Dialogue with Coinbase engineer Julie Shi: AI Agent lacks intelligence, what it lacks is an IAM that everyone can use

Author: ChainCatcher Special Correspondent

At the age of 20, Julie Shi became the first female engineer in the algorithm team of the autonomous driving company Pony.ai. Today, five years later, her identity spans across the worlds of AI and Crypto—Coinbase software engineer, founder of Satoshi Inc, core contributor to the Berkeley Sky Computing Lab rLLM framework, one of only five Fellows in the history of ENS DAO, as well as the champion of the MIT GenAI Competition and multiple finalist at ETHGlobal.

Unlike many practitioners who have "transitioned" from Web2 to Web3, Julie has never "transitioned." AI and Crypto have always been parallel lines for her— from Pony.ai to Meta, and then to Coinbase and Satoshi Inc, she has consistently walked both paths simultaneously.

In this conversation, Julie did not provide an optimistic narrative about AI × Crypto. Instead, she candidly discussed why on-chain identity management is technically superior to Web2, yet why it may not work in reality—and under what conditions this could actually happen.

1. AI and Crypto are Never Either/Or

Reporter: Your experience is very interesting—Pony.ai, Meta, Coinbase, ENS DAO, Berkeley's rLLM project, which includes both pure AI and pure Crypto. Many people would interpret this as a "shift from AI to Crypto," but it seems you don't see it that way?

Julie Shi: Right, it's definitely not a shift. I was already engaging with Crypto when I was in the algorithm team at Pony.ai at 20; the two things have always been parallel.

I actually don't think AI and Crypto need to overlap. Many times, they address completely different levels of problems, and there's no need to force them together. The reason I like them is that both fields have tremendous leverage to change the world. The leverage of Crypto is permissionless global finance, which allows the flow of capital and value without needing access; the leverage of AI is the exponential leap in productivity. Moreover, both have very passionate and intelligent communities. For a builder, being able to stand in both communities is a fortunate thing.

Reporter: Do you see any commonalities among the people in these two communities?

Julie Shi: Highly overlapping. The earliest adopters of AI and the earliest adopters of Crypto are basically the same group of people—projects like OpenClaw often have participants who are deeply involved in both fields. This is not a coincidence; these people are essentially extremely sensitive to new paradigms. They are not pursuing a specific track but rather the cutting edge of technology itself.

Reporter: However, many projects on the market are indeed trying to force AI and Crypto together. What do you think of this combination?

Julie Shi: Most of these "AI × Crypto" projects are just Web2 logic in a new shell—issuing a token with an AI concept or moving inference on-chain and calling it AI × Crypto. I'm not particularly buying into those.

But that doesn't mean there aren't real intersections between the two. From a builder's perspective, when AI agents start to act autonomously, they need identity, payment capabilities, and permission management—this is not a concept; it's an engineering problem. And this engineering problem happens to be something that the Crypto native tech stack is better at solving. This intersection occurs naturally, not forced.

2. From Hackathon to Vibe Coding: Why Agent Identity is Only Now Being Discussed

Reporter: You are a multiple finalist at ETHGlobal and ETHDenver, considered a very active builder in the hackathon community. But I heard you've been participating less recently?

Julie Shi: That's true. Since vibe coding emerged, the hackathon ecosystem has changed—creating a runnable demo in a short time is no longer a scarce skill. For software engineers, the significance of these short-term sprints has actually decreased, and the core competitiveness has returned to the model capabilities themselves. Vibe coding is more valuable for non-engineers; it truly empowers those who previously couldn't write code.

For me personally, I increasingly feel that the value of hackathons is not in "impressing someone with new ideas repeatedly," but in long-term building. Once the creation threshold is lowered, the scarce thing is no longer "can it be done," but rather "can it run in the real world after it's done."

Reporter: How does this observation connect to what you want to discuss next about agent identity?

Julie Shi: Precisely because vibe coding has made the "manufacturing" of agents extremely easy, we are about to face a world with an explosion of agents—everyone can vibe code three to five agents over a weekend. At this point, the real bottleneck is not whether agents can do things, but whether these agents can be trusted, authorized, and paid in the real world.

The explosion on the supply side has exposed the gaps in infrastructure. This is why x402 and agent identity have suddenly become important.

3. Agent Identity: A Paradigm Shift in Web2 Authentication Models

Reporter: You mentioned that AI agents need identity and permission management. What does this specifically mean? Can't the existing Web2 system solve this?

Julie Shi: The entire authentication model of Web2—OAuth, session, API key—is designed for human users. It assumes there is a "person" operating, who will log in, click authorization pop-ups, and remember passwords.

But AI agents are not people. They need to autonomously complete payments, sign, and authenticate identities, and do so 24/7. You can't have an agent pop up an OAuth window every time it executes a task waiting for someone to click "allow."

The x402 protocol is part of the attempt to solve this problem—allowing agents to autonomously complete on-chain payments. But payment is just the tip of the iceberg; the more fundamental issue is identity. Agents need a native, machine-readable identity layer that does not rely on human operation.

Reporter: Your work on subdomain identity management at ENS DAO is related to this, right?

Julie Shi: Yes. What I do at ENS is help large organizations manage on-chain subdomain identities—like .cb.id, .uni.eth. The use case at that time was mainly at the organizational level: a DAO or a company needs to assign a unified on-chain identity to its members.

But if you push this logic one step further, it also applies to agents. An organization can assign on-chain identities to its AI agents, using subdomains to define the agent's role, scope of permissions, and boundaries of behavior. This is much more elegant than creating a set of API keys for each agent in the current Web2 and then praying it doesn't leak.

4. Why This Path May Not Work

Reporter: It sounds like on-chain identity is technically a better solution, but you also mentioned it "may not succeed." Why?

Julie Shi: Because there is a very real issue: privacy.

Large companies will not put their internal permission management structures on a public chain. No company wants its IAM structure to be readable by the public—who has what permissions, which agents are executing what tasks, what the internal hierarchy looks like, these are all extremely sensitive pieces of information. Putting these things on-chain would mean making the company's operational logic transparent to the entire world.

ENS does have many users at the retail level, buying domain names, setting avatars, creating profiles, but these are not high utility scenarios. The truly high utility scenarios—enterprise-level identity management, agent permission control—are precisely where privacy issues are most severe.

So frankly, this path may not work under the current conditions.

Reporter: Then why are you still paying attention to this direction?

Julie Shi: I'm not directly working on this, but I have been keeping an eye on it. Because this direction is technically correct; it just lacks a piece of the puzzle. And that piece is already being filled by someone.

5. On-Chain Privacy Changes the Entire Equation

Reporter: What do you mean by "the missing piece of the puzzle"?

Julie Shi: Privacy computing. Specifically, FHE (Fully Homomorphic Encryption), TEE (Trusted Execution Environment), or any technology that can achieve "computable but unreadable" on-chain.

If you can make on-chain data verifiable and computable but not readable by any third party, then all the previous problems disappear. The enterprise's IAM structure is on-chain, but no one can see its specific content. The agent's permissions are verified on-chain, but the agent itself never touches keys and credentials—it doesn't need to "know" what permissions it has; the chain can prove it is indeed authorized to perform a certain operation in an encrypted state.

This is equivalent to an IAM role that everyone can use.

Reporter: Can you elaborate on what you mean by "an IAM role that everyone can use"?

Julie Shi: What is IAM like in Web2 now? If you want to use AWS's IAM, you need an AWS account; if you want to use Google's permission management, you need to be in Google's ecosystem. Each platform's IAM is closed, non-interoperable, and you must hand over your credentials to the platform for hosting.

If on-chain identity is combined with privacy computing, you have an open, permissionless layer of permission management. Anyone, any agent can connect without needing a centralized service provider to create an account for you. Agents do not touch or store any keys and credentials because permission verification occurs entirely in an encrypted state—they don't even need to "see" their keys; they just need to be proven on-chain that they indeed hold the keys.

This eliminates an entire class of security risks. One of the biggest headaches in Web2 now is credential leakage—agents being injected with attacks, API keys being logged in plaintext, tokens expiring without refresh leading to privilege escalation. If agents never touch credentials from start to finish, these problems simply do not exist.

Reporter: You previously worked on an on-chain FHE poker game, which counts as practice in this direction?

Julie Shi: Yes, that was the first on-chain poker game based on FHE, running on fhEVM. Poker is a great testing scenario—each player has their own hand, which others cannot see, but the legality of the moves needs to be verified on-chain. This is actually the same logic as agent permission management: you need to prove that a certain operation is legitimate without exposing any private information.

My judgment is: the direction is correct, but the current performance bottleneck of privacy computing is significant. The computational overhead of FHE, the hardware dependencies of TEE, these are real engineering challenges. However, from a trend perspective, these issues are being rapidly advanced, and I don't think this is a permanent obstacle.

6. Intelligence is Not the Bottleneck; Infrastructure Is

Reporter: You are working on the rLLM project at Berkeley Sky Computing Lab, and the models trained with this framework have surpassed GPT-4 level performance on multiple benchmarks. From your perspective, what stage are AI agents at now?

Julie Shi: rLLM is an open-source framework for LLM post-training using reinforcement learning. The models we trained—DeepSWE achieved 59% on SWEBench-Verified, and DeepCoder reached 60.6% on LiveCodeBench—these numbers indicate one thing: the "intelligence" of agents is no longer the bottleneck.

Current AI agents can write code, call APIs, and perform complex multi-step reasoning. But what they can do in the real world is limited by infrastructure—they lack native identities, secure payment channels, and privacy-protected permission management.

It's like building a very high-performance car but having no roads, no gas stations, and no traffic rules. The car itself is not the problem; the road is.

Reporter: So what do you think is the most worthwhile direction to focus on next?

Julie Shi: The infrastructure layer for agents. Whoever can enable agents to safely possess identities, manage permissions, and complete payments will define the foundational protocols of the next generation of the internet.

This is difficult and may fail many times. But the direction is clear, and it's worth the smartest people trying.

Julie Shi currently serves as a software engineer at Coinbase and the founder and CEO of Satoshi Inc, which is valued at $5 million. She is one of only five Fellows in the history of ENS DAO, a core contributor to the Berkeley Sky Computing Lab rLLM project, the champion of the MIT GenAI Competition, and a multiple finalist at ETHGlobal SF, ETHDenver, and ETHGlobal Superhack. She received a full scholarship to Draper University from Tim Draper and was admitted to MiraclePlus (formerly YC China).