DeFAI Tools Overview: How AI Agents Power On-Chain Asset Management

Written by: GO2MARS

Before diving into the analysis, it is essential to clarify a core concept: DeFAI.

DeFAI is an abbreviation for the fusion of DeFi (Decentralized Finance) and AI (Artificial Intelligence), referring to the integration of AI agents into on-chain financial scenarios, enabling them to perceive market conditions, autonomously formulate strategies, and execute on-chain operations directly—thereby performing traditional financial tasks such as asset allocation, risk management, and protocol interactions without requiring real-time human intervention.

In short, DeFAI is not merely an AI-enhanced version of DeFi tools, but an attempt to build a self-operating financial execution layer on-chain.

This sector has rapidly gained momentum since Q4 2024, driven by three landmark events that correspond to three levels of AI Agent integration into Web3: narrative expansion beyond niche circles, building assetized infrastructure, and genuine execution capabilities in practice.

The first event occurred in July 2024. The Twitter bot Truth Terminal, built by developer Andy Ayrey, went viral after receiving a $50,000 BTC grant from a16z co-founder Marc Andreessen, sparking the explosive spread of the GOAT token. This marked the first time an AI agent truly entered the public consciousness as a participant in on-chain economics.

The second event occurred in October of the same year. Virtuals Protocol gained widespread popularity on the Base network by tokenizing AI agents themselves, with its ecosystem's market capitalization peaking above $3.5 billion, becoming a representative example of asset infrastructure development in the DeFAI sector.

The third event is the on-chain execution layer deployment of projects such as Giza, HeyAnon, and Almanak, driving the industry from narrative-driven to product-oriented phase—AI Agents are now truly "taking action" by performing on-chain operations, rather than merely engaging in information exchange.

From a global market perspective, multiple research institutions have highly consistent growth projections for the AI Agent sector:

Chart 1: Comparison of Global AI Agent Market Size Projections, Data Source: MarketsandMarkets (2025), Grand View Research (2025), BCC Research (January 2026)

However, a significant gap remains between capital enthusiasm and industrial adoption. According to McKinsey’s November 2025 report, “The State of AI in 2025” (based on 1,993 respondents across 105 countries), although 88% of organizations are already using AI in at least one business function, nearly two-thirds remain in the experimentation or pilot phase. Specifically in the AI Agent domain: 62% of organizations have begun experimenting, 23% are advancing scaling in at least one function, but fewer than 10% have achieved scaled deployment in any single function.

This data suggests that the narrative momentum around the DeFAI sector still outpaces its actual progress. Understanding this gap is essential for an objective evaluation of the sector’s value.

To understand how DeFAI works, you first need to answer a key question: Through what mechanism does AI intervene in on-chain financial operations?

The core execution unit of the DeFAI system is an AI Agent built on large language models. According to the academic review by Wang et al. (2023), its core capabilities can be summarized into a three-layer architecture, with each layer fulfilling specific functions in on-chain scenarios:

• The planning layer is responsible for breaking down objectives and optimizing pathways, corresponding to strategy generation and risk assessment in on-chain scenarios;
• The memory layer enables cross-period information accumulation through external storage such as vector databases, storing historical market data and protocol states;
• Tool layer enhances model capabilities by enabling it to interact with external systems such as DeFi protocols, price oracles, and cross-chain bridges.

However, it is important to clarify that AI models cannot directly interact with blockchains. Nearly all current DeFAI systems employ an architecture that separates off-chain inference from on-chain execution—AI agents perform strategy calculations off-chain and then convert the results into on-chain transaction signals, which are submitted by an execution module. This architectural design is both a practical choice given current technological constraints and introduces a range of security considerations, including private key authorization and permission management.

An AI agent is fundamentally an autonomous decision-making system based on large language models, achieving closed-loop execution through task decomposition, memory management, and tool invocation, and interactions between AI agents and on-chain assets have already begun to take shape.

Chart 2: Three-Layer Architecture of AI Agent

After clarifying DeFAI's technological foundation, a natural question arises: How did this system evolve to where it is today?

According to The Block’s research, the evolution of DeFAI has not been instantaneous but has occurred in two distinct phases—from early interactive agents focused on information processing to today’s execution systems capable of directly engaging in on-chain operations.

They differ fundamentally in target positioning, technical approaches, and risk levels.

Chart 3: Comparison of the Two Phases of DeFAI Evolution

The two-stage evolution can be understood as follows:

The first wave consists of interactive agents, focusing on building conversational and analytical agent frameworks. Representative projects include Eliza (originally ai16z) and Virtuals' G.A.M.E. At this stage, the core function remains informational—agents can read, speak, and analyze, but their capabilities are limited to the information layer and do not extend to executing any asset operations.

The second wave consists of execution-oriented DeFAI agents, truly completing the decision-execution loop. Representative projects include HeyAnon, Wayfinder, Giza (ARMA Agent), and Almanak. These systems share a common characteristic: AI operates off-chain, generating structured strategy signals that are then executed on-chain via dedicated execution modules. Rather than replacing existing DeFi protocols, they introduce an AI-driven decision layer atop them, transforming the entire workflow from “human instruction” to “autonomous agent execution.”

The essential difference between the two waves lies not in technical complexity, but in whether they truly interact with assets. This determines that the second wave faces far more complex challenges in trust mechanisms, permission design, and security architecture—precisely what the next chapter will focus on.

From technical architecture to evolution roadmap, what DeFAI can do is becoming increasingly clear. So, what real problems is it solving at the product level?

Overall, DeFAI application exploration has now established a relatively mature landscape centered around four core directions, addressing the key pain points in on-chain operations: yield efficiency, strategy execution, interaction barriers, and risk management.

Yield Optimization: Automated Rebalancing Across Protocols

Yield optimization is the most maturely implemented DeFAI use case today. Its core logic involves continuously scanning the annualized deposit yields of major DeFi protocols such as Aave, Compound, and Fluid, evaluating whether rebalancing is needed based on predefined risk parameters, and performing a transaction cost analysis before each action—only transferring funds when the increased yield sufficiently covers all gas and transaction fees, thereby achieving automated, cross-protocol optimal allocation.

Taking Giza as an example, its ARMA Agent launched a stablecoin yield strategy on the Base network in February 2025, continuously monitoring interest rate fluctuations across protocols such as Aave, Morpho, Compound, and Moonwell. It intelligently allocates user funds by comprehensively evaluating protocol APYs, fee costs, and liquidity to maximize returns. According to public data, ARMA currently has approximately 60,000 unique holders and over 36,000 deployed Agents, managing an assets-under-administration (AUA) of more than $20 million.

In a market environment where DeFi protocol yields continue to fluctuate, the efficiency and timeliness of manual monitoring and manual rebalancing fall far short of automated systems—this is precisely the core value of this scenario.

Chart 4: Example of the ARMA Agent on the Giza Platform

Quantitative Strategy Automation: Democratizing Institutional-Level Capabilities

In automated quantitative strategy scenarios, the DeFAI platform aims to modularize and automate the entire workflow of traditional quantitative teams, enabling individual users to access institutional-grade strategy execution capabilities.

Taking Almanak, supported by Delphi Digital, as an example, its AI Swarm system breaks down the quantitative process into four stages:

• The strategy module supports writing investment logic and performing backtesting using the Python SDK.
• After obtaining user authorization, the execution engine automatically runs approved strategy code and triggers DeFi calls;
• The secure wallet builds a multi-signature system on Safe + Zodiac, granting AI agents execution rights through role-based permissions, ensuring funds remain under user control at all times.
• The strategy vault packages strategies as tradable vaults compliant with the ERC-7540 standard, allowing investors to participate in strategy returns in a manner similar to purchasing fund shares.

The significance of this architecture lies in the AI agent handling data analysis, strategy iteration, and risk management, allowing users to simply perform final oversight of the system’s outputs without needing to assemble a professional quantitative team—achieving what the project claims as “democratization of institutional-grade strategies.”

Chart 5: Homepage screenshot of the Almanak platform

Natural language command execution: Make DeFi operations as simple as sending a message.

The core of this scenario is intent-based DeFi: using natural language processing, users issue trading commands in everyday language, and the AI interprets them and converts them into multi-step on-chain operations, significantly lowering the barrier to entry for average users.

HeyAnon has built a DeFAI chat platform where users input commands via a chat interface, and the AI executes on-chain actions such as token swaps, cross-chain bridging, lending, and staking. It integrates protocols like LayerZero and Aave v3, and supports deployment across multiple chains including Ethereum, Base, and Solana.

Chart 6: Homepage screenshot of the HeyAnon platform

Wayfinder, backed by Paradigm, offers advanced cross-chain trading services. Its AI agents, called Shells, automatically find the optimal trading paths across different blockchains and execute operations such as cross-chain transfers, token swaps, or NFT interactions—without requiring users to manage underlying technical details like gas fees or cross-chain compatibility.

Figure 7: Homepage screenshot of the Wayfinder platform

Overall, natural language interfaces significantly lower the barrier to using DeFi, but they also demand higher accuracy in interpreting underlying intentions—any misinterpretation by the AI could lead to outcomes that differ greatly from the user’s expectations.

Risk Management and Liquidation Monitoring: On-chain Protocol-Embedded Mechanisms

In DeFi lending and leverage scenarios, the most common application of AI agents is real-time monitoring of on-chain position health and automatically executing protective actions before the liquidation threshold is reached. This critical use case is gradually being integrated into major DeFi protocols as a native feature.

• Aave measures position safety using a "health factor"; when the health factor falls below 1.0, the borrower's position becomes eligible for liquidation.
• Compound uses a "Liquidation Collateral Factor" mechanism, which triggers liquidation when the account's borrowed balance exceeds the upper limit set by this factor; the specific parameters for each collateral asset are set individually via on-chain governance.

Manual monitoring struggles to maintain consistent response efficiency in 24/7 highly volatile on-chain markets; AI agents enable continuous tracking, intelligent evaluation, and automated intervention, elevating risk control efficiency to levels unattainable by manual or rule-based automated systems.

Chart 8: Four Mainstream Application Scenarios of Agent×DeFi

Overall, the four scenarios described above are not isolated but complement each other around a common thread: yield optimization and automated quantitative strategies cater to advanced users with significant assets, offering core advantages in execution efficiency and strategy precision; natural language interaction aims to lower the operational barrier for average users; and risk management serves as the underlying security layer across all scenarios. Together, they form the foundational implementation framework of DeFAI’s current ecosystem and lay the groundwork for more complex on-chain agent applications in the future.

As previously described, the four major application scenarios—whether yield optimization or automated quantitative strategies—can only be realized under one essential condition: the AI Agent must possess some form of signing authority, i.e., access to the private key. This is the most critical technical challenge in the DeFAI space, and also the one most easily obscured by narrative hype—should the signing mechanism be compromised, all upper-layer strategic capabilities would become meaningless.

Currently, industry-standard private key security solutions fall into two categories: MPC (Multi-Party Computation) and TEE (Trusted Execution Environment). Each differs in its security model, level of automation, and engineering complexity.

Chart 9: Comparison Table of Two Main Approaches to Private Key Security Management

• The core idea of MPC (Multi-Party Computation) is to eliminate single points of failure through key sharding. For example, in a common 2-of-3 threshold signature scheme, even if one key is compromised, an attacker cannot independently complete a signature, leaving funds secure. Vultisig is a representative product in this space—an open-source, multi-chain self-custodial wallet built on MPC/TSS technology, featuring a no-single-mnemonic architecture that combines key security with user self-custody.
• TEE (Trusted Execution Environment) takes another approach: storing the private key alongside proxy code within a hardware-protected isolated enclave. The AI agent performs policy computations and signing inside the enclave, outputting only the signature result to the blockchain, rendering the private key completely invisible to external environments. Major chips such as Intel SGX, AMD SEV, and ARM CCA provide hardware-level isolation and encryption support. Chainlink has integrated TEE into its oracle network to handle sensitive data and uses remote attestation to externally verify the integrity of the execution environment.

However, key security is only the first line of defense. In practical deployments, regardless of the key management scheme used, a permission control mechanism must be layered on top to prevent unauthorized actions by Agents. Almanak’s implementation provides a comprehensive reference framework: the platform simultaneously employs TEE to protect strategy logic and private parameters, and inserts a Zodiac Roles Modifier permission layer between the deployment engine and the user’s Safe smart account—every transaction initiated by AI must be individually matched against a pre-approved whitelist of contract addresses, functions, and parameters; any transaction outside the authorized scope is automatically rejected.

The implementation of this principle of least privilege has become an important reference in DeFAI system security design. It reveals a deeper logic: DeFAI security issues are not merely about selecting individual technologies, but rather a systems engineering challenge formed by the coordinated interaction of key management, permission boundaries, and execution auditing—any missing component could become the weakest link in the entire chain. This serves as the starting point for the risk analysis in the next chapter.

The above analysis reveals a key conclusion:

VCX does not command a premium due to superior asset selection or higher expected returns, but because it sells access to the channel itself. This raises a key question: What kind of product is VCX?

From a legal perspective, it is a closed-end fund registered with the SEC, featuring transparent holdings and a compliant structure, fundamentally no different from any ordinary equity ETF on the market. However, in practical terms, what it offers is not the traditional notion of “investment return expectations,” but rather access to an asset class—previously available only to top-tier VC firms and accredited investors—that has been packaged into tradable units listed on the NYSE.

Therefore, the market is willing to pay a premium of 16 to 30 times NAV, essentially pricing in this access right rather than evaluating the future returns of the underlying assets.

From this perspective, the comparison between VCX and MicroStrategy (MSTR) is highly illustrative. On the surface, both engage in similar activities: packaging scarce assets that are difficult to access directly—bitcoin or top-tier pre-IPO equity—into securities tradable on secondary markets, where they trade at premiums far exceeding the value of the underlying assets. However, their capital allocation strategies differ fundamentally:

• MSTR raises capital through the continuous issuance of convertible bonds and preferred shares, then uses the proceeds to acquire additional Bitcoin. This mechanism endows it with the ability to dynamically expand its balance sheet and continuously increase its Bitcoin holdings, providing an intrinsic foundation for sustaining a premium in its stock price.
• VCX is constrained by the structure of a closed-end fund: its asset size is essentially locked after issuance, preventing further refinancing to continuously acquire new assets, and the liquidity of its holdings heavily depends on IPOs or mergers and acquisitions by the underlying companies. Once retail investor sentiment fades or the six-month lock-up period expires and circulating supply increases, the downward pressure on its premium will far exceed that of MSTR.

Comparison between VCX and MSTR (Strategy) modes

In other words, MSTR’s premium is supported by a continuously operating capital mechanism, while VCX’s premium primarily stems from scarcity of supply and sentiment-driven demand. Neither product logic is inherently right or wrong, but the risks it entails are harder for the market to price accurately than those of a typical closed-end fund:

Once retail investors buy at prices far above NAV, they are not paying for the intrinsic value of the assets themselves, but rather a premium for access—and this premium faces rapid downward pressure once the underlying company completes its IPO and direct trading becomes available on public markets.

Based on the foregoing analysis, we can make a phased assessment of DeFAI’s evolution path. Overall, this sector is currently at a critical juncture transitioning from proof-of-concept to productization, and its development is expected to progress through three sequential stages:

Chart 11: Projection of DeFAI Development Stages

Note: The table above is based on a comprehensive assessment of industry public reports, project progress, and technological maturity, and is not a definitive timeline.

At the current stage, DeFAI as a whole is transitioning from the auxiliary decision-making phase to the semi-autonomous phase—some projects have begun to assume limited autonomous execution capabilities, but human review and fallback mechanisms remain the dominant deployment model. In this context, considering the current level of technological maturity and market conditions, three key judgments warrant close attention.

First, most current DeFAI projects are essentially automation tools rather than truly autonomous agents. Products labeled as “DeFAI” today primarily function by translating human instructions into predefined DeFi operation sequences, making them more akin to efficient execution interfaces than autonomous systems capable of independent reasoning and decision-making. According to McKinsey’s 2025 report, even in general enterprise settings, fewer than 10% of organizations have achieved scalable deployment of AI agents in any single function. The trust barriers and operational complexity in on-chain environments are even higher, meaning there remains a significant gap between technical demonstrations and genuine commercial闭环.

Second, the most mature and easiest-to-gain-institutional-trust application of AI agents is not high-risk autonomous trading, but on-chain monitoring, alerting, and governance assistance. Scenarios such as 24/7 portfolio monitoring, liquidation alerts, and governance proposal analysis are more tolerant of LLM hallucinations—since output errors do not directly lead to financial losses—and effectively compensate for humans’ inherent limitations in sustained attention. These use cases represent a more realistic pathway for DeFAI to transition from “technology demonstration” to “institutional adoption.”

Third, the integration of AI Agents with RWA represents a promising cross-cutting direction worth close attention. According to data from RWA.xyz, as of early April 2026, the total value of on-chain tokenized RWA assets exceeded $27 billion (excluding stablecoins), spanning categories such as U.S. Treasuries, private credit, commodities, and corporate bonds. If AI Agents can manage portfolios combining RWA Treasuries and stablecoins—automatically adjusting allocation ratios based on market conditions—their potential asset scope would far exceed today’s predominantly DeFi-native assets, and could truly bridge on-chain and off-chain assets, enabling synergy among Web3, AI, and TradFi, significantly expanding market potential.

AI agents and on-chain asset management are at a critical stage of transitioning from proof-of-concept to productization. While technical feasibility has been preliminarily validated, the industry faces challenges—ranging from LLM hallucination risks and on-chain data heterogeneity to the absence of trust infrastructure—that cannot be resolved by technological iteration alone. Systematic progress is required in project architecture design, compliance pathway planning, security infrastructure development, and business model validation.

This also means that this sector is still in its early stages of development, and the true competitive landscape has yet to take shape. For teams capable of mastering both Web3 and AI, now is the ideal window to enter—whether by building more reliable on-chain agent systems at the execution layer or by bridging critical gaps in data, access, and trust at the infrastructure layer, significant opportunities remain unfulfilled.

DeFAI’s competitive moat will ultimately not lie in the capability of a single model or the depth of protocol integration, but in its ability to build a truly self-consistent closed loop between technology, compliance, and security.