is important to clarify that AI models themselves cannot directly interact with blockchains. Almost all current DeFAI systems adopt an architecture of off-chain reasoning and on-chain execution separation—AI Agents complete strategy calculations off-chain, then convert the results into on-chain trading signals submitted by the execution module. This architectural design is both a realistic choice under current technical conditions and raises a series of security issues such as private key authorization and permission management.

AI Agents are essentially autonomous decision-making systems based on large language models, achieving closed-loop execution through task decomposition, memory management, and tool invocation, and the interaction between AI Agents and on-chain asset sides has already begun to take shape.

Chart 2: AI Agent Three-Layer Architecture

The evolution of DeFAI: From information interaction to execution closed loop

Having clarified the technical foundation of DeFAI, a natural question arises: How has this system evolved step by step to reach today's state?

According to research from The Block, the evolution of DeFAI has not been instantaneous but has gone through two distinct phases—from early interactive Agents focused on information processing to today's execution systems that can genuinely intervene in on-chain operations.

The two differ fundamentally in goal positioning, technical means, and risk levels.

Chart 3: Comparison of Two Waves of DeFAI Evolution Paths

The evolution of the two phases can be understood as follows:

The first wave is interactive Agents, focusing on building a dialogue-capable and analyzable intelligent framework. Representative projects include ElizaOS (originally ai16z's Eliza framework), Virtuals' G.A.M.E., etc. The essence of this stage remains information tools—Agents can read, speak, and analyze, but their functional boundaries stop at the information layer and do not touch any asset execution operations.

The second wave is execution DeFAI Agents, which truly enter the decision execution closed loop. Representative projects include HeyAnon, Wayfinder, Giza (ARMA Agent), and Almanak, among others. The common feature of these systems is that AI operates off-chain, outputs structured strategy signals, and completes transactions through on-chain execution modules—this does not replace existing DeFi protocols but introduces a layer of AI decision-making mechanism on top of them, transforming the entire operation chain from "human issuing commands" to "Agent autonomously executing."

The essential difference between the two waves of evolution lies not in technical complexity but in whether they truly touch assets. This also determines that the challenges faced by second-wave systems in trust mechanisms, permission design, and security architecture are far more complex than those of the first wave—this will be a key focus of the next chapter.

The landing scenarios of DeFAI: Four mainstream application scenarios

From technical architecture to evolution paths, what DeFAI can do has gradually become clear. So, what real problems is it solving at the product level?

Overall, the current application exploration of DeFAI has formed a relatively mature landing pattern around four core directions, corresponding to four core pain points in on-chain operations: "yield efficiency, strategy execution, interaction threshold, and risk control."

Yield Optimization: Automated Cross-Protocol Rebalancing

Yield optimization is currently the most mature application scenario of DeFAI. Its core logic is: continuously scanning the annualized yields of mainstream DeFi protocols like Aave, Compound, and Fluid, combined with preset risk parameters to determine whether rebalancing is necessary, and performing transaction cost analysis before each operation—only when the yield increase can cover all gas and transaction fees will funds be truly transferred, thus achieving automated optimal allocation across protocols.

Taking Giza as an example, its ARMA Agent launched a stablecoin yield strategy on the Base network in February 2025, continuously monitoring interest rate changes in protocols like Aave, Morpho, Compound, and Moonwell, intelligently reallocating user funds to maximize yield after considering protocol APY, fee costs, and liquidity. According to public data, ARMA currently has about 60,000 independent holders, over 36,000 deployed Agents, and manages assets under administration (AUA) exceeding $20 million.

In a market environment where DeFi protocol yields continue to fluctuate, the efficiency and timeliness of manual monitoring and manual rebalancing are far inferior to automated systems, which is the core value of this scenario.

Chart 4: Example of Giza Platform ARMA Agent

Quantitative Strategy Automation: Democratizing Institutional-Level Capabilities

In the quantitative strategy automation scenario, DeFAI platforms aim to modularize and automate the entire operational process of traditional quantitative teams, allowing individual users to access institutional-level strategy execution capabilities.

Taking Almanak, supported by Delphi Digital, as an example, its AI Swarm system breaks down the quantitative process into four stages:

• Strategy Module supports writing investment logic and completing backtesting via Python SDK;
• Execution Engine automatically runs the reviewed strategy code and triggers DeFi calls after obtaining user authorization;
• Secure Wallet builds a multi-signature system based on Safe + Zodiac, granting strategy execution rights to AI Agents through role permission control, ensuring funds remain within the user's controllable range;
• Strategy Vault packages strategies into tradable vaults based on the ERC-7540 standard, allowing investors to participate in strategy yield distribution similarly to fund shares.

The significance of this architecture lies in that AI agents undertake data analysis, strategy iteration, and risk management functions, allowing users to only conduct final reviews of system output results without needing to form a professional quantitative team—achieving what is termed "equalization of institutional-level strategies" (as claimed by the project).

Chart 5: Almanak Platform Homepage Display

Natural Language Instruction Execution: Making DeFi Operations as Simple as Sending a Message

The core of this scenario is intent-based DeFi operations: leveraging natural language processing technology, users issue trading instructions in everyday language, which AI parses and converts into multi-step on-chain operations, significantly lowering the operational threshold for ordinary users.

HeyAnon has created a DeFAI chat platform where users input commands through a dialogue box, and AI can execute on-chain operations such as token swaps, cross-chain bridging, lending, and staking, integrating LayerZero cross-chain bridges and protocols like Aave v3, supporting multi-chain deployments on Ethereum, Base, Solana, and more.

Chart 6: HeyAnon Platform Homepage Display

Wayfinder, backed by Paradigm, offers further full-chain trading services. Its AI Agent (called Shells) automatically finds the optimal trading paths between different chains, executing cross-chain transfers, token swaps, or NFT interactions, without users needing to focus on underlying gas fees, cross-chain compatibility, or other technical details.

Chart 7: Wayfinder Platform Homepage Display

In summary, natural language interfaces significantly lower the operational threshold for DeFi, but they also raise higher demands for the accuracy of underlying intent parsing—if AI misinterprets the instructions, the operational results may deviate significantly from user expectations.

Risk Management and Liquidation Monitoring: Mechanisms Embedded in On-Chain Protocols

In DeFi lending and leverage scenarios, the most common application of AI Agents is real-time monitoring of on-chain position health and automatically executing protective operations before liquidation thresholds are approached. This heavy application is gradually being integrated into major mainstream DeFi protocols, becoming a native feature of DeFi platforms.

• Aave measures position safety using a "health factor"; when the health factor falls below 1.0, the borrower's position triggers liquidation eligibility;
• Compound employs a "Liquidation Collateral Factor" mechanism, triggering liquidation when the account's borrowing balance exceeds the limit set by this factor, with specific parameters for each collateral asset set by on-chain governance.

Human monitoring struggles to maintain consistent response efficiency in a 24/7 high-volatility on-chain market, while AI Agents can achieve continuous tracking, intelligent assessment, and automatic intervention, elevating risk control efficiency to levels that human or rule-based automated systems find hard to reach.

Chart 8: Four Mainstream Application Scenarios of Agent × DeFi

In conclusion, the four scenarios mentioned above are not mutually independent but form a complement around the same main line: yield optimization and quantitative strategy automation target advanced users with a certain asset scale, with core advantages in execution efficiency and strategy accuracy; natural language interaction aims to lower the operational threshold for ordinary users; risk management serves as the underlying security guarantee across all scenarios. The three collaborate to form the basic landing pattern of the current DeFAI ecosystem and lay the groundwork for more complex on-chain Agent applications in the future.

The Security Bottom Line of DeFAI: Private Key Management and Permission Control

The four application scenarios discussed earlier, whether yield optimization or quantitative strategy automation, have only one prerequisite for their realization: **AI Agents must hold some form of signing authority, i.e., access to the *private key*. This is the most critical and easily overshadowed technical challenge in the entire DeFAI sector—once the signing mechanism has a flaw, all upper-layer strategic capabilities will lose their meaning.

Currently, the mainstream private key security management solutions in the industry are divided into two categories: MPC (Multi-Party Computation) and TEE (Trusted Execution Environment). Each has its focus in terms of security model, automation level, and engineering complexity.

Chart 9: Comparison of Two Mainstream Private Key Security Management Solutions

• MPC (Multi-Party Computation) operates on the core idea of eliminating single points of failure through key splitting. For example, in a common 2-of-3 threshold signature, even if one key is leaked, an attacker cannot independently complete the signature, and fund safety remains unaffected. Vultisig is a representative product in this direction, an open-source multi-chain self-custody wallet built on MPC/TSS technology, adopting a no single mnemonic architecture that combines key security with user self-custody.

• TEE (Trusted Execution Environment) takes a different approach: it seals the private key and agent code within a hardware-protected isolated area (enclave), where the AI agent completes strategy calculations and signatures, only outputting the signature results to the chain, making the private key completely invisible to the external environment. Mainstream chips like Intel SGX, AMD SEV, and ARM CCA provide hardware-level isolation and encryption support. Chainlink has introduced TEE into its oracle network for processing sensitive data and proving the integrity of the execution environment to the outside through remote attestation mechanisms.

However, key security is only the first line of defense. In actual deployment, regardless of which key management solution is adopted, a permission control mechanism must be layered on top to prevent Agents from overstepping their authority. Almanak's practice provides a relatively complete reference framework: the platform simultaneously uses TEE to protect strategy logic and private parameters, and inserts a Zodiac Roles Modifier permission layer between the deployment engine and the user's Safe smart account—every transaction initiated by AI must be compared one by one with pre-set contract addresses, functions, and parameter whitelists; transactions that do not meet the authorization range will be automatically rejected.

This implementation of the principle of least privilege has become an important reference for the security design of DeFAI systems. It reveals a deeper logic: the security issues of DeFAI are fundamentally not just about a single technical choice but a system engineering composed of key management, permission boundaries, and execution auditing—any missing link could become the weakest node in the entire chain. This will also be the starting point for the risk analysis in the next chapter.

The Gap Between Reality and Narrative: Core Risk Analysis of DeFAI

The analysis above reveals a core conclusion:

VCX does not gain a premium because of outstanding asset selection or higher return expectations, but because it sells the channel itself. To this end, a question needs to be answered: What kind of product is VCX?

From a legal perspective, it is a closed-end fund registered with the SEC, with transparent holdings and compliant structure, fundamentally indistinguishable from any ordinary stock ETF on the market. However, in terms of actual function, what it sells is not traditional "investment return expectations," but a qualification for access to the asset side—previously only accessible to top VC institutions and accredited investors—packaged into tradable unit shares on the NYSE.

Therefore, the market is willing to pay a 16 to 30 times NAV premium, which is essentially pricing this access right rather than assessing the future earnings of the underlying assets.

From this perspective, the comparison between VCX and MicroStrategy (MSTR) is quite illustrative. On the surface, both are doing similar things: packaging scarce assets (Bitcoin/top-tier Pre-IPO equity) that are difficult to access directly into securities tradable on the secondary market, presenting premiums that far exceed the value of the underlying assets. However, the capital operation logic of the two is fundamentally different:

• MSTR raises funds through continuous issuance of convertible bonds and preferred shares, then adds funds to buy Bitcoin, which gives it the ability to dynamically expand its balance sheet and continuously increase holdings, making its stock price premium have a certain endogenous maintenance basis.
• VCX, on the other hand, is constrained by the structural limitations of closed-end funds: the asset scale is essentially locked after the issuance is completed, unable to continuously buy new assets through refinancing, and the liquidity of holdings highly depends on the IPO or acquisition exit of the underlying companies. Once retail sentiment wanes, or after the six-month lock-up period expires and circulating chips increase, the pressure to narrow its premium will far exceed that of MSTR.

Comparison of VCX and MSTR (Strategy) Models

In other words, MSTR's premium is supported by a continuously operating capital mechanism, while VCX's premium mainly derives from chip scarcity and sentiment-driven factors. There is no right or wrong in this product logic itself, but the risks it entails are harder for the market to price correctly than ordinary closed-end funds:

Once retail investors buy in at prices far exceeding NAV, they are essentially paying not for the value of the assets themselves but for the premium of this access qualification—this premium will face rapid pressure to zero once the underlying company completes its IPO and a direct trading channel forms in the public market.

Trend Judgment

Based on the analysis above, a phased judgment can be made regarding the evolution path of DeFAI. Overall, this sector is at a critical juncture transitioning from concept validation to productization, and its evolution is expected to undergo three progressive stages:

Chart 11: Predicted Development Stages of DeFAI

Note: The table above is based on a comprehensive assessment of publicly available industry reports, project progress, and technological maturity, not a deterministic timeline.

At the current juncture, DeFAI is overall transitioning from a decision-support phase to a semi-autonomous phase—some projects have begun to assume limited autonomous execution capabilities, but human review and fallback mechanisms remain the mainstream deployment form. In this context, combined with the current technological maturity and market conditions, three key judgments are worth focusing on.

First, the essence of most current DeFAI projects remains automated tools rather than truly autonomous Agents. The products currently labeled as "DeFAI" primarily possess the core capability of translating human instructions into preset DeFi operation sequences, essentially resembling efficient execution interfaces rather than autonomous systems with independent reasoning and decision-making capabilities. According to McKinsey's 2025 report, even in general enterprise scenarios, less than 10% of organizations have achieved scaled deployment of AI Agents in any single function. The trust threshold and operational complexity in on-chain scenarios are higher, and there remains a considerable distance from technical demonstration to a true commercial closed loop.

Second, the most mature and easily trusted landing direction for AI Agents is not high-risk autonomous trading but on-chain monitoring, warning, and governance assistance. Scenarios such as 24/7 position monitoring, liquidation warnings, and governance proposal analysis have a relatively high tolerance for LLM hallucinations—output errors do not directly trigger fund losses; on the other hand, they can effectively compensate for human limitations in sustained attention. These scenarios represent a more realistic path for DeFAI to transition from "technical demonstration" to "institutional adoption."

Third, the integration of AI Agents with RWA (Real World Assets) is a cross-direction worth closely monitoring in this sector. According to data from RWA.xyz, as of early April 2026, the total value of on-chain tokenized RWA assets has exceeded $27 billion (excluding stablecoins), covering multiple categories such as U.S. Treasury bonds, private credit, commodities, and corporate bonds. If AI Agents can intervene in managing a combination of RWA including Treasury bonds and stablecoins—for example, automatically adjusting the allocation ratio of the two based on market conditions—the asset scale they can reach will far exceed the current scope dominated by DeFi-native assets, and it is expected to truly bridge on-chain and off-chain asset management, realizing the linkage of Web3 + AI + TraFi, significantly expanding market imagination.

Conclusion

AI Agents and on-chain asset management are at a critical transition from concept validation to productization. The technical feasibility has been preliminarily validated, but challenges facing the industry—from LLM hallucination risks and on-chain data heterogeneity to the lack of trust infrastructure—cannot be solved solely through technological iteration; they require systematic advancement in project architecture design, compliance path planning, security system construction, and business model validation.

This also means that this sector is still in the early stages of construction, and the true competitive landscape has yet to take shape. For teams capable of navigating both Web3 and AI dimensions, the current moment represents a window of opportunity—whether in building more reliable on-chain Agent systems at the execution layer or in bridging key aspects of data, permissions, and trust at the infrastructure layer, there are significant gaps waiting to be filled.

The competitive barriers of DeFAI will ultimately not rest on a single model capability or protocol integration depth but on whether a truly self-consistent closed loop can be built between technology, compliance, and security.

------We are continuously deepening our efforts in this intersection and look forward to exploring the boundaries and possibilities of this field together with like-minded project parties and institutional investors.