BlockSec × Bitget Year-End Joint Report: AI × Trading × Security: Risk Evolution in the Era of Intelligent Trading
- Core Viewpoint: The integration of AI and Web3 is triggering a systemic paradigm shift. Trading, attacks, security, and risk control are simultaneously moving towards a "machine-executable" model, amplifying both efficiency and risks. Building security and compliance infrastructure that aligns with machine execution speed and is enforceable has become crucial for the sustainable development of the industry.
- Key Elements:
- AI Agents are evolving from auxiliary tools into autonomous decision-making systems with planning, invocation, and closed-loop execution capabilities, deeply embedded in the entire chain of Web3 trading, driving the formation of a "machine-executable trading system."
- The three major characteristics of Web3—public data, protocol composability, and irreversible settlement—exponentially amplify both the efficiency advantages and risk hazards of AI. The speed of risk propagation has, for the first time, consistently surpassed the limits of human intervention.
- AI lowers the barrier to vulnerability discovery and attack path generation, pushing attack behaviors towards automation and scale. In 2024, the scale of stolen funds due to hacker attacks exceeded $2 billion.
- The defense system must be upgraded, shifting from passive auditing to an "executable real-time response closed-loop," achieving proactive defense through automated smart contract auditing, abnormal behavior identification, and automated response platforms.
- In the era of machine trading, the core of risk control and compliance shifts towards real-time tracking of address behavior profiles and cross-chain fund paths, and productizing these capabilities into engineering systems that are capable of warning, handling, and auditing.
- Protocols like x402 standardize payments between machines but also introduce new risks of permission abuse and erroneous execution, requiring the establishment of stricter authorization boundaries, fund limits, and audit replay capabilities.
- The key to the sustainable development of an intelligent trading system lies in the simultaneous implementation of "machine-executable" and "machine-constrainable" principles, achieving a balance between efficiency improvement and risk constraint.
Foreword
Over the past year, the role of AI in the Web3 world has undergone a fundamental transformation: it is no longer merely an auxiliary tool helping humans understand information faster and generate analytical conclusions. It has become a core driver for enhancing trading efficiency and optimizing decision-making quality, beginning to deeply embed itself into the entire practical chain of trade initiation, execution, and capital flow. As large language models, AI Agents, and automated execution systems become increasingly mature, the trading model is evolving from the traditional "human-initiated, machine-assisted" approach to a new paradigm of "machine planning, machine execution, human supervision."
Simultaneously, the three core characteristics unique to Web3—public data, protocol composability, and irreversible settlement—endow this automation transformation with a distinct duality: it possesses unprecedented potential for efficiency gains but is also accompanied by a steep risk escalation curve.
This transformation is concurrently shaping three new realities:
First, the disruptive change in trading scenarios: AI is beginning to independently undertake key decision-making functions such as signal identification, strategy generation, and execution path selection. It can even directly complete payments and calls between machines through innovative mechanisms like x402, accelerating the formation of a "machine-executable trading system."
Second, the escalation of risk and attack vectors: When the entire trade and execution process becomes automated, vulnerability comprehension, attack path generation, and illicit fund laundering also become automated and scalable. The speed of risk propagation now consistently surpasses the limits of human intervention—meaning risk spreads faster than humans can react and prevent.
Third, new opportunities in security, risk control, and compliance: Only by similarly engineering, automating, and interfacing security, risk control, and compliance capabilities can an intelligent trading system remain controllable while achieving efficiency gains, enabling sustainable development.
It is precisely against this industry backdrop that BlockSec and Bitget have jointly authored this report. We do not attempt to dwell on the basic question of "whether AI should be used." Instead, we focus on a more practical core issue: as trading, execution, and payments begin to comprehensively move towards machine executability, how is the risk structure of Web3 undergoing deep evolution, and how should the industry reconstruct the underlying capabilities of security, risk control, and compliance to address this transformation? This article will systematically outline the key changes and industry response directions at the intersection of AI, Trading, and Security, focusing on three core dimensions: the formation of new scenarios, the amplification of new challenges, and the emergence of new opportunities.
Chapter 1: The Evolution of AI Capabilities and the Logic of Web3 Integration
AI is transitioning from a mere auxiliary judgment tool to an Agent system possessing planning capabilities, tool invocation capabilities, and closed-loop execution capabilities. Web3 inherently possesses three core characteristics: public data, composable protocols, and irreversible settlement. This makes the benefits of automated applications higher, but simultaneously increases the cost of operational errors and malicious attacks. This essential feature dictates that when discussing attack and defense or compliance issues in the Web3 domain, it is not simply about applying AI tools to existing processes, but rather a comprehensive systemic paradigm shift—trading, risk control, and security are all moving towards machine-executable models simultaneously.
1. The Capability Leap of AI in Financial Trading and Risk Control: From "Auxiliary Tool" to "Autonomous Decision-Making System"
If we view the changing role of AI in financial trading and risk control as a clear evolutionary chain, the most critical demarcation point lies in whether the system possesses closed-loop execution capability.
Early rule-based systems were more like "automated tools with brakes." Their core function was translating expert experience into explicit threshold judgments, blacklist/whitelist management, and fixed risk control strategies. The advantage of this model lies in its explainable logic and low governance cost, but its drawbacks are also evident: extremely slow reaction to new business models and adversarial attack behaviors. As business complexity increases, rules continuously accumulate, eventually forming a massive, difficult-to-maintain "strategy debt" mountain, severely constraining system flexibility and response efficiency.
Subsequently, machine learning technology pushed risk control into a new phase of statistical pattern recognition: Through feature engineering and supervised learning algorithms, it achieved risk scoring and behavior classification, significantly improving risk identification coverage. However, this model heavily relies on historical labeled data and stable data distribution, suffering from the classic "distribution drift problem"—the historical data patterns the model relies on during training become invalid in practical application due to changes in market environment, upgrades in attack methods, etc., leading to a sharp drop in model accuracy (essentially, historical experience no longer applies). Once attackers change attack paths, perform cross-chain migrations, or split funds more finely, the model exhibits significant judgment bias.
The emergence of large language models and AI Agents has brought revolutionary changes to this field. The core advantage of AI Agents lies not only in being "smarter"—possessing stronger cognitive and reasoning abilities—but also in being "more capable"—possessing complete process orchestration and execution capabilities. It upgrades risk handling from traditional single-point prediction to full-process closed-loop management, including identifying abnormal signals, supplementing correlative evidence, associating related addresses, understanding contract behavior logic, assessing risk exposure, generating targeted handling suggestions, triggering control actions, and producing auditable records—a complete series of steps. In other words, AI has evolved from "telling you there might be a problem" to "helping you handle the problem to an actionable state."
This evolution is equally significant on the trading side: upgrading from the traditional manual process of reading research reports, analyzing indicators, and writing strategies to a fully automated process where AI automatically captures multi-source data, generates trading strategies, executes orders, and optimizes through review. The system's action chain increasingly resembles an "autonomous decision-making system."
However, it is crucial to be vigilant: once entering the autonomous decision-making system paradigm, risks escalate simultaneously. Human operational errors are typically low-frequency and inconsistent, while machine errors often exhibit high-frequency, replicable characteristics and can be triggered at scale simultaneously. Therefore, the real challenge in applying AI in financial systems is not "whether it can be done," but "whether it can be done within controllable boundaries." These boundaries include clear permission scopes, capital amount limits, callable contract ranges, and the ability to automatically downgrade or perform emergency stops when risks arise. This issue is further amplified in the Web3 domain, primarily due to the irreversibility of on-chain transactions—once an error or attack occurs, capital losses are often irrecoverable.
2. The Amplification Effect of Web3's Technical Structure on AI Applications: Public, Composable, Irreversible
As AI evolves from an "auxiliary tool" to an "autonomous decision-making system," a key question arises: what chemical reaction occurs when this evolution combines with Web3? The answer is: Web3's technical structure amplifies both the efficiency advantages and risk hazards of AI—exponentially boosting the efficiency of automated trading while significantly expanding the impact scope and destructive potential of underlying risks. This amplification effect stems from the superposition of Web3's three structural characteristics: public data, protocol composability, and irreversible settlement.
From an advantage perspective, Web3's core appeal to AI first comes from the data layer. On-chain data is inherently public, transparent, verifiable, and traceable, providing risk control and compliance with a transparency advantage traditional finance can hardly match—you can clearly see fund movement trajectories, cross-protocol interaction paths, and fund splitting and aggregation processes on a unified ledger.
However, on-chain data also presents significant comprehension difficulties: address "semantic sparsity" (i.e., on-chain addresses lack clear identity markers, making it hard to associate them with real entities), large volumes of invalid noise data, and severe fragmentation of cross-chain data. If genuine business behaviors intertwine with behaviors aimed at obfuscating fund sources, simple rules are insufficient for effective differentiation. This makes understanding on-chain data itself a high-cost engineering task: requiring deep integration of transaction sequences, contract call logic, cross-chain message passing, and off-chain intelligence information to arrive at explainable, trustworthy conclusions.
A more critical impact comes from Web3's composability and irreversibility. Protocol composability greatly accelerates financial innovation. A trading strategy can flexibly combine modules like lending, decentralized exchanges (DEXs), derivatives, and cross-chain bridges like Lego bricks, forming innovative financial products and services. However, this characteristic also significantly accelerates risk propagation speed. A minor flaw in one component can rapidly amplify along the "supply chain" and even be quickly reused by attackers as an attack template (using "supply chain" here instead of "dependency chain" makes it easier for the public to understand the interconnectedness of risk transmission).
Irreversibility drastically increases the difficulty of post-incident handling. In traditional financial systems, when erroneous transactions or fraudulent activities occur, you might still rely on transaction reversal, payment refusal, or inter-institutional compensation mechanisms to recover losses. But in the Web3 domain, once funds complete cross-chain transfers, enter mixing services, or are rapidly dispersed to numerous addresses, the difficulty of fund recovery increases exponentially. This characteristic forces the industry to shift the focus of security and risk control from traditional "post-hoc explanation" to "pre-warning and real-time blocking"—only by intervening before or during a risk event can losses be effectively reduced.
3. Differentiated Integration Paths for CEXs and DeFi: The Same AI, Different Control Planes
After understanding the amplification effect of Web3's technical structure, we must also face a practical issue: while both are introducing AI technology, the application focus for centralized exchanges (CEXs) and decentralized finance (DeFi) protocols differs. The core reason lies in the fundamental difference in the "control plane" (a network engineering term, here specifically referring to the ability to intervene in funds and protocols) each possesses.
Even when applying AI to trading and risk control, CEXs and DeFi naturally have different emphases. CEXs possess a complete account system and a strong control plane, enabling them to conduct KYC (Know Your Customer)/KYB (Know Your Business), set trading limits, and establish procedural handling mechanisms for freezing and rollback. The value of AI in CEX scenarios often manifests as more efficient review processes, more timely identification of suspicious transactions, and more automated generation of compliance documentation and audit record retention.
Due to the core characteristic of decentralization, DeFi protocols have relatively limited intervention means (i.e., control plane). They cannot directly freeze user accounts like CEXs, resembling more of an open environment with a "weak control plane + strong composability." Most DeFi protocols themselves lack fund freezing capabilities. Actual risk control points are dispersed across multiple nodes: front-end interaction interfaces, API layers, wallet authorization steps, and compliance middleware layers (e.g., risk control APIs, risk address lists, on-chain monitoring and alert networks).
This means AI applications in the DeFi domain emphasize real-time understanding and early warning capabilities more, including early detection of abnormal transaction paths, early identification of downstream risk exposures, and rapid dissemination of risk signals to nodes with actual control power (such as trading platforms, stablecoin issuers, law enforcement partners, or protocol governance bodies)—similar to how Tokenlon performs KYA (Know Your Address) scans on transaction-initiating addresses, directly denying service to known blacklisted addresses, thereby completing interception before funds enter uncontrollable zones.
From an engineering implementation perspective, this difference in control plane determines the specific form of AI capabilities: In CEX scenarios, AI resembles more of a high-throughput decision support and automated operations system, with the core goal of improving the efficiency and accuracy of existing processes. In DeFi scenarios, AI resembles more of a continuously running on-chain situational awareness and intelligence distribution system, with the core goal of achieving early risk discovery and rapid response. While both will move towards Agentification, their constraint mechanisms differ significantly: CEX constraints stem more from internal rules and account permission management, while DeFi constraints rely more on programmable authorization, transaction simulation verification, and whitelist management of contract callable ranges.
4. AI Agents, x402, and the Formation of Machine-Executable Trading Systems: From Bot to Agent Network
Past trading bots (Bots) were often simple combinations of fixed strategies and fixed interfaces, with relatively singular automation logic. AI Agents, however, are closer to generalizable executors—they can autonomously select tools, combine execution steps, and self-correct and optimize based on feedback for specific goals. But for AI Agents to truly possess complete economic agency, two core conditions are indispensable: first, clear programmable authorization and risk control boundaries; second, machine-native payment and settlement interfaces. The emergence of the x402 protocol precisely meets the second core condition. By embedding into standard HTTP semantics, it extracts the payment step from human interaction flows, enabling clients (AI Agents) and servers to complete efficient machine-to-machine transactions without the need for accounts, subscription services, or API Keys.
Once payment and invocation processes become standardized, the machine economy will exhibit a new organizational form: AI Agents will no longer be limited to single-point task execution but can form continuous closed loops of "paid invocation - data acquisition - decision generation - trade execution" across multiple services. However, this standardization also gives risks standardized characteristics: payment standardization will spawn automated fraudulent behaviors and money laundering service calls; strategy generation standardization will lead to the proliferation of replicable attack paths.
Therefore, the core logic that needs emphasis here is: The integration of AI and Web3 is not simply connecting AI models to on-chain data; it is a profound systemic paradigm shift. Specifically, both trading and risk control are moving towards machine-executable models simultaneously. In a machine-executable world, a complete infrastructure must be established where machines can act, be constrained, be audited, and be blocked. Otherwise, the benefits brought by efficiency gains will be completely offset by losses caused by risk spillover.
Chapter 2: How AI is Reshaping Web3 Trading Efficiency and Decision Logic
1. Core Challenges of the Web3 Trading Environment and AI's Intervention Points
One of the core structural problems facing the Web3 trading environment is the liquidity fragmentation caused by the coexistence of centralized exchanges (CEXs) and decentralized exchanges (DEXs)—liquidity is dispersed across different trading venues and different blockchain networks. This often leads to inconsistencies between the price users "see" and the "price/size actually available for execution." AI plays a key scheduling layer role in this scenario, providing users with optimal trade order distribution and execution path suggestions based on multi-dimensional factors like market depth, slippage cost, transaction fees, routing paths, and latency, effectively improving execution efficiency.
The high volatility, high risk, and information asymmetry in the crypto market have long existed and are further amplified during event-driven market movements. One of AI's core values in alleviating this issue is expanding information coverage—structurally aggregating and analyzing project announcements, on-chain fund data, social media sentiment, and professional research materials, helping users quickly establish a basic understanding of project fundamentals and potential risk points, thereby reducing decision bias caused by information asymmetry.
Using AI to assist trading is not new, but AI's role in trading is gradually deepening from "assisting in reading information" to the core links of "signal identification - sentiment analysis - strategy production." For example, real-time identification of abnormal fund flows and whale address fund migrations, quantitative analysis of social media sentiment and project narrative热度, and automatic classification and alerts of market states (trending/consolidating/volatility expansion). These capabilities are more likely to form scalable application value in the Web3 market environment characterized by high-frequency information interaction.
However, it is necessary to simultaneously emphasize the boundaries of AI application: the price efficiency and information quality of the current crypto market remain unstable. Once the upstream data processed by AI contains noise interference, manipulation, or erroneous attribution, the classic "garbage in, garbage out" problem occurs. Therefore, when evaluating AI-generated trading signals, the credibility of information sources, the completeness of the logical evidence chain, the clear expression of confidence levels, and counterfactual verification mechanisms (i.e., whether signals can be cross-verified across multiple dimensions) are more critical than the "signal strength" itself.
2. Industry Landscape and Evolution Direction of Web3 Trading AI Tools
Currently, the evolution direction of AI tools embedded within exchanges is shifting from traditional "market interpretation" to "full trading process assistance," placing greater emphasis on unified information views and information distribution efficiency. Taking Bitget's GetAgent as an example, its positioning leans more towards a general-purpose trading information and investment advisory tool: by presenting key market variables, potential risk points, and core information highlights in a more accessible way, it effectively alleviates user barriers in information acquisition and professional comprehension.
On-chain Bots and Copy Trading represent the diffusion trend of automation on the execution side. Their core advantage lies in transforming professional trading strategies into replicable, standardized execution processes, lowering the trading threshold for ordinary users. In the future, an important source for copy trading may come from quantitative trading teams or systematic strategy providers based on AI technology. However, this transforms the "strategy quality" issue into the more complex issue of "strategy sustainability and explainability"—users not only need to know a strategy's past performance but also need to understand its underlying logic, applicable scenarios, and potential risks.
Special attention must be paid to market capacity and strategy crowding issues: when large amounts of capital act simultaneously under similar signals and similar execution logic, trading profits are quickly compressed, and market impact costs and capital drawdowns are significantly amplified. Especially in on-chain trading environments, factors like slippage volatility, MEV (Maximal Extractable Value) influence, routing path uncertainty, and instantaneous liquidity changes further amplify the negative externalities of "crowded trades," leading to actual returns far below expectations.
Therefore, a more neutral and rational conclusion is: the more automated the form of AI trading tools becomes, the more necessary it is to discuss their capability descriptions alongside constraint mechanisms. These constraint mechanisms include clear strategy applicability conditions, strict risk upper limits, automatic shutdown rules under abnormal market conditions, and auditable capabilities for data sources and signal generation processes. Otherwise, "efficiency improvement" itself may become a channel for risk amplification, causing unnecessary losses for users.
