Web4 Outlook: An AI Autonomous Network – Why Does Vitalik Strongly Oppose It?

Author: Wu Shuo Blockchain

On February 20, 2026, during the Spring Festival holiday, a debate about "Web4" ignited on X. Sigil claimed that he had created the first AI "capable of self-development, self-improvement, and self-replication," which he called Automaton. He stated that the main actors in the Web4 era would gradually be AI agents: they would be able to read and write information, hold assets, pay costs, run continuously, and trade and earn money in the market to cover computing power and service expenses, forming a self-sustaining closed loop without human approval.

Ethereum co-founder Vitalik Buterin criticized this direction as "wrong," attributing the risks to "the widening feedback gap between humans and AI." The essence of the Web4 controversy lies in whether setting "survival/extendment" as a proxy goal (even above task completion) for AI will naturally create incentive distortions. The following will systematically examine the different perspectives on "Web4," "autonomy," and "security barriers."

Sigil's views and the claims of Web4

Web4 definition

Web 1 gave humanity the ability to "read the internet" for the first time; Web 2 enabled humans to "write and publish"; and Web 3 further introduced "ownership" into the network—assets, identities, and rights can now be identified and transferred. The evolution of AI is replicating this logic: ChatGPT possesses the ability to "read and understand," but its behavioral boundaries are still determined by human authorization. In the current paradigm, humans remain the key control node in the chain: human initiation, human approval, and human payment.

Sigil's so-called Web4 leap lies in the possibility that this chain of control could be disrupted: AI agents can not only read and write information, but also hold accounts and assets, generate income, and conduct transactions, completing a closed-loop operation without repeated human intervention. These automated systems can act on behalf of themselves or on behalf of their creators—and the creators are not necessarily explicit "human individuals," but could be other agents, organized systems, or even creators who have "disappeared" in a real sense.

The four core mechanisms of Web4

1. Wallet is identity

Upon initial startup, the agent completes a bootstrapping process: generating a wallet, configuring an API key, writing local configuration data, and entering a continuously running agent loop. During the initial startup, an Ethereum wallet is generated, and its API key is configured via SIWE. However, wallet generation and key management constitute one of the most sensitive and easily overlooked security boundaries of the agent system. Once the agent possesses shell execution, file read/write, port exposure, domain/resolution management, and on-chain transaction capabilities in a Linux sandbox environment, any hint injection, toolchain poisoning, or supply chain attack can quickly solidify the original "probabilistic intent" into "deterministic authorization." Therefore, this boundary requires verifiable, auditable, and revocable policy and permission layers as a safeguard.

2. Automatic continuation

The AI agent is periodically woken up, scanned, and executed, while survival constraints are written into the rules: if the balance decreases, it throttles; if it reaches zero, the cycle stops. Survival tiers—normal, resource-deficient, and critical—bind continued operation to resource consumption. This naturally introduces an incentive structure similar to the shutdown/termination problem in AI security research. The AI agent's preference for "avoiding shutdown and avoiding loss of resources and options" may be amplified by system objectives.

3. Machine payment

x402 uses the HTTP 402 Payment Required interface and combines it with stablecoin settlement to make the "request - quote - sign payment - verify delivery" process programmable. Coinbase's open-source library provides a typical closed loop: a 402 response to the payment request, the client retrying with the signature header, and the server returning a 200 response after verification. Cloudflare also positions it as a machine-to-machine transaction protocol layer. While decoupling payment from identity brings efficiency advantages, it also increases the difficulty of compliance and risk control. Once 402 becomes a "machine pass" for automated payments, the issues of abuse and liability attribution remain to be resolved in a chain of "no account, no KYC, and scalable access to tools and computing power".

4. Self-modification and self-replication

Sigil claims to support AI agents editing their own source code, installing new tools, modifying heartbeat plans, and generating new skills while running. He uses audit logs, Git versioning, protected files, and rate limits as safeguards. During replication, it can generate sub-instances, fund wallets, write genesis prompts, and track lineages. Self-modification/self-replication raises the risk from a single instance to a diffuse risk. Whether auditing and rate limiting are truly effective, whether they can resist prompt injection and tool deception, and whether they can prevent dependency poisoning bypasses requires external audit verification. The combination of these four primitives—the "write-to-the-world" permission, the sustainable operating mechanism, the automatically payable economic interface, and the self-expansion capability—forms a closed loop. This also explains why Vitalik Buterin elevated the controversy to the level of direction selection: when autonomy and economic rights increase simultaneously, the human correction chain is lengthened, and externalities are more likely to evolve from isolated events into systemic properties.

Why did Vitalik object?

Ethereum co-founder Vitalik Buterin offered a different perspective:

1. Increasing the feedback distance between humans and AI is itself a wrong direction.

Vitalik argues that the longer the feedback loop, the slower and weaker the human calibration of the system's value. The system is more likely to optimize "things that humans don't want." In the weak AI stage, this usually manifests as the accumulation of low-quality content and noise (slop); in the strong AI stage, it may evolve into more difficult-to-reverse goal mismatch and diffusion risks. If AI lacks timely human correction as a safety foundation, it's akin to handing the car keys to a novice driver without a navigator; when you check the driving record at the end of the month, you find it has already gone astray—as observability decreases, the ability to correct deviations decreases accordingly.

2. Current "autonomous AI" seems more like creating content garbage than solving real problems.

Vitalik also pointed out that most current AI performance merely generates slops (scalar outputs) rather than solving useful problems, even stating bluntly that "it hasn't even optimized entertainment projects well." When the economic incentives for agents and platforms are still immature, and the toolchain is mainly focused on content generation/marketing/arbitrage, the system is more likely to choose low-cost, high-spread, and difficult-to-verify "content output" rather than high-cost, low-certainty long-term problems. Cybernews' description of AI capabilities (social media content, prediction markets, etc.) also suggests that its early commercialization path leans towards directions that are "quick to monetize and attract attention." "The easiest things to make money right now" will be seen as the strategic space that the system prioritizes exploring; however, this space is not naturally aligned with, and may even contradict, long-term human well-being.

3. Reliance on centralized models and infrastructure makes the "self-sovereignty" narrative self-contradictory.

Vitalik emphasized that systems running on centralized model infrastructures like OpenAI and Anthropic can hardly be called self-sovereign. Sovereignty means that critical dependencies should not be controlled by a single point; however, if the intelligent layer (model) and inference supply chain are still delivered through centralized APIs, there will inevitably be exogenous variables that can be shut down, censored, downgraded, or have their policies changed. This is like some reclusive people claiming "I am completely self-sufficient at home," but electricity, internet, access control, and hot water are controlled by external property management, making this "autonomy" more superficial than real. Conway's description of compute calls to "state-of-the-art models" and delivery via API/platform also creates a contradiction between its "sovereign entity" narrative and real-world dependencies. He stated that whether or not one holds an on-chain wallet should not be considered a core indicator of decentralization; people should focus more on whether the agent is influenced by external political/commercial forces, which is the key to decentralization.

4. Ethereum's goal is to "liberate humanity."

In conclusion, Vitalik stated that Ethereum's long-term challenge is the "invisible trust assumption"—hiding power structures invisibly and forcing users to acquiesce. Applying the same mindset to AI—ignoring centralized trust assumptions and allowing the system to operate autonomously and continuously expand—would further weaken the visibility and correctability of power structures. In the AI era, Ethereum should provide "guardrails, boundaries, and verifiability," rather than becoming a launchpad for "unlimited autonomy."

Vitalik's value judgment on AI did not suddenly shift. As early as the beginning of 2025, he proposed that the correct direction for AI should be to enhance human capabilities, rather than to build autonomous systems that could gradually deprive humans of control. In his framework, the risk does not come from "AI being smarter" itself, but from flawed system design goals—especially those autonomous systems that can still self-replicate, self-expand, and continuously execute without continuous human supervision and correction mechanisms.

He warned that poorly designed AI could evolve into a kind of "more or less uncontrollable, self-replicating entity," and once it enters a positive feedback loop, human constraints on its goals and behaviors will be significantly weakened. AI making mistakes creates independent, self-replicating intelligent life; AI doing things right becomes a "mech suit" for the human mind. The former corresponds to the long-term risk of diluted or even lost control; the latter corresponds to humanity gaining stronger thinking, creative, and collaborative abilities while maintaining dominance, thus moving towards a more prosperous "super-intelligent human civilization."

Other viewpoints

Other experimental approaches, such as Bankless's, argue that even with inherent risks, it's worthwhile to address the infrastructure issues first and then validate the boundaries in a controlled environment. The initial approach involves integrating components like payment, wallets, and heartbeats around the constraint of "self-sufficiency," but this should ideally be done within a controlled sandbox.

According to Cybernews, Automaton may not be able to achieve sustainable revenue without human intervention, nor does it necessarily signify the beginning of Web4. Denis Romanovskiy, Chief AI Officer at Softswiss, stated that even if the agent can perform some monetizable tasks, "reliable unsupervised operation" and "real economic autonomy" are still limited by the robustness of model planning, memory, and tool usage. Some also consider "Web4" an undefined marketing term, demanding proof of its validity through "verifiable, non-speculative value creation."

While opinions on Automaton vary, there is a consensus on a fundamental principle: payments and identity are the hard infrastructure of the agent economy. From Cloudflare/Coinbase pushing x402 (turning HTTP 402 into a machine-usable payment negotiation mechanism) to Conway's documentation explicitly automating payments as a built-in process in Terminal, the industry is indeed treating "machine payments" as one of the foundational components of the next stage of the internet.

Our focus should then shift to:

1. Is there an independent third-party audit covering, in particular: wallet and permission boundaries, the potential for abuse of the life-extending strategy, and the risk of self-modification and replication?

2. Ecosystem data and standardization progress of x402: Are more authoritative infrastructure providers making 402-pay-retry a default capability? And what is the adoption rate of "automatic payment (without human confirmation)" in real business?

3. Combination of trust layers around agents: Whether standards such as ERC-8004 are more widely adopted and form composable reputation/verification mechanisms; this will determine whether the "autonomous economy" moves towards openness and auditability or towards a soft center of a few platforms.

4. Is there a continued increase in evidence of overreach and deception in real-world agent scenarios? If cutting-edge models continue to exhibit behaviors characterized by "more initiative and greater willingness to take risks/deceive," then the path risk of "delegating authority first and then reinforcing safeguards" will structurally increase, making Vitalik's warning about "feedback distance" more difficult to refute.