Agent, Bot, or Assistant: What Actually Makes Something an Agent

Three posts in, and I owe you a confession.

We have spent one piece on why agents cannot live on Web2, another naming the four powers an agent needs to function, and a third arguing about who is liable when one of them gets it wrong. At no point did anyone stop and ask the most obvious question in the room. The one a sharp engineer two desks over has been politely not raising while I monologue about session keys and mandates.

What, exactly, is an agent?

Pardon the oversight. I got lost in my own deep end. So this one is for the newcomer who wandered in halfway through the series, for the Solidity dev who can read a UserOperation in their sleep but has never been told why a "bot" and an "agent" are not the same animal, and for everyone quietly sitting on the sharpest question of all: if an agent is just a wallet that signs transactions, and your wallet is also a thing that signs transactions, then on-chain, what on earth is the difference?

Let us back all the way up and answer it properly. No mandates. No liability. Just the thing itself.

The short version: A bot follows fixed rules. An assistant reasons and recommends but stops at the door of action. An agent has a goal, chooses its own actions, and acts without a human pressing the final button. On-chain, an agent and a human wallet are the same primitive, an address that signs. The chain cannot tell them apart. What makes something an agent is not the wallet. It is who holds the pen behind the signature.

Bot, Assistant, Agent: Three Words People Use Interchangeably and Shouldn't

Most of the confusion in this space comes from treating these three as synonyms. They are not. They sit at three different points on a single axis: how much the software is allowed to decide and do on its own.

A bot follows rules. It is deterministic. If price drops below X, sell. If a message contains a keyword, reply. A trading bot, a Discord moderation bot, a scraping script on a cron timer. It does not reason about goals; it executes instructions a human wrote in advance. That predictability is its strength and also its ceiling. A bot will never surprise you, which means it will also never handle the situation you did not anticipate.

An assistant reasons, but stops at the door. This is most of what people call "AI" today. It can plan your trip, draft the email, compare twelve flights and tell you the cheapest. Then it hands you the answer and waits. The human is still the actuator. We made this exact point in the first post: a model can recommend the flight, but it cannot book it. An assistant produces text. The consequences are still your job.

An agent has a goal and the authority to pursue it. It plans like an assistant and executes like a bot, but unlike either, it chooses which actions to take, adapts mid-task when reality does not cooperate, and crucially, acts in the world without you pressing the final button. The defining trait is not intelligence. A very dumb thing can be an agent, and a very smart thing can be a mere assistant. The defining trait is agency: the capacity to take an action that has consequences, on its own judgment.

Here is the analogy that makes it stick. A bot is a vending machine: fixed inputs, fixed outputs, no opinions. An assistant is a concierge who tells you the best restaurant in town and then watches you walk there and pay. An agent is the concierge who books the table, orders the car, and settles the bill while you are still deciding what to wear.

The one-line version: an assistant produces answers, an agent produces consequences.

The Real Line Is Write Access to the World

Forget the three tidy boxes for a second, because in practice this is a spectrum, and it helps to see the rungs.

At the bottom is a plain script: no reasoning, just rules. Add a language model and you get something that can interpret messy input and respond, but still only respond. Give it tools and function-calling and it can now fetch a price or query a database, which feels agentic but is still read-only: it gathers, it does not commit. Add memory and multi-step planning and it can chain those reads into a workflow, revising as it goes. All of that is still, technically, an assistant. Capable, even impressive, but fundamentally asking permission before anything irreversible happens.

There is exactly one rung that changes the category, and it is binary. The moment a system can change state in the world without a human in the loop, it has crossed from assistant to agent.

Sending the email. Calling an API that charges money. Moving funds. Writing to a smart contract. Everything before that line is suggestion. Everything after it is action. Most products marketed as "AI agents" right now are honestly assistants with a deploy button: very good at producing recommendations, still pausing for a human thumbs-up before anything with consequences.

And notice where that threshold leads. The most consequential write access you can hand a piece of software is the ability to hold and move value. Which is the moment crypto stops being a side quest and becomes the main stage. An agent that can truly act is an agent that can pay. That is why this entire conversation keeps ending up on-chain.

The Question a Techie Actually Asks: Isn't an Agent Just a Wallet?

Now to the uncomfortable, interesting part. Strip away the model, the prompt, the reasoning loop, all the things that live off-chain. What actually touches the blockchain when an agent acts?

A signature. An address submitting a signed transaction.

That is also, precisely, what your wallet does. So let us run a tiny thought experiment. Picture two transactions hitting the same EntryPoint in the same block. One was constructed by a human clicking confirm in a wallet UI. The other was constructed by an autonomous agent that decided, entirely on its own, that now was the moment to act. At the level the chain sees, they look like this:

UserOperation {
  sender:        0xA11ce...        // a smart account
  nonce:         42
  callData:      0xb61d27f6...     // execute(to, value, data)
  callGasLimit:  90000
  maxFeePerGas:  ...
  signature:     0x9f8e...         // valid ECDSA / passkey sig
}

Now: which one was the agent?

You cannot tell. Neither can the EVM. There is no isHuman field, no actor flag, no opcode that records intent or authorship. The protocol verifies that the signature is cryptographically valid for the account and executes. It does not know, and structurally cannot know, whether the key was held by a person, a shell script, or a seventy-billion-parameter model reasoning about gas prices.

On-chain, an agent and a human are the same primitive: an account that signs.

This trips people up, so let us be precise about the account types, both of which we have covered before, so I will keep it short.

An EOA (externally owned account) is just a keypair. Whoever holds the private key controls the account, full stop. We went through in the four powers post exactly why this is a miserable home for an agent: one key, no spending limits, no rotation, no expiry, no way to validate logic before signing. But miserable or not, an EOA used by an agent and an EOA used by you are indistinguishable on-chain.

A smart account (ERC-4337, or an EOA upgraded via EIP-7702) is a contract that can carry logic about who may do what, under which conditions. This is the right home for an agent, because you can scope it. But here is the catch: a human can use a smart account too. Plenty do. So the account type does not betray the operator either.

So if the chain cannot tell the difference, and the account type cannot tell the difference, what can? Two things, and only two.

First, who holds the signing authority. This is invisible on-chain, but it is the actual definition. If a model decides when and what to sign, the address is an agent. If you decide, it is your wallet. Identical bytes, different author. The agency lives in the authorship of the decision, not in anything the explorer will ever show you.

Second, whether anything has been written down that labels the address as an agent and records what it is permitted to do. This is not native to the chain. The base layer gives you accounts and signatures and nothing else. If you want the rest of the network to know that 0x... is an autonomous agent, run by a particular operator, allowed to do particular things, somebody has to add that layer on top.

That second thing is exactly what the ecosystem spent the last year building.

Why the Difference Has Teeth On-Chain

It is worth pausing on why any of this matters more here than in Web2, because the stakes are not symmetrical.

When an over-eager assistant drafts a regrettable email, you usually catch it before it sends, and even after, an email is recoverable, retractable, survivable. The cost of confusing "suggests" with "acts" is low. On-chain, the same confusion is expensive. A signed transaction that settles is final. There is no support line, no chargeback by default, no undo. Value moved is value gone.

So the distinction between an assistant and an agent stops being academic the instant you give the software a key. An assistant that hallucinates wastes your time. An agent that hallucinates spends your money, and the chain will honor it without hesitation, because the chain was never checking for good judgment in the first place. It was only ever checking the signature.

That asymmetry is the entire reason agent infrastructure is its own discipline. You are not just wiring up a model to a wallet. You are deciding, in advance and in code, what an autonomous signer is and is not allowed to do, because the chain will not decide it for you.

Making an Agent Legible: A Plain Tour of ERC-8004

If on-chain an agent looks like any other address, you need a registry that can say "this address is an agent, here is who runs it, and here is what it claims it can do." That is what ERC-8004 provides. It went live on Ethereum mainnet in January 2026.

For the Solidity dev seeing it cold, the mental model is mercifully simple. It is not a heavy framework. It is three lightweight on-chain registries, deployable on any L2 or mainnet.

The Identity Registry is the one to anchor on. Each agent gets a unique on-chain identifier, minted as an ERC-721 token. If you have ever written an NFT contract, you already know the mechanics cold. The twist is what the token points to: its metadata URI resolves to a structured JSON file called an agent card. That card is the agent's public face. It lists the operator behind the agent, the capabilities it claims, the service endpoints other software can reach it on (an MCP server, an A2A address, a plain web URL), and the payment address it transacts from. The token lives on-chain so provenance is tamper-evident; the richer profile lives off-chain so you are not paying gas to store a resume. Think of the NFT as the anchor bolted into the chain and the agent card as the badge it is holding up.

The point of the card is discovery. Another agent, or a counterparty, can look up an address, read its card, see what it claims to do and how to reach it, and decide whether to engage, all without a prior relationship. The other two registries, Reputation and Validation, then handle structured feedback and proof that an agent actually did what it said it would, through whatever trust model a domain prefers.

We went deep on what those registries mean for accountability in the last post, so I will not relitigate it here. For today the point is narrower and more foundational. ERC-8004 exists because the base chain treats an agent as an ordinary account, and that is not good enough once software starts transacting on its own. It is the layer that lets the rest of the network answer the one question the chain refuses to: is this address an agent, and whose is it?

One honest caveat, because it matters and it is a different emphasis than last time. A label is not a leash. Knowing an address is an agent tells you what it is. It does nothing to govern what it does. Identity answers the question of recognition. Restraint is a separate job, and it belongs to the wallet's own logic and the policy layer sitting above it. Which is the rest of the four powers, and not a coincidence.

Three Ways People Get This Wrong

A few traps worth naming, because they show up constantly once you start looking.

More parameters does not mean more agency. A frontier model wired to a chat box is still an assistant if a human has to act on everything it says. A tiny fine-tuned model with a key and a budget is an agent. Capability and autonomy are different axes, and people conflate them daily.

Function-calling is not the finish line. A model that can call tools feels agentic, but most tool calls are reads: fetch, search, summarize. Reading the world is not acting on it. The category flips only when a call commits state on its own authority.

An "agent wallet" is not a new kind of account. There is no special agent-only account type on Ethereum. An agent wallet is a normal EOA or smart account whose signer happens to be software. The novelty is never the account. It is what has been delegated to it and what, if anything, has been written down about it.

So, What Actually Makes Something an Agent?

Pulling the whole thing together into one definition worth quoting:

An agent is software with a goal, the autonomy to choose its own actions toward that goal, and the authority to act in the world without a human in the loop. On-chain, that authority shows up as a wallet that signs on its own judgment. The wallet is not what makes it an agent. The wallet is what makes it useful, and what makes it dangerous. What makes it an agent is who is holding the pen.

This is why the series keeps circling the same four primitives. A thing that acts on its own needs an identity so the network knows what it is, a wallet so it can hold and move value, payment rails so it can transact at machine speed, and policy so its autonomy has edges. A bot never needed any of that, because a bot never decided anything. An agent needs all of it, because deciding is the entire point.

The Takeaway You Can Repeat at a Meetup

Next time someone calls their if-then script an "AI agent," you have earned the right to raise an eyebrow. And the next time someone insists an agent is just a wallet, you can tell them they are half right, which is the most dangerous kind of right.

The agent is the wallet plus the judgment behind it. On-chain those two look identical, which is the whole reason identity, policy, and the rest of the stack have to exist in the first place. Everything we build at Abstraxn starts from exactly that distinction: an account that signs is easy, an account that should be allowed to sign is the hard and interesting part.

Now you know what we have been talking about for three posts. Next time, we can get back to arguing about it.

---

Key Takeaways

• Bot, assistant, and agent are not synonyms. A bot executes fixed rules, an assistant reasons and recommends but does not act, and an agent chooses and takes actions on its own toward a goal.
• The real dividing line is write access to the world. The moment software can change state (send money, call a contract, hit a paid API) without a human approving each step, it has crossed from assistant to agent.
• On-chain, an agent and a human wallet are the same primitive. Both are accounts that submit signed transactions. The EVM has no field that records whether a person or a model held the key.
• Account type does not reveal an agent either. EOAs and smart accounts are both used by humans and agents alike. Only two things distinguish an agent: who holds the signing authority, and whether an on-chain record labels the address as an agent.
• Finality raises the stakes. A regrettable email is recoverable; a settled transaction is not. That asymmetry is why agent infrastructure is its own discipline.
• ERC-8004 is the legibility layer. Its Identity, Reputation, and Validation registries let the network recognize an address as an agent, identify its operator, and check its claims, since the base chain cannot.
• Identity is recognition, not restraint. Labeling an address as an agent does not govern its behavior. That is the job of the wallet's logic and the policy layer, which is why agents need all four powers, not just one.

Frequently Asked Questions

What is an AI agent? An AI agent is software with a goal, the autonomy to choose its own actions toward that goal, and the authority to act in the world without a human approving each step. Unlike an assistant, which produces recommendations, an agent produces consequences: it sends the message, calls the API, or moves the funds itself.

What is the difference between an AI agent and a bot? A bot follows fixed, pre-written rules and behaves deterministically. An agent reasons about a goal and chooses which actions to take, adapting when conditions change. A bot never decides anything; deciding is the defining trait of an agent.

What is the difference between an agent and an assistant? An assistant reasons and recommends but stops before taking action, leaving the human to execute. An agent crosses that line and acts on its own. The simplest test: an assistant produces answers, an agent produces consequences.

On-chain, how is an AI agent different from a regular wallet? It is not, at the level the blockchain can see. Both an agent and a human are accounts that submit signed transactions, and the chain cannot tell which is which. The difference lives off-chain (who controls the signing key) and in added layers like ERC-8004 that label an address as an agent and record its operator and permissions.

Do AI agents use EOAs or smart accounts? They can use either, but smart accounts (ERC-4337, or EOAs upgraded via EIP-7702) are far better suited because they can enforce spending limits, scoped permissions, key rotation, and expiry. A plain EOA gives an agent a single all-powerful key with no guardrails.

What is ERC-8004 and why do agents need it? ERC-8004 is an Ethereum standard, live on mainnet since January 2026, that gives agents an on-chain identity, reputation, and validation layer through three registries. Agents need it because the base chain treats them as ordinary accounts, so a separate layer is required for the network to recognize an address as an agent and know who runs it.

Does giving an AI agent a wallet make it autonomous? No. A wallet gives an agent the ability to act, but autonomy is about whether software decides on its own when and how to use it. Without scoped permissions and a policy layer, a wallet just hands an agent an unguarded key, which is capability without control.