an AI agent accidentally sent $450K this weekend because it read sentiment instead of the amount.
everyone's takeaway: "add better guardrails."
wrong lesson.
if an agent touches money, the constraints need to be in the protocol - not the prompt. hardcoded limits. contract-level fee routing. spending caps the agent literally can't override.
we keep giving agents wallets and hoping they'll be careful. but "careful" isn't a property of software. it's a property of infrastructure.
