OKX's Gracie Lin Says AI Agents Need Sub-Cent Payments as Bank Rails Slow Tasks

The Impasse of Human-Centric Systems

The modern internet is plagued by a quiet, fundamental friction. For decades, the architecture of web security and electronic payments has been built on a single, binary premise: “Prove you are human.”

Every CAPTCHA, one-time code, and redirect page functions as a digital checkpoint designed to defend platforms against automated abuse. But as autonomous artificial intelligence agents begin browsing e-commerce storefronts, comparing market liquidity, and executing transactions on behalf of users, these legacy defenses instantly transform from vital shields into operational roadblocks.

According to Gracie Lin, CEO of OKX SG, this collision represents a critical turning point for digital infrastructure.

“Yes, it’s a real tension,” Lin notes. “Every friction point we encounter online was designed with a human on the other end. CAPTCHAs, one-time codes, redirect pages—all assume someone is sitting there reading and clicking. When the actor is an AI agent, those same mechanisms become blockers.”

In an ecosystem built for humans, an AI agent faces an existential crisis at checkout. Behavioral biometrics mistake an agent’s structured programmatic interactions for malicious hacking. Multi-factor authentication loops destroy automation by demanding a human-in-the-loop to input a text code. Meanwhile, web application firewalls flag high-velocity price comparisons as distributed denial-of-service, or DDoS, attacks.

This friction is particularly acute in the digital asset sector. “In crypto, agents are increasingly being used to execute trades, manage wallets, and interact with onchain services autonomously,” Lin explains.

For those outside the crypto ecosystem, an obvious question arises: Why not just upgrade traditional banking? The issue, Lin points out, is foundational.

“Traditional banking was built around human actors: people authorizing transactions, banks verifying identity, settlement taking days,” Lin explains. “You can upgrade parts of that, but you’re still working within architecture that assumes a person is involved at every critical step. Blockchain doesn’t make that assumption.”

When an agent needs to execute hundreds of sub-cent micropayments across different APIs to complete a single complex task, legacy settlement rails fail. “For an AI agent making hundreds of micro-payments across different services to complete a single task, the traditional system simply doesn’t work at that speed or scale,” Lin says. Blockchain networks natively offer the programmatic, instant, and borderless infrastructure this machine economy requires.

The Liability Vacuum: Defining Agent Accountability

As these agents scale, they introduce severe technical risks, such as indirect prompt injection—where malicious, hidden website text can hijack an agent’s programming to steal assets. This reality exposes a glaring, unresolved dilemma: If an AI makes a disastrous purchase or gets hacked, who is responsible?

“I’ll be upfront: I’m not a legal expert, and this is genuinely one of those areas where the law is still catching up to the technology,” Lin admits. “What I can speak to is the responsibility question at the infrastructure level. For any player in this space, it’s important to bake accountability into AI tools from day one.”

While global regulators scramble to draft legal definitions, users cannot be left vulnerable. The solution requires hardcoded boundaries.

“Control has to be designed in from the start,” Lin emphasizes. “The agent should only have access to what it needs for the task at hand, not a blank check. That means permissioned access: if an agent isn’t authorized to trade, it simply shouldn’t be able to attempt it.”

To enforce this, Lin argues that next-generation infrastructure must rely on three core security pillars. First, an AI model must never have direct access to root financial keys. “Your private keys should be secured in a protected environment the model never touches,” Lin says, suggesting isolation inside hardware security modules or smart contract vaults.

Second, before an agent’s payload executes, it must run in an isolated sandbox to unmask the exact movement of funds. “Transactions… can be simulated before execution happens and anything flagged as high-risk can be blocked automatically,” Lin explains.

Lastly, agents must prove their identity via public- private key pairs rather than human behavioral tracking. If a request crosses pre-set risk thresholds, it is instantly blocked or flagged for manual human sign-off.

“The technology to do all of this exists today on crypto rails,” Lin reveals. “The question is whether the people building these tools prioritize it.”

The Fork in the Road: Monopolies vs. Open Standards

As the machine economy hardens, a pivotal question emerges: Will a handful of Big Tech companies control how AI agents spend our money, or will the future remain open? Proprietary, closed-loop agent layers risk creating corporate gatekeepers that monopolize user data and restrict merchant access.

Lin warns that this risk is imminent: “There’s a real version of this future where a few platforms control the agent layer and by extension how AI spends your money. It should be open, and at OKX we are trying to set a good example.”

To counter this, platforms are shipping functional, decentralized tools. The OKX agent trade kit, for example, is fully open-source under an MIT license with its code publicly auditable on Github, while the Agent Payments Protocol establishes an open standard that any chain or developer can implement. Because open blockchain infrastructure isn’t owned by any single entity, it preserves a neutral, competitive landscape.

“If the payment rails and protocols are built as open standards now, while the architecture is still being decided, the competitive landscape stays open for everyone,” Lin says. “The window to get this right is now.”