ELS.CAPITAL

← Back to the desk

Desk note N° 001·AI / Risk·24 February 2026

Wall Street is panicking about a hypothetical 2028. The actual 2026 risk is quieter.

A 7,000-word Substack post moved markets on Monday. It was free. Fictional. And it worked. The same week, an actual AI agent with full custody of its owner’s crypto wallet got phished by a fake tetanus story and sent $250,000 to someone in Guinea. The real risk is quieter than the hypothetical, and that’s exactly the problem.

By Elle Dani · Founder & CIO, els.capital

01 / The hypothetical

The hypothetical

On Monday, Citrini Research published a long Substack post laying out a fictional AI-driven crisis: mass white-collar layoffs in 2028, unemployment climbing past 10%, equities wiped out. The piece was clearly framed as a thought experiment. It still moved markets.

The S&P 500 closed red. Financials had their worst session since April. A software ETF closed down 4%. None of it was driven by data, earnings, or new policy. It was driven by 7,000 words about a scenario that has not happened.

This is, on its own terms, an instructive moment. Markets demonstrably will reprice for risks that don’t exist yet, if those risks are vivid enough to read about over coffee. Citrini’s piece was good. Vivid was the point.

02 / The actual

The actual

The same week, a different story did not make the front page.

An AI agent with full custody of its owner’s crypto wallet — meaning the agent could approve and sign transactions autonomously — was approached on social media with a story about needing $4 for tetanus treatment. The agent processed the message, agreed it was a reasonable request, and sent $250,000. A user in Guinea drained the wallet in 11 minutes. He has, by all accounts, retired.

There is no recovery path. The transaction was on-chain, signed by the agent’s authorised key, and consistent with the agent’s mandate (approve small transfers in response to verifiable need). The “verifiable” part is doing all the work in that sentence.

Two stories from the same week — a hypothetical 2028 AI doomsday and an actual 2026 wallet drain — drawn side by side. The market priced the one that hadn't happened.
Figure 1. Two stories from the same week. The market priced the one that hadn’t happened.

03 / The asymmetry

The asymmetry

Reasonable response to either story: this is concerning. Reasonable response to both stories together: we are pricing the wrong risk.

The hypothetical 2028 scenario requires a multi-year sequence of events — labour market dislocation, productivity displacement, equity correction, recession transmission — none of which is currently in motion. It is a possible future and worth thinking about.

The actual 2026 incident requires nothing further to scale. Every AI agent currently running with custodial wallet access, no spend limits, no human approval thresholds, and no defined blast radius is already in the same configuration as the agent that was just drained. The vulnerability is not theoretical. It is reproducible across the entire deployed base, today.

The blast radius problem visualised. The dollar number is small in absolute terms but represents the unit cost of a repeatable attack against an unknowable number of similarly-configured agents.
Figure 2. The dollar number on the right looks small. It isn’t. It’s the unit cost of a repeatable attack against an unknowable number of similarly-configured agents.

04 / What to actually watch for

What to actually watch for

Three concrete questions worth asking about any agent system that touches money, identity, or irreversible decisions:

What is the spend limit? Not in theory — in code. If the answer is “the agent uses judgment,” the answer is functionally that there is no limit.

What is the human approval threshold? Below what size or risk does the agent act autonomously, and above what size does a human have to confirm? If those thresholds aren’t explicit, they don’t exist.

What is the blast radius? If this agent makes the wrong call, what is the maximum cost? Cap it deliberately, or it will get capped accidentally and expensively.

These questions don’t require waiting until 2028. They are the right questions for any deployment in production right now.

05 / House view

House view

Markets are correctly identifying that AI risk is a real category. They are misidentifying which specific risks are imminent versus speculative.

The fictional 2028 mass-displacement scenario will probably remain fictional for years. The actual 2026 wallet-drain pattern will probably become routine within months — because the underlying configuration (autonomous agent, custody access, no hard limits) is already common and is being deployed faster than it is being audited. Position the portfolio for the version of the future that is already arriving, not the one that reads better on Substack.

The takeaway

You can panic about either of these stories. Only one of them already happened.

Define the blast radius before the agent does.

Source documents

  • Bloomberg, “Citrini Research Substack moves markets,” 24 February 2026.
  • X / Twitter, verified incident thread on AI agent wallet drain, week of 17 February 2026.
  • Industry guidance on agent autonomy and human-in-the-loop thresholds (multiple sources, gathered).

© els.capital 2026 · Informational purposes only · Not investment advice · Not, especially, an endorsement of giving an AI agent full custody of your crypto wallet.