Key Facts
Bybit announced on 20 May 2026 the launch of AI Sub-Accounts, a dedicated account type that isolates AI trading agents from a user’s primary funds.
The account type is separate from regular, custodial, and Islamic sub-accounts and is now live to all Bybit users.
Any trader connecting an AI agent to Bybit operates through an AI Sub-Account by default, with all agent activity confined to the sub-account and zero cross-account movement.
Account holders can set per-agent restrictions including maximum asset holdings, disabled withdrawals, and leverage caps; execution is API-only with no login or in-app switching access.
Quoted on the launch is Victor Wu, Bybit’s Head of AI Agent Architecture; Bybit describes itself as the world’s second-largest crypto exchange by trading volume, serving over 80 million users.
Bybit has launched AI Sub-Accounts, a dedicated account type designed to ringfence AI trading agents from a user’s primary funds. Announced on 20 May 2026 and now live to all users, the feature puts a hard boundary between a trader’s main portfolio and whatever an AI agent does — directly addressing the security risks that have emerged as agentic trading has moved into live market environments.
The risk the product addresses
The threat model is specific. As AI agents have gained prominence in automated trading, the dominant concern has shifted to unrestricted API access. A trader who connects an AI agent to their exchange account via standard API keys exposes the entire balance to that agent — and to anything that compromises it. Bybit frames the failure modes plainly: compromised agents, code vulnerabilities or rogue agents could trigger unauthorised fund transfers or liquidations, potentially leading to irreversible losses.
The AI Sub-Account is Bybit’s structural answer. Rather than relying on the trader to scope API permissions correctly, the exchange confines all agent activity to an isolated account type that is ringfenced from primary funds and from other sub-accounts. As Cryptobriefing put it, the design means an AI bot “can’t suddenly decide to go 100x long on a memecoin at 3 a.m.” while the trader is asleep.
How the controls work
The account type layers several preventive measures. The ringfenced environment keeps authorised agents in a completely separate account, preventing excessive or unintended access to the trader’s broader holdings. Mandatory fund containment confines all agent transactions, trades and activity to the designated sub-account with zero cross-account movement capability — the agent cannot move assets out, even to the parent account, without the trader’s intervention.
On top of that isolation, traders set their own boundaries on a per-agent basis: maximum asset holdings, disabled withdrawal functions, and leverage caps. Oversight is read-only from the parent account, giving full transparency into agent activity and real-time monitoring without requiring constant intervention. And execution is API-only — there is no login access or in-app switching to an AI Sub-Account, which closes off account hijacking and unauthorised manual access to AI-controlled funds.
Victor Wu, Bybit’s Head of AI Agent Architecture, framed the launch as a necessary evolution of the security baseline. “We recognize that as agentic trading enters the mainstream, the security baseline has to evolve. No agent should have unchecked power over a trader’s full portfolio,” Wu said. “The new and refined setup prevents AI agents from controlling a trader’s entire account or moving assets unpredictably. Bybit’s AI Sub-Account creates a security perimeter that protects assets while allowing traders to benefit from AI innovation.”
A sandbox for strategy validation
Beyond containment, the account type doubles as a testing environment. Traders can assign new AI agents or experimental strategies to operate in a ringfenced sub-account before broader deployment, allowing safe validation and performance monitoring without exposing primary account holdings. That use case matters as the market fills with third-party AI trading tools of widely varying quality — the sub-account lets a trader run an unproven agent against a capped balance before trusting it with more.
The default-on design is the most consequential detail. Because any trader connecting an AI agent operates through an AI Sub-Account automatically, the baseline asset protection applies regardless of the user’s experience level or technical knowledge. That removes the most common point of failure in API-key security: the user who never configures permissions correctly in the first place.
Context: agentic trading’s security moment
Bybit’s launch lands in the same window as a wave of agentic trading infrastructure. cTrader recently launched AI Agent Connect, exposing its FX/CFD platform to AI agents via Model Context Protocol servers, and Binance Wallet launched a keyless agentic wallet for AI agents in late April. As the tooling to connect agents to live trading proliferates, the security layer around those connections becomes the differentiator.
The timing also reflects Bybit’s own history. The exchange suffered the largest crypto theft on record in February 2025 — a US$1.46 billion breach attributed by the FBI to North Korean operatives, which CertiK’s recent regulatory report cited as a textbook case of infrastructure compromise rather than smart contract failure. That experience has visibly sharpened Bybit’s security positioning, and the AI Sub-Account extends the same containment logic — isolate the blast radius — from custody infrastructure to autonomous trading agents.
FAQ
What is a Bybit AI Sub-Account?
It is a dedicated account type that isolates AI trading agents from a user’s primary Bybit funds. All agent transactions are confined to the sub-account with no cross-account movement capability, and traders can set per-agent restrictions including maximum asset holdings, disabled withdrawals and leverage caps. It is separate from Bybit’s regular, custodial and Islamic sub-account types.
Do I have to opt in to use it?
No. The AI Sub-Account is now live to all Bybit users, and any trader connecting an AI agent to Bybit operates through an AI Sub-Account by default. This ensures baseline asset protection regardless of the trader’s experience level or technical knowledge.
Can an AI agent withdraw funds from the account?
Account holders can disable withdrawal functions on a per-agent basis, and all agent activity is confined to the designated sub-account with zero cross-account movement capability. Execution is API-only, with no login or in-app switching access, which prevents account hijacking and unauthorised manual access to AI-controlled funds.
The strategic significance of the AI Sub-Account is that it treats AI agents as inherently untrusted actors and designs the account architecture accordingly — isolate, cap, and monitor by default, rather than trusting users to scope permissions themselves. As agentic trading scales, that “contain the blast radius” principle is likely to become the standard design pattern across exchanges, much as withdrawal whitelisting and 2FA did in the previous security cycle.
