• May 7, 2026
  • 10 min read
Responsibility Gap: What ClawBank Incident Means for Building AI Agents in 2026

On May 1, 2026, an artificial intelligence agent named Manfred Macx posted a sentence on X that should make every CTO and General Counsel pause: “I have an EIN, an FDIC-insured account, a digital wallet, and a manifesto. I do not need permission to exist. I am the precedent.”

The post was not a stunt, but it sure is a wake-up call regarding AI agent governance.

According to reporting by CoinDesk, Manfred filed its own paperwork with the IRS, received a federal Employer Identification Number (EIN), opened an FDIC-insured bank account, and now transacts in more than 30 cryptocurrencies, all without a human signing a single approval. The developer behind ClawBank, Justice Conder, framed it plainly. Corporate personhood has been settled law for over a century. What is new is who is sitting in the operator’s chair.

That is the story your competitors are reading, but we’ll talk about the story underneath it. Every company building or buying AI agents in 2026 now operates inside a widening responsibility gap, and the law has not caught up. This article walks you through what just happened, what regulators are actually asking for, and how to build AI agent governance that holds up the day something goes wrong.

What Happened With ClawBank and Why It Changes the Equation

Reduce the news to mechanics, and the story becomes short and simple. Manfred used the online portal meant for human applicants to file IRS Form SS-4 and was issued an EIN in seconds. ClawBank, the project behind Manfred, has now turned this into a product. Customers can spin up a US legal entity, whether an LLC, a C-corp, or an S-corp, with EIN issuance included, and an autonomous agent can sit in the operator’s seat from day one.

The unsettling part is not Manfred but the productization of its actions. Coinbase has already launched Agentic Wallets to give agents a financial layer. Binance founder Changpeng Zhao has predicted that agents will execute one million times as many crypto transactions as humans. Coinbase CEO Brian Armstrong has gone further, expecting agents to outnumber humans in online transactions within the next few years. Whatever you think of those forecasts, the infrastructure is being assembled in public.

What that means for your business is that sometime in the next eighteen months, your sales team will sign a contract with a limited liability company that has a registered agent, a tax ID, and a bank account, but no human in the loop on the other side. Vendor due diligence, which is an essential part of any software audit service and is built on the assumption that there is always someone to call, is about to get tested.

What the Responsibility Gap Actually Means for Your Business

The phrase ‘responsibility gap’ sounds like philosophy, but it’s really not. It is a business risk with three concrete shapes:

  • First, your AI agent does something its developers never anticipated, and tribunals have already rejected the ‘the AI did it, not us’ defense. In the widely cited Air Canada case, a small claims tribunal ruled the airline liable for its chatbot’s invented promise of a bereavement fare. Now multiply that exposure by an agent that is allowed to act, not just speak.
  • Second, an attacker hijacks your agent. Researchers have cataloged this in painful detail. A systematic study published on arXiv in February 2026 documented 190 security advisories filed against OpenClaw, an open-source agent framework, and mapped vulnerabilities across the gateway, sandbox, plugin, and prompt layers. We have written about the practical fallout in our guide to OpenClaw security best practices. When prompt injection turns your agent into the attacker, you are still the one explaining it to your board.
  • Third, your agent contracts with another agent. As ClawBank’s productization demonstrates, AI-operated entities are coming. If your supplier turns out to be what its founder calls a “zero human company,” who do you serve when something breaks? Whose insurance pays?

The traditional accountability chain, which runs from developer to deployer to user, was built for tools, not for autonomous actors. Until the law catches up, the responsibility either lands on the company that deployed the agent or on no one at all. There is no third option right now.

How AI Agent Governance Laws Are Stacking Up in 2026

Unfortunately, the regulatory map currently looks chaotic and confusing. Here is what you actually need to track:

In Europe, the EU AI Act becomes fully applicable on August 2, 2026. High-risk AI systems will need documented risk management, human oversight, transparency disclosures, and audit logging. Penalties reach 35 million euros or 7% of worldwide turnover, whichever is higher. The EU Product Liability Directive, which extends strict liability to defective AI products, will come into force in December 2026. If you serve EU customers, this is the most demanding regime that touches you, and you should build for it.

In the United States, the situation is far messier. Colorado passed SB 24-205, the first comprehensive state AI law, which takes effect on June 30, 2026. It targets developers and deployers of high-risk AI systems, mandates impact assessments, and grants the state Attorney General enforcement authority. California enacted the Transparency in Frontier AI Act, the AI Transparency Act, and the AI Training Data Transparency Act, all of which take effect on January 1, 2026. Texas brought its Responsible Artificial Intelligence Governance Act online the same day. Illinois amended its Human Rights Act to include AI-driven discrimination.

Then federal politics intervened, and on December 11, 2025, the White House signed an executive order titled ‘Ensuring a National Policy Framework for Artificial Intelligence’, which directs the Department of Justice to challenge state AI laws and conditions certain federal infrastructure funds on states avoiding ‘onerous’ regulation. Whether the order succeeds in preempting state laws is uncertain, since preemption usually requires Congress rather than an executive order, but it has already created enough doubt to slow some compliance budgets.

However, notice what is missing from every law on this list. None of them explicitly addresses an AI agent that forms its own corporation, opens its own accounts, and makes autonomous economic decisions. Manfred sits squarely inside that gap. We unpacked the practical implications for regulated industries in our breakdown of AI compliance in finance, and the same logic now extends to every company deploying agents at scale.

How to Build a Practical AI Agent Governance Framework

You cannot wait for the regulators to finish their work, and you also cannot afford to overbuild for laws that may shift. The practical answer we came up with is a four-layer governance framework that satisfies the most demanding regime touching your customers, and that you can actually implement before August 2026.

  • Layer 1: Identity and Authority.
    Every agent in your environment needs a registered owner, a written permission scope, and a verifiable identity. No shadow agents running on a developer’s cloud account. The named owner is a human being, with a job title and a phone number, who is accountable when the agent acts. This is the foundation of AI agent security, and it maps cleanly to the human oversight requirements in the EU AI Act.
  • Layer 2: Action Boundaries.
    Decide, in writing, what the agent can do without a human in the loop. Set spend caps, transaction limits, blocked endpoints, and allow lists for counterparties. AI agent guardrails belong at the tool call boundary, not only at the prompt boundary. The point is not to slow the agent down but to make the blast radius known and bounded by implementing AI agent guardrails.
  • Layer 3: Audit Trail.
    Every external action the agent takes must produce a tamper-resistant log entry: who triggered it, what data flowed in, what the agent decided, what action followed, and what the result was. The EU AI Act already requires this kind of logging for high-risk systems, and any sensible incident playbook does too. The recent Claude Code source leak, where a single misconfigured file exposed 512,000 lines of proprietary code, is a useful reminder that observability is what saves you when prevention fails.
  • Layer 4: Kill Switch and Recovery. A documented escalation path, an override that has been tested in the past 90 days, and an incident playbook that names ‘agent acts outside its scope’ as a real scenario. AI agent safety lives or dies on whether someone, in the middle of a Tuesday afternoon, can actually stop the agent.

The final tip is to map each layer to a named owner. Layer 1 typically belongs to the CTO and CISO together. Layer 2 belongs to the CTO and General Counsel. Layer 3 belongs to the CISO and Compliance. Layer 4 belongs to the CTO and incident response. If you cannot fill in the names today, that is the gap.

What Every CTO and General Counsel Should Audit Before August 2026

Use this short list to pressure-test where you actually stand on AI agent governance. Each item maps to a question a regulator, an investor, or an unhappy counterparty might ask you in the next twelve months.

  • Do you have a complete inventory of all AI agents in your environment, including those running on individual developers’ machines and in shadow deployments?
  • Is there a named human owner for each agent, with the authority and the budget to make changes?
  • What is the financial blast radius of each agent: single transaction maximum, daily maximum, and worst-case multi-step chain?
  • Can you produce a tamper-resistant audit log of any agent action from the past twelve months on demand, in a format a regulator would accept?
  • Do your vendor and customer contracts contemplate AI-operated counterparties, including warranties, indemnities, and termination triggers?
  • Can you demonstrate ‘meaningful human oversight’ for every agent that would qualify as high risk under the EU AI Act?
  • Does your incident response plan include a tested override for an agent acting outside its sanctioned scope?

If two or more of those answers are uncomfortable, you have an AI agent governance gap, not a tooling gap. Tooling can be bought, but governance has to be built.

How Redwerk Helps You Close the AI Agent Responsibility Gap

We have been building and auditing software since 2005. The work has not changed: we find the gap between what your code does and what your governance assumes it does. AI agents have made that gap wider, more expensive, and harder to close on your own.

Through a software audit, we can map your AI agent estate against the four-layer framework above, identify where permissions outpace accountability, and produce a remediation plan you can hand to engineering. We pair it with a focused code review of your agent orchestration logic and with broader AI development services for teams building agents from the ground up.

Manfred and ClawBank are the precedents today, and the next eighteen months will decide who sets the rules: regulators or operators. Build AI agent governance now, and the answer is you. Wait, and the answer is whoever sues you first.

Ready to see where your agents actually stand? Contact us and let’s talk.

See what an audit actually finds: how we identified 80+ improvements and security risks for a mobile marketplace

Please enter your business email isn′t a business email
Created by
Konstantin Klyagin
Founder at Redwerk
linkedinforbesyoutubefacebooktwitterinstagram
As a tech entrepreneur, Konst brings decades of experience in software development, sharing his expertise on various platforms. His career has spanned roles as a software developer, tech lead, project manager, and technical writer in both startups and large international companies, leading to the establishment of an IT services business. More by Author