Key Highlights
- Ledger is moving beyond hardware wallets to secure AI agents, digital identities, and the emerging agentic economy.
- The 2026 roadmap covers agent identities, policies, and human layers to facilitate safe and regulated AI operations.
- Ledger draws attention to risks such as prompt injection attacks and device vulnerability.
Hardware wallet maker Ledger today revealed a suite of security measures and a 2026 roadmap aimed at protecting AI agents. The move aims to provide the essential building block for the agentic economy, where autonomous systems can access critical assets such as wallets and data without human intervention.
In a blog post, Ledger highlighted the increased dangers that exist when using AI agents. As agents become more autonomous, being able to control emails, calendar events, documents, browsing, and payments, they may be exposed to the “lethal trifecta” consisting of prompt injection, autonomous execution, and direct interaction with real resources.
The increasing challenges
“Even mundane actions such as opening an email can turn a good AI into a bad actor stealing your data or your money,” the company warns, referencing “Computer Security Apocalypse,” the term used by industry leaders, including Marc Andreessen.
In response, Ledger is expanding beyond its core crypto hardware business into AI-native security. Ian Rogers, the Chief Experience Officer at Ledger, has been promoted to Chief Human Agency Officer, a newly created role intended to ensure users remain secure and in control in an increasingly agent-driven environment.
Five years after joining Ledger, Rogers said the company has shifted its focus from securing digital assets to securing digital identity, which Ledger refers to as “Proof of You.”
Phased rollout
The roadmap includes quarterly rollouts:
Q2 2026: Agent identity backed by hardware, and programmable skills & CLI control. On-chain identities verifiable by Ledger devices will be provided to agents, doing away with spoofable soft credentials. Access to the complete Ledger wallet stack through skills will enable developers of AI tools.
Q3 2026: Agent Intents & Policies. User authentication in a loop will mandate physical presence at a trusted Ledger screen. Hardware-enforced policies like daily limits will direct any suspicious actions to the person.
Q4 2026: Proofs of human attestations. Cryptographic proofs will validate that the person is indeed not a bot, making sure that platform operators can fight multi-accounting and spam.
Recently discovered vulnerability
Meanwhile, Ledger Security’s Donjon team recently discovered a vulnerability in Android devices equipped with MediaTek chips. The team found the weakness in the secure booting process, which allows a malicious user to get access to the mobile’s PIN and compromise the crypto wallets’ private keys within a minute.
If a hacker establishes a USB connection with the phone before its operating system completes loading, it can access the root encryption keys used to secure the data stored on the phone. Once the keys are retrieved, it is possible to decrypt the phone’s storage offline, giving access to the seed phrases of crypto wallets.
What’s next
This initiative reflects Ledger’s shift from being a primarily consumer crypto hardware brand to becoming an infrastructure for the AI world. By anchoring AI security in physical hardware, the company aims to ensure that increased autonomy does not come at the cost of human ownership and control.
As AI agents become digital co-workers, having real-world access as well as authority, Ledger’s approach could establish a new standard for secure deployment.
Also Read: Ethereum Foundation Launches $1M Audit Subsidy Program for Developers
