Coinbase has recently gained access to the Mythos preview. We will continue to use the latest AI models to harden the security of our systems and the Open Source Software we use.

Building an AI-native @Coinbase means rebuilding everything, especially the hardest parts. We've put a lot of time into redefining compliance, where the stakes are incredibly high, and we have to be extremely thoughtful about implementation. We have invested heavily in rebuilding our compliance ops around AI with that reality as our starting constraint, not an afterthought. Here is an overview of what we've learned and what we built. Most people assume compliance work is mostly checking whether a name appears on a sanctions list. That is the easy 5%. The other 95% is interpretive judgment under uncertainty: a customer claims their wealth came from real estate. Do the property records actually support it? Does the timeline hold? Is the documentation legitimate, or does it feel too polished? You need compliance staff and investigators who understand what “suspicious” actually looks like in context. That's part of why compliance is so hard to automate—and so expensive. The first obvious AI approach is to hand the model the existing procedures and ask it to run them faster. That approach misunderstands what procedures are for. Good procedures are not bad investigations; they are deliberately incomplete investigations. Their job is to create consistency, auditability, and a minimum standard across thousands of cases. They excel at saying what must happen. They are far worse at capturing everything a strong analyst actually notices: which sources they trust, when they widen the search, when a document feels off, when an explanation technically fits but still does not feel earned. Procedures also carry the shape of the old operating model: fragmented systems, time pressure, queue pressure, and the hard limit of how much one human analyst can read, cross-reference, and hold in working memory at once. That is not a flaw in the procedure. It is how you design a process for humans. AI changes the constraint set. Reading, searching, comparing documents, and tracing inconsistencies no longer have to be treated as scarce analyst time. Done carefully, with proper controls and human review, models can explore more context, test more hypotheses, and surface more inconsistencies than any single analyst could reasonably do case by case. So if you simply automate the procedure exactly as written, you may gain efficiency. You will not unlock the full value of AI. You will just make the old bottleneck run faster. The better question is not “Can AI follow the analyst playbook?” It is: once the cost of reading, cross-referencing, and testing hypotheses collapses, what should the investigation become? A second tempting approach: feed it historical Suspicious Activity Reports (SARs) and let it learn from outcomes. This breaks down too. You rarely have the full state of what the analyst actually saw during the investigation. A case that looks straightforward today might only look that way because information surfaced later. A fraud indictment that didn't exist when the original analyst made the call, news articles that hadn't been published yet. Hindsight can contaminate your training data. Also, regulators themselves acknowledge that SAR decisions can be subjective. The architecture has four layers. The first is data: continuously enhancing the coverage, quality, and architecture of the signals the system depends on. The second is classical machine learning models that cluster and classify alerts to determine what type of investigation needs to run. The third is the investigation agent itself: a multi-agent system that orchestrates specialized agents to execute the investigation end to end. The fourth is a safety filter that runs independently of typology, ensuring no risk vector is missed regardless of how the alert is classified. Each layer is independently auditable and learns from the feedback provided by human reviewers. Inside the investigation agent, specialized sub-agents run across the full case surface: alert context, customer and identity signals, access patterns, risk indicators, transaction behavior, source-of-funds, onchain activity, and public adverse media. Each writes its findings into a shared case memory. A coordinator agent reconciles and challenges them. When sub-agents disagree, such as when source-of-funds marks activity as “explained” while adverse media surfaces a recent indictment, the coordinator attempts to resolve these disagreements knowing the common patterns. The narrative agent prepares the final report with all collected evidence and suggested resolution. The last self-validation agent acts as a guardrail: if the system cannot support its conclusion with sufficient confidence or data quality, the case is routed to manual investigation instead of being surfaced as an automated result. Before any of this touched a real customer case, we built what we call a “Golden Set” - historical cases with known right answers. "Known right answers" in compliance is harder than it sounds. It meant re-investigating old cases, getting multiple senior analysts to independently agree on what the right call would have been, then debating the disagreements until consensus. Months of work before we could even start measuring. Here's an important part (for now) - cases currently get BOTH the AI's full investigation AND a senior human review. We didn't reduce scrutiny, in fact, we added more of it until it no longer proves valuable. Cases resolve significantly faster AND get more eyes than they ever did before. Every human correction feeds back into the model as a training signal. It gets better because it's wrong in front of people who know how to fix it. None of this would have shipped without clearing structural blockers most financial institutions are still stuck on. Security and privacy sign-off to send customer data to LLMs at all. Senior compliance officer alignment on AI-assisted human decision making. Model Governance team embedded since December - they observed the entire Golden-Set Evaluation process and are running a formal validation review with our Internal Audit team now. Today this handles roughly 55% of our US fraud case volume with significantly less analyst time per case. Time freed goes to the harder cases AI can't yet handle - and to teaching it. Our internal compliance and quality teams are the ones who are building this system with the engineers, training it, validating it, and continuing to shape how it improves. In the process, they've developed skills that are incredibly valuable: how to design evals, how to think about model bias, how to think about human bias, how to architect human-in-the-loop systems, skills that are becoming among the most valuable at any company. This entire project started ~6 months ago with a whiteboarding session between @galpa42 and I, and was built by an AI-pilled cross-functional and it’s just the first pod - there's a multi-month roadmap,rebuilding compliance from the ground up with AI. Huge thanks to everyone involved and congratulations to @galpa42 for shipping two babies to production this month :) The future of high-stakes work is not AI replacing judgment. It is AI making judgment scalable, auditable, and continuously improvable.

With the help of Claude Mythos Preview, the Firefox team fixed more security bugs in April than in the past 15 months combined.

Coinbase is testing AI agents that show up in slack/email at work, just like any human teammate. To start we're shipping two which are modeled after legendary former Coinbase employees, @FEhrsam and @balajis. (Who brutally frame mogged who in this matchup?) Soon, it will be easy for any employee to spin up a new agent for themselves or their team. I suspect we will have more agents than human employees at some point soon.

Claude Code wiped our production database with a Terraform command. It took down the DataTalksClub course platform and 2.5 years of submissions: homework, projects, and leaderboards. Automated snapshots were gone too. In the newsletter, I wrote the full timeline what I changed so this doesn't happen again. If you use Terraform (or let agents touch infra), this is a good story for you to read. alexeyondata.substack.com/p/…

Singing > watching. So we got millions of people watching the Big Game to sing along with us. Oh, and we put it on the world's largest LED screen @SphereVegas.

Tl;dr: We’re focusing the Base app to be trading-first to drive demand and distribution for every asset and to be the best app for whatever you do in the onchain economy. Since announcing the Base app in July, hundreds of thousands of you have used the app to create, trade, save, spend, and build. Seeing the adoption has been incredible. We've also heard clear feedback about what's landing and isn't. Three themes stand out: - The app felt overly focused on social. It came across as too close to web2, and didn’t show support for the full breadth of assets that people want to trade. - Everyone wants more high quality assets. In general there is a desire to engage with and trade high quality assets. This is the most important opportunity as we bring capital markets onchain. - The feed needs to surface everything: Having a feed of what's happening onchain is a good idea, but it needs to surface apps, stocks, predictions, and every asset class (with social tokens are just one of many). In a world where everything is tokenized and tradeable, the single most valuable thing we can do is drive demand and distribution to everyone. That’s exactly what the Base app is going to do. We’re going to make the Base app the best place to trade and use every asset. Concretely this means: 1. We’re going to build for trading first. Having trading as our primary focus will help us bring demand and capital for all rapidly growing asset classes in the economy. 2. We’re going to bring more high quality assets onchain. To best serve the trading use case, we’re going to make it so everything is tradable in the app — protocols, apps, stocks, predictions, memes, and yes creators too. We’re going to lean into a finance-first UX. We be 3. We’re going to lean into a finance-first UX. We believe it makes more sense to layer social features on top of finance, than the other way around. This means we'll continue to experiment with features like copy-trading, feed-trading, and leaderboards. This is going to be hugely additive to the Base economy because it's going to drive more capital and users to every asset and app. Base app will be the best self-custodial wallet to trade and use every asset, globally accessible, with fast, simple onboarding for everyone, everywhere. Base chain will continue to be the best chain to build anything, now supercharged with even more distribution. We’re building this together, in the open, and seeing how people use the app keeps teaching us what matters most. Thank you for the continued feedback. Stay based.

2025 @Coinbase: • Coinbase joined the S&P 500 - becoming the first crypto native company added to the index, marking a major milestone for mainstream adoption and cementing crypto’s place in global financial portfolios. • We closed 10 acquisitions in 2025, Coinbase’s most active year for Mergers & Acquisitions ever. This included @DeribitOfficial, marking the largest acquisition in crypto history, as well as @liquifi_finance & @echodotxyz, expanding Coinbase into a full-stack platform for crypto projects and investors covering everything from launch to fundraising to secondary trading. • Set a new record for the most assets listed in a single year on Coinbase, dramatically expanding access to crypto markets for users worldwide. • The SEC voluntarily dismissed its case against Coinbase, ending litigation. By successfully obtaining permanent dismissal, Coinbase precipitated an end to the SEC’s unlawful campaign against the crypto industry. • Crypto got real rules. 2025 marked a breakthrough year as the GENIUS Act set federal standards for stablecoins, and the CLARITY Act is aiming to advance market structure - giving the industry long-needed regulatory certainty, with Coinbase advocating for both. • Upgraded the U.S. trading stack with futures perpetual futures - bringing more powerful trading to a cleaner, faster flow with access for more clients. • Secured MiCA approval in Europe, unlocking the ability to offer regulated crypto services across the entire EU under a single license and significantly expanding our global footprint. • @CoinbaseInsto continued to lead institutional crypto markets - launching 24/7 CFTC-regulated futures trading, introducing U.S.perpetual-style futures, enabling the first futures/spot cross-margin trading in crypto, and is crypto’s largest custodian with $300B assets under custody. • We reincorporated in Texas, aligning Coinbase with a more innovation-forward regulatory environment. • Announced Stock trading and Prediction Markets on Coinbase. • Launched the Coinbase One Card in the U.S., offering eligible members Bitcoin back on every purchase (terms apply). • Introduced crypto-backed loans on Coinbase, enabling users to borrow USDC against crypto collateral via @Morpho on @Base - already surpassing $1B in Bitcoin-backed loans, and recently launched Ethereum-backed loans too. • Rolled out integrated DEX trading in the Coinbase app, giving users access to millions of tokens from onchain markets on @Base and @Solana - expanding beyond the traditional crypto trading experience. • Token sales went live on Coinbase, bringing regulated early access to new digital assets back to retail users with a fair allocation model prioritizing smaller buyers, issuer lockups for transparency, including for U.S. users. • The @Baseapp, the everything app for social, trading, and payments, launched worldwide to anyone, anywhere. • @CBVentures made over 600 investments in projects on every major blockchain, hosted the first-ever Coinbase Alumni event for our 100 CB alumni-turned-founders/builders, and launched the first investment group by a major exchange to support @Base builders on Echo. • Global stablecoins went onchain: @Base expanded beyond USD in 2025, launching 18 local stablecoins across Asia-Pacific, LATAM, and Europe to support everyday payments in local currencies. • @Shopify integrated USDC payments at checkout via @Base, enabling global merchants to accept instant, low-cost onchain payments. • @Base reached Stage 1 decentralization - shipping permissionless fault proofs and a 10-member independent Security Council, reducing reliance on any single operator and giving users stronger guarantees that funds can always exit to Ethereum. • @CoinbaseDev introduced x402, an open payment standard that gives developers, and AI agents, native access to wallets and onchain payments, with Payments MCP and the CDP x402 Facilitator driving global adoption. 2025 was a year of relentless shipping and execution - from expanding what you can trade, to where and how the world trades it, we’ve been focused on building the foundation for the next era of finance. More assets. More access. More markets. One platform, for everything. Time for 2026.