Nunchuk Says 'Not Your Keys, Not Your AI': Open-Source Tools Keep Bitcoin Custody Human-Side of the Ledger

Move over "not your keys, not your coins"—the Bitcoin custody crowd now has a new mantra, and it sounds suspiciously like "not your keys, not your AI." Bitcoin wallet company Nunchuk has dropped open-source tools that let AI agents play around with Bitcoin wallets without actually getting the keys to the castle. It's a bit like giving your robot butler access to the kitchen, but not the liquor cabinet.

"We're basically building the robot butler equivalent of a Bitcoin wallet," said Nunchuk founder and CEO Hugo Nguyen. "The key question was: how do you give AI agents useful financial capabilities without creating a single point of failure that would make any security researcher have a panic attack?"

Launched in 2020, Nunchuk is an open-source mobile Bitcoin wallet that uses multisignature security to support self-custody and inheritance planning, letting users store Bitcoin with multiple keys instead of relying on a single private key. Think of it as the cryptocurrency equivalent of not keeping all your eggs in one basket, except the eggs are worth millions and the basket is made of math.

The tools aim to support AI agents that can carry out financial tasks such as sending payments or managing wallets, while ensuring agents do not control the keys that secure users' Bitcoin. Because let's be real, handing an AI full control of your Bitcoin is roughly as wise as leaving your seed phrase on a sticky note in a Starbucks.

"Current approaches either give the agent full authority over a standalone wallet, or use delegated signing where the agent acts on the user's behalf," Nunchuk founder and CEO Hugo Nguyen told Decrypt. "The problem with both is the same: once the agent is set up, there's no meaningful check on what it can do with your money. If it's compromised, misconfigured, or just makes a bad call, nothing stops it." In other words, nobody wants to explain to their bank that their AI bought 40,000 JPEG files of cartoon apes and somehow that was "investment research."

Nunchuk CLI is a command-line tool that lets AI agents interact with Bitcoin in shared wallets where users keep control of their private keys. If a transaction goes over a set spending limit, the user must approve it. The agent can operate within bounded authority, but above the limit, the human still has to sign. It's essentially a parental control feature for your AI's allowance, and honestly, we wish we'd had this back when we accidentally let ChatGPT order fifteen pounds of gummy bears.

"Just as importantly, funding the wallet and authorizing the agent are separate decisions: the wallet can receive funds without automatically increasing what the agent is allowed to spend," Nguyen explained. "That's the design problem we're solving." Because apparently, not even AI should be trusted with unsupervised spending sprees, whether it's on RGB mouse pads or suspicious NFT drops.

Agent Skills provides an interface that allows AI models to use the CLI across tasks such as wallet setup, wallet creation, participant invitations, policy configuration, and transactions. The system separates receiving Bitcoin from spending authority. Depositing funds does not give an AI agent permission to spend them. It's the financial equivalent of your AI being able to accept birthday cards but not actually opening any of them without supervision.

"That separation matters," Nunchuk said. "Funding a wallet and authorizing an agent should not be the same decision, and in this model, they aren't." Because in crypto, where a single misconfigured gas setting can mean losing everything, the difference between "can receive" and "can spend" is the difference between a mildly embarrassing mistake and a trip to the bankruptcy lawyer.

S