Crypto exchange Gemini launched Agentic Trading on April 28, allowing customers to connect AI assistants — including ChatGPT and Claude — directly to their accounts and have the model place real orders. The system runs on the Model Context Protocol, the open standard for tool-calling that Anthropic introduced last year and that has since been adopted broadly across the agent ecosystem. Gemini exposed its full trading API as MCP 'Trading Skills' covering market data, bid-ask spreads, historical candles, and order placement.
What is new here is not the AI doing trades — bots have been trading crypto for a decade — but the surface area. By plugging the entire exchange API into MCP, Gemini lets an end user describe a strategy in natural language to a generic chatbot, and that chatbot has the credentials to execute. Gemini calls itself the first agentic trading tool offered through a regulated U.S.-based exchange, which puts the question of liability squarely inside an existing compliance perimeter rather than out at the edge of an unregulated bot.
The risk profile is also worth naming. Connecting a stochastic, jailbreak-prone language model to a live market is qualitatively different from giving it access to your calendar. Prompt injection through a malicious chart description, a hallucinated price, or an over-eager interpretation of 'buy the dip' all become real money. Gemini's own MCP documentation will determine how granular permissions, spending limits, and audit logs really are, and regulators in both the SEC and CFTC orbit are likely to take notice.
Takeaway for learners: MCP is becoming the connective tissue between models and the rest of the world. If you want to understand where agentic AI actually lives — and where its failures will show up first — read the MCP spec, then look at which APIs companies are choosing to expose through it. The choice of what to make tool-callable is itself a policy decision.