Catena Labs wants to build a bank for AI agents, and that’s harder than it sounds

Sean Neville is back with a familiar idea aimed at a different layer of finance.

The Circle co-founder has raised $18 million for Catena Labs, backed by a16z, with a pitch that’s easy to summarize: build the first AI-native financial institution. The goal is a regulated financial platform built for software agents that can move money, manage treasury, and run compliance workflows on their own.

That distinction matters. Most fintech products still assume a person is somewhere in the loop, approving payments, checking dashboards, or cleaning up reconciliation after something goes sideways. Catena is betting that a lot of that work moves to autonomous systems, and that the current financial stack isn’t built for them.

It’s ambitious. It also gets to the hard part faster than most AI-in-finance pitches do. The challenge isn’t using AI around finance. It’s rebuilding financial infrastructure so AI can operate inside it without blowing through regulation, security, or liability boundaries.

What Catena is trying to build

Neville describes the idea as agent-native finance. In practice, that means APIs and infrastructure where an AI agent can:

• initiate payments
• reconcile accounts
• manage cash positions
• trigger compliance checks
• leave behind a usable audit trail

From a developer’s perspective, the pitch is straightforward. Catena wants to be a banking and payments layer where the primary user is software, not a person working through a web app.

That’s a bigger shift than it first appears. Banking systems were designed around human identity, human intent, and human accountability. AI agents muddy all three.

Who is the legal actor when an agent sends money? How do you verify the agent has authority? What does AML screening look like when transactions are machine-generated and continuous? How do you stop a bad prompt, a compromised key, or a broken planning loop from turning into a treasury incident?

Those are the product questions.

The shape of the platform

Based on what’s been discussed so far, Catena’s stack looks like a layered system:

1. A regulated ledger core for balances, settlement, and immutable records
2. An orchestration layer where agents call payment and treasury APIs over REST or gRPC
3. Compliance automation with policy engines and anomaly detection
4. Developer SDKs for Python and JavaScript clients

The SDK piece is easy to picture. A Python agent calls something like:

from catena import Client

client = Client(api_key="YOUR_API_KEY")
response = client.payments.create(
from_account="agent_wallet_1",
to_account="merchant_wallet_42",
amount=1500,
currency="USD",
metadata={"order_id": "ABC123"}
)

That’s the easy part. The hard part is everything behind it.

If Catena wants developers to trust agent-initiated transactions, the platform has to be solid in four areas.

Identity

An agent needs a verifiable identity tied to an organization, a permission scope, and key management that holds up under normal operational failure. The reference architecture points to DIDs, OAuth2/JWT scopes, and SOC 2-audited key management.

That all makes sense. The messy part is that agent identity still doesn’t map cleanly to old user models. Software can spawn sub-agents, rotate context, and act across multiple systems. If Catena gets identity right, it won’t be because it chose the right acronym. It’ll be because the permission model is clear enough that developers can reason about it under pressure.

Deterministic controls

Finance does not tolerate ambiguity. LLMs produce plenty of it.

So any serious agent-native financial system needs hard boundaries between what the model can decide and what the platform enforces. Catena’s policy-as-code approach is one of the stronger parts of the pitch. A rule like:

rule high_value_transfer {
when amount > 100000 USD then flag_for_manual_review
}

is exactly the sort of thing you want. Transfer policy should sit in a deterministic control plane, not in whatever a model happens to infer.

Auditability

If an agent pays the wrong vendor, flags the wrong transaction, or creates exposure it shouldn’t, somebody has to reconstruct what happened.

Cryptographically signed logs and an immutable ledger help, assuming they include enough context to explain intent, authorization, and upstream model decisions. An append-only log by itself won’t satisfy internal audit if nobody can answer a simple question: why did the system do this?

Idempotency and failure handling

The most underrated item in this architecture is idempotency. If a retry creates a duplicate payment, that’s a financial controls failure.

Anyone evaluating Catena should spend less time on the phrase “AI-native bank” and more on retry semantics, transaction finality, rollback models, dead-letter handling, and human escalation paths. That’s where trust comes from.

Regulation is part of the product

A lot of AI startups talk about compliance like it’s overhead. In finance, it’s part of the product.

Catena says it wants to operate under standards like KYC/AML and PCI-DSS, while adapting them for machine-to-machine transactions. That’s the right target. Regulated finance doesn’t need another speed-first infrastructure pitch.

The hard part is obvious. Regulation assumes accountable people and legally recognized entities. AI agents are neither. So Catena has to map agent behavior back to organizational authority in a way regulators, auditors, and insurers will accept.

That probably means a stricter operating model than some AI teams would like:

• every agent bound to an enterprise identity
• scoped permissions by workflow
• hardware-backed keys or HSM-backed signing
• mutual TLS for sensitive calls
• mandatory human review thresholds
• versioned compliance rules with test coverage in CI

None of this is flashy. It all matters.

Old rails still shape the system

There’s a real tension in Catena’s design. It wants machine-speed finance inside a system that still has to talk to legacy rails.

The source material points to support for ACH, SWIFT, and crypto rails. That’s the practical choice. No serious financial platform can stay inside crypto-native infrastructure and pretend that solves the problem. But interoperability comes with baggage.

ACH is slow. SWIFT is message-driven and operationally messy. Card networks carry their own compliance and dispute logic. Crypto rails settle differently, expose different risks, and can create false confidence about finality.

So the promise of 24/7 autonomous financial orchestration runs into cutoff windows, sanctions reviews, and cross-border exception queues very quickly. Those aren’t edge cases. They’re normal finance operations.

That’s why full autonomous treasury still looks far off for most enterprises. Narrower use cases make more sense: payouts, reconciliation, liquidity monitoring, controlled vendor payments. End-to-end treasury with minimal human oversight is a much higher bar.

What developers should watch

Catena is interesting for a few reasons.

First, it treats agents as first-class financial actors. That’s a meaningful shift from the current model, where AI copilots sit beside ERP systems and banking tools. If Catena can make agent permissions, execution, and compliance legible, it could become infrastructure other fintechs build on.

Second, the platform seems to assume a modern stack: gRPC, protobuf schemas, SDKs for Python and JS, and a compliance engine that can be tested and updated like software. That fits teams already building agent systems and service-oriented backends.

Third, it raises the right operational questions. If you’re looking at anything in this category, ask about:

• key custody and signing flow
• scope granularity for agent permissions
• replay protection and idempotency keys
• sandbox fidelity versus production controls
• audit log structure and event provenance
• rate limits, latency, and settlement guarantees
• human override and incident response

That’s the checklist.

What would make Catena matter

Catena is going after a real mismatch.

AI agents are getting better at bounded operational work. Finance has plenty of bounded operational work. But the surrounding systems still assume people, screens, tickets, and business hours. If Catena can turn regulated financial operations into programmable, policy-constrained building blocks for agents, there’s a real platform opportunity there.

The weaker part of the pitch is the category framing. “The first AI-native bank” makes for a good headline and a blurry product definition. Plenty of companies will claim pieces of this stack: payment orchestration, treasury automation, agent tooling, compliance automation, embedded finance. The company that matters here will be the one that makes regulated execution boring enough for enterprises to trust.

That’s the standard in finance. Boring, traceable, and hard to misuse.

Catena has capital, a credible founder, and a thesis aimed at an actual infrastructure gap. Now it has to prove the part every fintech company eventually runs into: that autonomous systems can hold real financial authority without turning controls into theater.