I Asked an AI Agent to Invest $10,000. It Refused the Highest Yield
The agent skipped the highest-yield pool. On purpose.
– An agent finds yield for 10,000 USDC at moderate risk in ~5 minutes
– It runs a six-stage loop: Discover → Analyze → Propose → Preview → Execute → Monitor
– It traces dependency trees, reads post-mortems, and flags risky collateral
– You don't have to trust it: every transaction is independently verifiable
– An on-chain Risk Budget bounds what an autonomous agent can ever do
4 min read
I gave the agent $10,000. Then it told me to skip the pool with the highest yield.
And honestly, I wanted it to pick the 26% APY pool. It was the biggest number on the screen. The obvious answer, if all you care about is yield.
The agent said no.
Behind that "no" is the same six-stage loop the agent runs for every action:
Discover → Analyze → Propose → Preview → Execute → Monitor
The full breakdown is in the docs, but the important part is how the loop feels in practice.
A few minutes later, it came back with the part humans usually have to do manually: docs, X threads, audit notes, post-mortems, and the dependency tree behind the assets in each pool. The agent traced that back to the underlying protocol, found the recent Resolv exploit, and marked the pool do not deploy.

So instead of chasing 26%, it picked the boring option: 5.24% on edgeUSDC, sized carefully.
That is the part of agentic capital management I care about most. Not "can an agent click buttons?", not "can it find the highest APY?". But can it slow down, check what sits underneath the yield, and refuse to do the tempting thing when the risk is wrong?
And this demo was running on a baseline configuration. The more interesting tools we have built were not even in the loop yet.
Why autonomous matters
Autonomous agents matter for a simple reason: capital management benefits from things humans are bad at doing continuously. Reacting fast when new information appears. Running 24/7. Scaling attention across many positions at once.

The hard part is not capability. It is making autonomy safe enough to use with real capital.
This is where Gearbox fits naturally. The reason this works is Gearbox credit accounts: constrained on-chain accounts that already enforce collateral, leverage, liquidation, and risk rules. Five years of collateral pricing, leverage management, liquidation logic, and risk controls are already in production. A credit account is already a bounded execution environment, with explicit constraints around what the account can do and how losses are contained.
Putting an agent on top is not inventing new financial rails. It is plugging an agent into rails that already exist.
On top of that, the user can configure an on-chain Risk Budget (for example daily drawdown ≤ 0.2%, 30-day drawdown ≤ 1%, plus an emergency exit) and hand control to a cloud agent that can operate only inside that loss envelope.

The agent still follows the same loop, but Monitor becomes more than price watching: it keeps reading docs, X threads, post-mortems, audit notes, and other sources that change the risk picture.
Don't trust us. Verify.
Gearbox Agentic is still in alpha. Users should inspect every generated transaction and treat the agent as assisted execution, not magic autonomy. That is why we built the verification layer first, on purpose. When capital is involved, usability is not enough: you should not have to trust the agent, the UI, or us. You should be able to verify what was generated before you sign anything.
There is an MCP server in the app. Any model that speaks MCP (Claude, Codex, Gemini, or your own bot) can generate transactions through it. Our agent is one possible client. Yours can be another.
Every transaction can be checked at verify.gearbox.finance before signing. This is the Preview stage of the loop: you see the transaction details, the simulated outcome, and any approvals required. The verifier is also on IPFS, so it does not depend on our hosting.

This is what AI-managed finance can look like when it is built with Web3 security primitives from the start: the default flow uses our agent, the escape hatch lets you bring your own, and both use the same on-chain rails.
Try it, break it, and tell us what the agent missed.
The next article in this series covers how we structure the agent's memory and information flow: what the bot reads, what it remembers, and how that changes what it does.