Open Wallet Standard for AI Agents

The Open Wallet Standard (OWS) is an open-source framework released by MoonPay on March 23, 2026, that provides AI agents with a unified way to hold crypto, sign transactions, and pay for services across every major blockchain, without ever exposing a private key to the agent or its LLM context.

It works with payment protocols such as x402, AP2, and MPP, supports ten chain families through a single interface, and runs locally under the MIT license. For merchants, gateways, and developers building agentic commerce, OWS is the missing wallet layer that turns experimental agent protocols into something production-ready.

This guide covers what the open wallet standard for AI agents actually is, why fragmentation in agent wallets was holding the sector back, how OWS solves it, how to install and use it, and what businesses need to do to be ready for AI-agent payments in 2026.

What is the Open Wallet Standard?

The Open Wallet Standard, often abbreviated as OWS, is a specification for how AI agents interact with wallets. It defines storage, signing, policy enforcement, key isolation, agent access, wallet lifecycle, and chain support across seven sub-specifications. Each can be adopted independently.

The reference implementation ships as a CLI, Node.js SDK, Python SDK, and Model Context Protocol (MCP) server. The MCP piece matters: any agent framework that speaks MCP, including LangChain, can hook into an OWS vault as a native tool, without rebuilding wallet logic from scratch.

A few facts worth pinning down:

• Released: March 23, 2026
• Author: MoonPay
• License: MIT (open source, no royalty, fork-friendly)
• Distribution: GitHub, npm, PyPI, plus a one-line install at openwallet.sh
• Contributors: 15+ organizations, including PayPal, Circle, OKX, Ripple, the Ethereum Foundation, the Solana Foundation, the TON Foundation, Base, Polygon, Sui, Tron, and Mysten Labs
• Chains at launch: EVM, Solana, Bitcoin, Cosmos, Tron, TON, Spark, Filecoin, XRP Ledger

MoonPay didn't release a product called the Open Wallet Standard. It released a specification that anyone can implement, along with a reference implementation. This is the same pattern Ethereum used with its ERC standards.

Why AI agents need a wallet standard

Before OWS, every agent framework rolled its own wallet logic. According to the MoonPay newsroom announcement, the company encountered this issue while building MoonPay Agents in February 2026. Every framework implemented its own key management, every integration built its own signing logic, and a wallet created for one agent couldn’t be used by another.

The practical result was ugly. Private keys ended up in environment variables, plaintext config files, and command-line arguments, any of which could surface in logs. In some cases, they ended up inside the LLM's own context window, which is the worst place a private key can live, because an LLM context can leak into a prompt, a tool call, or a third-party API response.

There was also a fragmentation issue. Four major agent payment protocols existed by early 2026: x402 (created by Coinbase, now governed by the x402 Foundation co-founded with Cloudflare), AP2 from Google, MPP from Stripe and Tempo, and ERC-8004 (Ethereum). Each assumed the agent already had a wallet. None specified where the wallet lived. So funds got siloed across frameworks.

Ivan Soto-Wright, CEO and co-founder of MoonPay, framed it this way in the launch statement: "The agent economy has payment rails. It didn't have a wallet standard. We built one, open-sourced it, and now the full stack exists."

How OWS works under the hood

Four technical mechanics make OWS what it is.

Zero key exposure. Private keys never reach the agent process. According to the OWS specification, keys are encrypted at rest using AES-256-GCM, decrypted only within an isolated signing process to produce a single signature, held in protected memory that cannot be swapped to disk, and then immediately wiped. The agent makes a signing request, and the vault returns a signature. The LLM never sees the key.

One interface for every chain. A single BIP-39 seed phrase derives accounts across all ten supported chain families. Chain identifiers follow CAIP-2/CAIP-10, so the one vault references every account using a standard format – and tools can resolve any address without chain-specific glue.

Policy-gated signing. OWS includes a policy engine that enforces spending limits, allowed recipients, allowed assets, and per-protocol caps. Policies are registered from JSON files and checked on every signing request. If the request violates the policy, the vault refuses to sign.

Local-first storage. The vault lives on the operator's own machine: no cloud accounts, no remote key management, no third-party custody. You can import a seed from MetaMask and export it to any compatible wallet. In jurisdictions where custody triggers regulatory obligations, OWS sits firmly on the non-custodial side of the line.

How OWS plugs into x402, AP2, MPP, and ERC-8004

OWS isn't a competitor to existing agent payment protocols. It's the layer below them. Each protocol assumes a wallet exists, and OWS provides that wallet in a way every protocol can call.

The MoonPay launch post describes the practical flow as an AI agent holds a balance in an OWS vault. It receives a payment request over x402 for compute credits, an API call, or a dataset. The policy engine checks the request. The wallet decrypts the key in an isolated process, signs the transaction, wipes the key from memory, and returns the signature. The agent pays – the service delivers.

Same vault. Same policy. Different protocols.

Step-by-step: installing and using OWS

Commands pulled from the open-wallet-standard/core GitHub repository.

Step 1. Install.

bash
curl -fsSL https://openwallet.sh/install.sh | bash

Or use a package manager:
npm install -g @openwallet/cli for Node.js pip install openwallet for Python.

Step 2. Generate a seed and derive an address.

bash
ows mnemonic generate
ows mnemonic derive --chain eip155:8453

Switch the CAIP-2 chain identifier (solana:mainnet, bip122:000000000019d6689c085ae165831e93, etc.) to derive on any supported chain.

Step 3. Fund the wallet.

bash
ows fund deposit --amount 50 --currency USDC
ows fund balance

The first command opens a MoonPay deposit flow for USDC. You can also send funds directly to the derived address from any external wallet. Once funded, check your balance with ows fund balance.

Step 4. Register a spending policy.

bash
ows policy create --file policy.json

The JSON sets max_per_transaction, max_per_day, allowed_assets, and allowed_recipients. Every signing request gets checked against this policy.

Step 5. Make a paid request.

bash
ows pay https://api.example.com/data --max 0.01

This calls an x402-enabled endpoint, lets OWS handle the 402, signs the payment, and returns the data. Discover available x402 services with ows pay discover.

That's the minimum loop. From here, the same vault wires into AP2 mandates, MPP sessions, or direct on-chain transfers via the Node/Python SDKs.

What this means for merchants and payment gateways

If your business wants to accept payments from AI agents, the picture got simpler on March 23. Before OWS, your customers had a separate wallet for each protocol. After OWS, there's a baseline format you can expect.

The practical effects for merchants:

• Predictable wallet behavior. Agents paying through x402 or MPP will increasingly use OWS-compliant vaults. You integrate the payment protocol, not the wallet layer.
• Stablecoin-first payments. Most agent flows settle in USDC, USDT, or PYUSD. If your gateway handles stablecoins, you're 80% there.
• Smaller average ticket, higher volume. Agent payments lean toward micropayments and streaming. Your settlement system needs to handle high-frequency, low-value inflows without choking on fees.
• Lighter compliance posture. Because OWS keeps keys on the operator's machine, the legal classification looks closer to "wallet-to-wallet" than "custodial transfer," which usually carries lighter AML obligations.

Checklist: Is your business ready for agent payments?

• Stablecoin acceptance in USDC, USDT, or PYUSD on Ethereum, Solana, or Arbitrum
• Webhook-based settlement with real-time confirmations
• Low minimum payment without fees eating sub-$0.10 transactions
• API-first checkout (no required browser redirect)
• HTTP 402 support for API and data sellers
• Mandate verification for AP2 or ERC-8004 attestations
• Spending anomaly rejection at the gateway level
• Stablecoin auto-conversion on receipt (VRCS-style)
• Tax-clean transaction logs for 1099-DA, DAC8, or CARF

Seven out of nine: you're set. Five or fewer: the next 12 months will require significant catch-up work.

Risks and open questions

Implementation security varies. The MIT license means anyone can fork. Not every fork will go through the same review process as the MoonPay reference implementation. Аn Anthropic study showed AI agents could produce exploits worth up to $4.6 million in simulated stolen funds against real smart contracts – an indicator of growing offensive AI capability that any agent-wallet ecosystem will face.

The regulatory classification of AI agents remains unsettled. No major jurisdiction has clearly defined whether an autonomous AI agent counts as a money transmitter, who is liable when an agent violates sanctions, or how KYC applies to a wallet held by software. OWS doesn't solve this. It makes the technology cleaner while regulators figure out the policy.

Bottom line

The Open Wallet Standard isn't the loudest thing that shipped in March 2026, but it's probably the most consequential. Payment protocols like x402 and MPP get most of the press. None of them work at scale without a wallet layer that's secure, portable, and shared.

For developers, the takeaway is practical: stop rolling your own key management for agent projects. For merchants and payment gateways, the takeaway is strategic. Agent-driven payments are no longer hypothetical. The next 12 months will separate gateways that handle them natively from gateways that get worked around.

The full stack for the agent economy is now in place. The question is whether your business is ready to plug into it.

FAQ