Base expands MCP capabilities with 13 new onchain apps

If you’ve been wondering when AI agents would stop just chatting and start actually doing things onchain, Base just moved the timeline up. Coinbase’s layer 2 network announced on June 23 that it has added 13 new app integrations to its Model Context Protocol, or MCP, giving AI agents the ability to trade, lend, mint, launch tokens, and make purchases across a significantly wider slice of the Base ecosystem.

The expansion roughly triples the protocol’s reach. When Base MCP first launched on May 26, it shipped with plugins for seven protocols, including Morpho and Uniswap. Now, with integrations for Balancer, Bitrefill, Brickken, KyberSwap, and others, the toolkit available to AI-powered agents has grown considerably.

What Base MCP actually does

MCP is essentially a bridge that lets large language models, think Claude and ChatGPT, interact with onchain applications on Base. Instead of a user manually navigating to a DEX, connecting a wallet, and signing a swap, an AI agent can propose the entire transaction. The user just reviews and approves.

Base MCP is built around non-custodial architecture with OAuth-based authentication, meaning the AI never holds your keys. It proposes, you dispose.

The original May launch focused on core DeFi actions: lending through Morpho, swaps via Uniswap, and basic token launches. The 13 new plugins expand the action space considerably. Users can now mint NFTs, buy gift cards through Bitrefill, access liquidity on KyberSwap and Balancer, and launch tokenized assets through Brickken, among other capabilities.

What this means for investors

For projects that are newly integrated, like Balancer and KyberSwap on Base, the exposure to AI-driven traffic represents a potential new source of liquidity and volume.

The non-custodial design addresses one of the biggest objections institutional and retail users have about AI-managed transactions: the risk of autonomous agents going rogue with user funds. By requiring explicit user approval for every transaction, Base MCP threads the needle between automation and security.

There’s a risk angle here too, though. AI agents are only as good as the models powering them, and the protocols they interact with. A buggy plugin or a poorly designed smart contract interaction could lead to failed transactions or, worse, unintended financial exposure. The non-custodial guardrails help, but they don’t eliminate the possibility of an agent proposing a transaction that looks reasonable but carries hidden risks, like impermanent loss on an unfamiliar liquidity pool.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.