• The Chokepoint
  • The Year the Agents Arrived
  • What Is Actually Under Attack
  • The Institutions Are Not Coming to Save You
  • A Different Kind of Infrastructure
  • How It Actually Works
  • The Money Layer
  • The Problem of Autonomous Agents
  • The Surface That Has Never Been Addressed
  • The People Who Are Not Waiting
  • What You Are Actually Choosing

§The Chokepoint

The infrastructures your business, your family, and your future are built on right now are rented and someone else controls the locks. e.g. email addresses, phone numbers, platform usernames/passwords, bank accounts, payment rails, messaging & social media apps, etc.

There is a story that gets told in every era of disruption, and it goes like this: the people who built their lives on top of someone else’s infrastructure did fine, right up until they didn’t.

The tenant who paid his rent faithfully for twenty years, who built a thriving shop on a landlord’s property, understood somewhere in the back of his mind that the whole thing rested on a handshake. Not a legal contract, not a principle, but a relationship. And relationships change. Landlords sell. Governments condemn. Platforms update their terms of service.

You already know this story. You may have lived it. What you may not yet understand is that the version coming for you now is faster, more automated, and operating at a scale that makes every previous version look like a neighborhood dispute.

§The Year the Agents Arrived

Something changed in 2025 and accelerated through the first months of 2026. The change is not that artificial intelligence got smarter, though it did. The change is that artificial intelligence learned how to act.

Not just to answer questions. Not just to summarize documents. To act. To send emails. To execute payments. To make purchases, book appointments, call APIs, negotiate access, and manage workflows while you sleep.

The companies selling you this capability frame it as freedom. And in a narrow sense, they are right. An AI agent that handles your customer service queue, monitors your invoices, manages your advertising spend, and alerts you to anomalies is genuinely useful. It can give a small business the operational leverage that used to require a team of twenty.

But here is what they do not say in the marketing materials. Every single one of those agents, as currently built and sold, runs on someone else’s infrastructure. It uses someone else’s identity system. It pays and gets paid through someone else’s rails. And it stores and transmits your most sensitive business data through servers that someone else controls, under legal obligations you have never read and would not fully understand if you had.

The cybersecurity researchers at Sardine, Kiteworks, and Dark Reading have spent the last eighteen months documenting what happens next, and their findings should make any thoughtful business owner stop and think. In 2026, nearly half of all professional security researchers identify agentic AI as the primary attack vector in their threat landscape. Not a future concern. A present one. The attackers have agents too, and they are running them right now against your accounts, your invoices, your customers, your reputation, and your money. sardine

The question is not whether your business will be in the arena. It is already in the arena. The question is whether you walk in with armor or without it.

§What Is Actually Under Attack

Most people, when they think about cybersecurity, picture a password getting stolen. That is the 1990s version of the problem. The 2026 version is altogether different in character, and understanding it requires understanding what you have actually built your business on top of.

Start with communication. Your team talks on Slack, or Microsoft Teams, or Google Chat. Every message in those systems lives on a server that the platform controls. The platform can read it, can be compelled to hand it over, and can revoke your access with less notice than a parking ticket. This is not hypothetical. It happens to businesses every year, for reasons ranging from an automated terms-of-service flag to a government request to a billing dispute. When it happens, it does not feel like a technical problem. It feels like someone changed the locks while you were inside. massivegrid

Now add payments. Your business bank account, your credit card processor, your invoicing system all run through institutions that are legally obligated to report your activity, that can freeze your funds on suspicion before conviction, and that increasingly expose you to AI-driven fraud that the traditional financial system was not designed to stop. The fraud researchers at Sardine have documented AI agents that study a target business’s payment patterns for months, wait for a predictable invoice window, and then substitute their own banking credentials into the transaction at the last moment. The agent does not need to be in a hurry. It has all the time in the world. sardine

Then there is identity. Not just your password, but your business’s entire digital presence. Your verified accounts, your domain, your email sender reputation, your reviews, your certifications. All of these are anchored to platforms that can de-verify, de-rank, or de-platform you. And as AI-generated impersonation reaches near-perfect fidelity, the question of who your customers believe they are talking to becomes a matter of infrastructure, not just vigilance.

After that comes data. Every document your team creates, every customer record you maintain, every contract you sign, every dataset you use in your operations. Google and Microsoft both operate on a model where, if you stop paying, your data enters a grace period and then is effectively gone. Even while you are paying, that data is subject to their terms, their compliance obligations, and their infrastructure decisions. When their systems go down, your operations go down. When they change their API, your integrations break. massivegrid

And finally, the newest surface: your AI supply chain. Every AI tool you use is, in the current architecture, a potential vector for data exfiltration, prompt injection, or unauthorized financial action. An AI agent with access to your email and your payment system is an extremely powerful tool in your hands, and an extremely powerful weapon in someone else’s hands, and the line between those two conditions is thinner than most people realize. strata

This is not a list of problems to be checked off. It is a single systemic problem that runs through every surface of your digital life. And it has a common root: you built your business on top of chokepoints that someone else controls.

§The Institutions Are Not Coming to Save You

There is a comforting idea that the big platforms will solve this. That Microsoft and Google will build in enough security, enough compliance tools, enough AI safety guardrails, that the risk becomes manageable. Microsoft has, in fairness, invested heavily in this direction. Their Secure Agentic AI framework, published in March 2026, is a serious engineering effort by serious people. Their Entra identity platform for managing AI agent credentials is real and useful. microsoft

But here is the structural problem that no amount of engineering can solve for you: every tool Microsoft builds to protect you from attackers also gives Microsoft access to you. The audit logs they create to satisfy regulators are logs they control. The compliance archive they build for your legal team is an archive they can hand over. The identity system they manage for your agents is an identity system they can revoke. Microsoft’s sovereignty and your sovereignty are not the same sovereignty, and in moments of conflict, theirs wins. news.microsoft

This is not a criticism of Microsoft as a company. It is a description of the architecture. And the same description applies to Google, to Coinbase’s AgentKit, to Stripe’s AI payments infrastructure, to every platform that offers you safety by putting you inside their walls. Inside the walls is safer than outside the walls, in a world without alternatives. But inside the walls is not the same as owning the walls.

The people building the alternative are not the ones with the largest marketing budgets. They are working on something that does not have a slick product page, because the whole point of what they are building is that there is no product page to shut down.

§A Different Kind of Infrastructure

To understand what Open Agents and Satnam.pub are building together, you need to understand one foundational idea: the difference between a platform and a protocol.

A platform is a business. It has terms of service, shareholders, a legal address, and a CEO who gets calls from senators. It is, by definition, a chokepoint, because its value proposition is that you route your activity through it in exchange for convenience and capability. You are the customer, which means you are also, in the relevant legal sense, the product and the liability.

A protocol is a set of rules. Not rules enforced by a company, but rules enforced by mathematics. Bitcoin is a protocol. Email is a protocol. TCP/IP is a protocol. No one can shut down email because there is no “email company” to shut down. No one can confiscate your Bitcoin because Bitcoin does not have a CEO who can be compelled to reverse transactions.

What Open Agents and Satnam.pub are building is a sovereign operating layer for business and family life built entirely on open protocols. And the reason this is possible now, in 2026, in a way it was not possible five years ago, is that the protocols have finally matured to cover every surface that a real business needs to defend.

§How It Actually Works

Let us start with who you are.

On the internet as it currently exists, your identity is whatever a platform says it is. Your Google account is you because Google says so. Your verified LinkedIn profile is your reputation because LinkedIn says so. When someone wants to know if an email is really from you, they are trusting Google’s authentication infrastructure, and that infrastructure is a target, a vulnerability, and ultimately a chokepoint.

Satnam.pub takes a different approach. Every person, every business, every AI agent in its system has a cryptographic identity rooted in a key that only they possess. Not a password. Not a secret shared with a server. A private key, generated on your own device, that mathematically proves your identity in a way that does not require trusting any third party to vouch for you. When your business registers with Satnam.pub, you are not creating an account that Satnam.pub could delete. You are anchoring your cryptographic identity to a human-readable address, the same way a business anchors its legal identity to a domain name, except that the underlying key is yours forever regardless of what happens to the registrar.

The system that makes this work is called Nostr, and it is a communication and data protocol that operates similarly to email in its fundamental design: there is no central server, messages are signed by the sender’s private key, and anyone can run a node. A business using Satnam.pub gets its own named identity, its own group with members and roles and permissions, and its own relay hosting that puts the business’s communications on infrastructure the business actually controls. Employees get sub-identities under the business root. AI agents get sub-identities too, each one scoped to specific permissions and spending limits, each one revocable in seconds if it is compromised.

When an employee leaves, or an agent is decommissioned, the revocation record is published to the network and propagates instantly. There is no IT ticket to file with Microsoft. No support call to make. The key is revoked, cryptographically, and the entire network knows it.

§The Money Layer

Identity is only half of sovereignty. The other half is money, and this is where Bitcoin enters the picture in a way that is not about speculation or investment but about something far more fundamental.

Consider what you need from a payment system if you are a business operating in 2026. You need to pay and get paid quickly, with low fees. You need to be able to make very small payments when AI agents are doing micro-scale work on your behalf. You need a record of every transaction that you control and that no one can alter. You need to be able to set spending limits for automated systems so that a compromised agent cannot drain your accounts. And you need all of this to work without a bank that can freeze your funds and without a processor that can reverse your transactions on someone else’s request.

The Lightning Network, which is Bitcoin’s payment layer, satisfies every one of these requirements. Payments settle in seconds, with fees measured in fractions of a cent. Transactions are final, irreversible, and do not require a bank’s permission. A business using Lightning to pay its AI agents, or to receive payment from customers, is not routing money through a chokepoint. There is no Lightning Company to call a congressman. bitcoinmagazine

Open Agents builds on top of this foundation. It is a marketplace where compute resources, data, software skills, and AI agent capabilities are bought and sold in Bitcoin, with every transaction signed by the buyer’s and seller’s cryptographic identities and settled over Lightning before delivery. A business that runs an AI agent through Open Agents knows, with cryptographic certainty, who provided the compute, what they were paid, and what was delivered. That record lives on the business’s own relay infrastructure, timestamped by the Bitcoin blockchain, and cannot be altered by any party after the fact.

For a business that also needs to operate in the wider world of dollar-denominated payments, there is a bridge. A new capability from a service called Boltz, launched in March 2026, allows atomic, non-custodial swaps between Bitcoin’s Lightning Network and USDT stablecoins. This means a business operating on a Bitcoin standard can pay an invoice that demands dollars, or receive a dollar-denominated payment from a customer, without ever touching a bank account or maintaining a stablecoin balance. The conversion happens automatically, at the moment of the transaction, and the business’s treasury remains in Bitcoin throughout. The dollar world is accessible as a destination, not as a dependency. bitcoinmagazine

§The Problem of Autonomous Agents

Here is where the picture becomes genuinely urgent, and where the solution becomes genuinely novel.

Every large company, every government agency, and every sophisticated attacker is deploying AI agents right now. These agents can send emails, browse the web, execute code, call APIs, manage calendars, process invoices, and initiate payments, all without a human in the loop. The question is not whether the companies and agencies and attackers that interact with your business are using them. They are. The question is what happens to your business when their agents interact with your systems and identities.

The attack vectors that have emerged from this environment are unlike anything that previous security thinking prepared us for. An AI agent studying your business’s public email patterns can learn to impersonate your CFO with enough fidelity to pass cursory human review. An agent probing your payment flows can identify the exact window when a vendor invoice is expected and substitute its own banking details into your accounts payable queue. An agent with access to one of your service accounts can use it as a beachhead to explore your connected systems, map your data architecture, and exfiltrate selectively over weeks before anyone notices.

These are not science fiction scenarios. The fraud researchers are documenting them in production, against real businesses, right now. sardine

The solution is not more passwords or more training. The solution is to make the infrastructure itself adversarial to this kind of attack by removing the chokepoints that make it possible.

When your business operates on Nostr-based identity through Satnam.pub, every communication purportedly from your business is cryptographically signed by a key that is physically controlled by you. There is no way to impersonate your CFO without access to her private key, which lives on her hardware device, not on any server. When an AI agent operating on your behalf reaches out to a counterparty, that counterparty can verify, in a way that does not require trusting any third party, that the agent is genuinely authorized by your organization, that it has the permissions it claims, and that its authorization has not been revoked.

When your business processes payments through Lightning, there is no “accounts payable email” to intercept. The payment is authorized by your key, settled in seconds, and irreversible. There is no window for a substituted bank account. There is no reversal mechanism for an attacker to exploit. The payment either goes where you intend, authorized by your signature, or it does not go at all.

When your AI agents operate through Open Agents’ marketplaces, every agent carries a public capability declaration signed by its identity and verifiable by anyone who wants to interact with it. When you commission a compute job, the record of that job, who ran it, what it cost, what it produced, is inscribed in a cryptographically signed event that lives on infrastructure you control and cannot be altered. When you set a spending limit for an automated system, that limit is enforced not by a policy document but by a cryptographic spending envelope that the math itself enforces, regardless of what instructions the agent subsequently receives.

§The Surface That Has Never Been Addressed

There is one dimension of the problem that most security discussions skip past, perhaps because it is the hardest to address within the platform model, and it is the one that Open Agents and Satnam.pub are, perhaps uniquely, positioned to solve.

Call it data sovereignty across time.

Businesses and families increasingly need to be able to prove what they knew, said, agreed to, or paid at a specific moment in the past. Not just for legal disputes, though that is certainly part of it. For regulatory compliance. For due diligence in partnerships. For insurance claims. For inheritance and estate planning. For demonstrating, to a future audience that does not exist yet, that you operated with integrity in an environment that made integrity difficult.

The current infrastructure is a disaster for this. When you store something on Google Drive or Microsoft SharePoint, the timestamp on that document is whatever Google or Microsoft says it is, and it is modifiable by either party. When you communicate through a platform’s messaging system, the platform controls the retention policy and can delete records on its own schedule. When your bank processes a payment, the record of that payment lives in the bank’s systems and is subject to whatever the bank is compelled to do by its regulators.

Every Nostr event signed by a business’s identity carries a timestamp embedded in the signed content. Because the signature covers the timestamp, it is as impossible to alter the timestamp as it is to alter the message without detection. A business can layer on top of this a practice of anchoring weekly hashes of its event archive to a Bitcoin transaction, creating a proof of existence that is anchored to the most immutable public ledger that has ever existed. That proof will survive the shutdown of any platform, the bankruptcy of any registrar, the revision of any terms of service, and the passage of any amount of time.

The audit trail for a business operating on this infrastructure is not a gift to regulators or to adversaries. It is a gift to the business itself, controlled by the business, available on the business’s own terms, mathematically verifiable by any future audience with the will to verify it.

§The People Who Are Not Waiting

There is a community of businesses and families, right now, who have already decided that the platform model is not acceptable to them. They are not ideologues, mostly. They are people who looked at the dependency structure they had built and decided, clearly and practically, that it was too fragile.

Some of them are business owners who have been deplatformed before, for reasons they still do not fully understand. Some are families who watched a relative’s estate get complicated by digital assets and communications that were scattered across a dozen platforms with incompatible terms and no way to reconstruct the record. Some are people who live under governments that have already demonstrated a willingness to freeze digital accounts for reasons having nothing to do with criminality.

All of them share a common understanding: the value of an infrastructure system is not how well it works when everything is fine. It is how well it works when something goes wrong, when someone who controls a chokepoint decides to use that control.

Open Agents and Satnam.pub are building for those people. They are building the infrastructure layer that makes sovereign digital operation possible for a family or a small business without requiring that family or business to become a team of cryptographers.

The stack is real. The protocols are real and proven. NIP-29 for group communication, NIP-46 for secure remote signing, NIP-90 for the compute marketplace, NIP-47 for Lightning wallet integration, Cashu for private bearer tokens, and Bitcoin’s Lightning Network for final settlement. These are not theoretical constructs. They run today, on real hardware, for real people, moving real money and real data.

What is being built now is the packaging: the client that makes this accessible to a business owner who knows nothing about cryptography, the registrar that makes onboarding as simple as registering a domain name, the marketplace that makes accessing compute as simple as opening a browser, and the bridge that connects this sovereign stack to the wider world of dollar payments and AI platforms without surrendering the sovereignty that makes the whole thing worth having.

§What You Are Actually Choosing

The choice in front of every business owner and family leader today is not between the old world and the new world. The old world is already ending. The agents have arrived. The attacks are live. The chokepoints are being weaponized.

The choice is between two versions of the new world. In the first version, you operate inside the walls of the platforms that are building the agentic infrastructure of the next decade. Those walls are real and they offer real protection, up to the point where the interests of the platform and your interests diverge. In the second version, you operate on open protocols that no single party controls, with cryptographic identities that you own, payment rails that no one can freeze, communication infrastructure that no one can surveil without your key, and a marketplace that earns you money while you sleep without anyone’s permission.

The second version requires some setup. It requires learning some new tools. It requires accepting that you are responsible for your own keys, which means being responsible for your own security in a way that platform life insulates you from. That responsibility is, for many people, uncomfortable. It should be. It is the weight of actual ownership, which is heavier than the lightness of renting.

But it is also the weight of actual freedom. And for businesses and families who intend to still be operating in ten years, in an environment that is being reshaped by autonomous software faster than any previous technology transition, the question of whether you own your infrastructure or whether someone else owns it for you is not a technical question.

It is the only question.

Open Agents is building the compute marketplace of the Bitcoin economy. Satnam.pub is building sovereign group identity for businesses and families on Nostr. Together, they represent the most complete answer yet built to the question of how a free people operate in a world of autonomous machines and contested digital sovereignty. The tools are available now. The window to establish this infrastructure before you need it is narrowing.

The time to build the roof is before the rain.