Should AI agents ever be allowed to hold private keys?

I’m launching DCP for Alpha Day and wanted to ask the community something real:

Should AI agents ever be allowed to hold private keys, API keys, or sensitive credentials directly?

A lot of agent workflows today still depend on keys sitting in .env files, configs, local memory, or tool settings.

That works for demos.

But once agents can spend money, call paid APIs, sign wallet transactions, access private data, or deploy code, it starts to feel wrong.

My view is that agents should request permission instead of holding secrets.

DCP is my attempt at that:

- keys stay encrypted locally

- agents request scoped actions

- user approves from Telegram or the app

- DCP signs locally

- budgets, logs, and revoke keep the user in control

Curious where people draw the line.

What would you trust an AI agent to do?

Spend $5 a day?

Use your OpenAI key?

Sign a wallet transaction?

Access private docs?

Deploy code?

Send messages?

And what would you never let it do directly?