arXiv: Can Trustless Agents Be Trusted? An Empirical Study of the ERC-8004 Decentralized AI Agent Ecosystem

This paper, published on arXiv, presents an empirical study of the ERC-8004 decentralized AI agent ecosystem, focusing on the practical trustworthiness of so-called "trustless" agents. It does not introduce a new regulation but provides critical evidence that current decentralized AI agents, operating under the ERC-8004 standard, exhibit significant vulnerabilities, including susceptibility to manipulation, data poisoning, and failures in autonomous decision-making. The study challenges the assumption that blockchain-based agent systems are inherently secure and reliable.

The primary affected organizations are those developing or deploying decentralized AI agents, particularly in the DeFi, supply chain, and automated compliance sectors. This includes fintech firms, blockchain startups, and any enterprise using autonomous agents for contract execution, data verification, or risk assessment. Regulators and compliance teams monitoring AI safety under frameworks like the EU AI Act will also need to consider these findings as they assess systemic risks from autonomous systems.

Compliance teams should immediately review any reliance on ERC-8004 or similar decentralized agent architectures for critical operations. Conduct a risk assessment of agent autonomy levels, data input validation, and fallback mechanisms. Engage with technical teams to implement human-in-the-loop oversight for high-stakes decisions and prepare to document these vulnerabilities in AI risk registers, as they may affect conformity assessments under emerging AI safety regulations.