Overview
The survey compiles a broad, recent literature base and practical artifacts; it is immediately useful for system design but is a synthesis rather than a single validated implementation.
Citations0
Evidence Strength0.75
Confidence0.82
Risk Signals12
Trust Signals
Findings with numeric evidence: 5/5
Findings with evidence refs: 5/5
Results with explicit delta: 0/4
Reproducibility
Status: Code + data available
Open source: Partial
At A Glance
Cost impact: 65%
Production readiness: 40%
Novelty: 55%
Why It Matters For Business
Connecting AI agents to blockchains can automate treasury, trading and governance but also creates irreversible financial and governance risk; invest in intent typing, policy gates, hardened custody, and MEV-aware execution before granting any agent signing power.
Who Should Care
Summary TLDR
This paper surveys how LLM-driven autonomous agents can safely interact with public blockchains. The authors reviewed 3,270 records and synthesized 317 relevant works, coded 85 systems in depth, and compared 20+ platforms across custody, policy, observability, and execution. They propose a five-part integration taxonomy (read-only → multi-agent workflows), a threat model focused on prompt injection, MEV and key compromise, and a practical roadmap: standardize Transaction Intent Schema (TIS) and Policy Decision Record (PDR) plus reproducible benchmarks and evaluation checklists.
Problem Statement
Connecting probabilistic, tool-using AI agents to immutable blockchains creates unique risks: irreversible financial loss, bearer-key authorization, adversarial transaction ordering (MEV), and cross-chain complexity. We need standardized, auditable interfaces and enforcement layers so agents can plan and act without exposing users and protocols to unacceptable economic or governance risk.
Main Contribution
A five-part taxonomy of agent→chain integration patterns from read-only analytics to multi-agent workflows.
A threat model tailored to agent-driven transaction pipelines, mapping attack classes across observe→verify stages.
Key Findings
Systematic literature review found 317 relevant works from 3,270 records.
85 systems were coded in depth and 20+ representative systems were analyzed across 13 dimensions.
Results
| Metric | Value | Baseline | Delta | Split / Dataset | Evidence | Evidence Ref |
|---|---|---|---|---|---|---|
| Records screened | 3,270 | — | — | — | Identification and screening counts in PRISMA-style flow | Section 2.4 |
| Studies included in qualitative synthesis | 317 | — | — | — | Final qualitative corpus size | Section 2.4 |
What To Try In 7 Days
Run a small pilot: agent generates TIS-style intents but humans sign every transaction.
Add preflight simulation to any production transaction pipeline (forked state test before sign).
Audit wallet flows: move from raw keys to session keys or smart-account modules with strict spend limits.
Agent Features
Memory
Planning
Tool Use
Frameworks
Is Agentic
Yes
Architectures
Collaboration
Optimization Features
Token Efficiency
Infra Optimization
Model Optimization
System Optimization
Inference Optimization
Reproducibility
Risks & Boundaries
Limitations
Focuses on public, permissionless blockchains (mainly Ethereum/EVM); private chains get limited coverage.
Emphasizes LLM-based agents; other agent paradigms (pure RL) receive limited treatment.
When Not To Use
For fully autonomous high-frequency trading without hardened MPC or TEE custody.
When target execution venues do not support account abstraction or intent-based settlement.
Failure Modes
Prompt injection steering the planner to malicious intents.
Tool/data-plane spoofing (compromised RPC or oracle) causing unsafe decisions.