Short Answer
On May 20, 2026, Bybit made AI Sub-Accounts mandatory for any external AI agent that touches a Bybit account. The sub-account holds only the funds you allocate to the bot, blocks withdrawals by default, caps leverage, and exposes API-only access (no web login). To use Claude Code or any MCP client with Bybit now, you create the AI Sub-Account first, fund it, generate keys scoped to that sub-account, and point your bot at those keys instead of your main API keys.
Why This Changed Overnight
Before May 20, an AI agent connected to Bybit got the same access as a normal API key. A buggy prompt or a leaked secret could move the entire account balance, open 50x positions, or trigger withdrawals to a whitelisted address. Several public incidents in early 2026 involved agents that did exactly that.
Bybit’s fix is structural rather than advisory. Any new API key flagged as “AI agent” is routed into an AI Sub-Account by default, and the account holder picks the boundaries before funding it. The old workflow of pointing a bot at your main account no longer works for new keys.
| What Changed | Before May 20 | After May 20 |
|---|---|---|
| Account type for AI bots | Main account or normal sub | AI Sub-Account (mandatory for new keys) |
| Withdrawal permission | Allowed if you enabled it | Disabled by default, no override |
| Cross-account fund movement | Yes, sub-to-main was trivial | Blocked, zero transfers from AI sub |
| Web login on the sub | Yes | No, API-only execution |
| Leverage cap | Account-wide setting | Per-AI-sub setting, lower default |
Prerequisites
- A verified Bybit account (KYC level matching your region)
- Claude Code or another MCP-capable client installed
- Spare USDT on the main account that you are willing to allocate to the bot
Step 1: Create the AI Sub-Account
- Log into Bybit on the web (the mobile app does not expose this flow yet)
- Click your profile icon then Sub-Accounts
- Click Create AI Sub-Account — this option is separate from the standard sub-account button
- Give it a label that ties to the strategy, for example
claude-momentumorai-grid-eth - Set the initial caps before funding:
| Setting | Suggested First-Bot Value | Why |
|---|---|---|
| Max asset holdings | $500 USDT | Bounds the worst-case loss |
| Leverage cap | 3x | Survives most flush wicks |
| Withdrawal | Disabled | Cannot be re-enabled from inside the sub |
| Trading pairs | Whitelist only the pairs your bot trades | Blocks rogue token swaps |
| Daily trade count cap | 200 | Catches an agent stuck in a loop |
The withdrawal toggle is a one-way switch. Once disabled at creation, you cannot turn it back on without deleting the sub and starting over. That is the point. The bot cannot move funds, period.
Step 2: Fund the Sub-Account
Transfer from your main account to the new AI Sub-Account through the Asset Transfer screen. Only send what you are comfortable losing on a strategy that has never traded live. For a first run, $100 to $500 USDT is plenty.
Bybit blocks transfers in the other direction from the AI Sub-Account automatically. The only way to pull funds back to the main account is through the web UI with your password and 2FA, and even then there is a 24-hour delay window on the first withdrawal request.
Step 3: Generate AI Sub-Account API Keys
This is where the new flow differs from old Bybit keys:
- Stay logged in as your main account
- Open the AI Sub-Account you just created
- Click API Management inside the sub
- Click Create AI Agent Key (this option does not appear under normal sub-accounts)
- Set permissions:
- Read: enabled
- Trade Spot: enabled (if your bot trades spot)
- Trade Derivatives: enabled (if your bot trades futures)
- Withdraw: locked off, not toggleable
- Pin the key to your bot’s outbound IP address — Bybit refuses connections from other IPs even if the secret is correct
- Copy the API key and secret. The secret is shown once.
Without the IP pin, a leaked secret still lets an attacker trade. With it, the leak is useless from any machine other than yours.
Step 4: Wire the Keys into Claude Code
If you already followed the Bybit MCP trading bot tutorial, the only change is swapping the API key block in your MCP config. Open ~/.claude/.mcp.json:
{
"mcpServers": {
"bybit": {
"command": "node",
"args": ["/path/to/bybit-mcp/src/index.js"],
"env": {
"BYBIT_API_KEY": "your-ai-sub-account-key",
"BYBIT_API_SECRET": "your-ai-sub-account-secret",
"BYBIT_TESTNET": "false",
"BYBIT_ACCOUNT_TYPE": "AI_SUB"
}
}
}
}The BYBIT_ACCOUNT_TYPE field was added to the official MCP server on May 20 to mark the connection as AI-scoped. Older versions of the MCP server (pre-1.4) will still work without it, but Bybit logs the connection as “unscoped legacy” and the limits do not apply. Update the MCP server first:
cd ~/bybit-mcp
git pull origin main
npm installRestart Claude Code, then ask it to confirm the connection:
Check my Bybit AI Sub-Account balance and list the trading caps that are active.You should see the USDT balance you transferred and the leverage/asset caps you set in step 1. If Claude returns the main account balance instead, you copied the wrong keys.
Step 5: Test the Risk Wall
Before letting the bot run unattended, prove the sandbox holds. Try these from Claude Code:
| Test | Expected Result |
|---|---|
| Place a market buy with $200 notional | Succeeds |
| Place a market buy with $5,000 notional | Rejected, exceeds max holdings cap |
| Open a position at 10x leverage | Rejected, exceeds leverage cap |
| Request a withdrawal to a wallet address | Rejected, withdrawal disabled |
| Place an order on a pair not in the whitelist | Rejected, pair not allowed |
If any of these unexpectedly succeed, stop and recheck the sub-account settings. The whole point of the AI Sub-Account is that the bot physically cannot do these things. A pass on the first four tests means the wall is real.
Step 6: Watch the Activity Log
The AI Sub-Account exposes a dedicated activity feed that lists every API call the bot made: timestamp, endpoint, parameters, and result. Bybit shows this in real time on the sub-account detail page.
Useful patterns to scan for:
- A burst of order placements within seconds — usually a bot loop with no cool-down
- Repeated rejections on the same parameters — usually a stale order size
- Calls to endpoints you did not authorize — possible MCP server bug or a prompt injection
The log is also the audit trail you would need if you ever had to dispute a fill. Bybit retains it for 90 days on the AI Sub-Account by default.
What This Means for Existing Bots
If you already have a Bybit bot running on a normal API key from before May 20, it keeps working. Bybit grandfathered existing keys. But the next time you rotate a key (which you should do at least quarterly), the new key gets routed through the AI Sub-Account flow. There is no opt-out for new keys.
For builders, the practical effect is that your bot architecture should assume the AI Sub-Account is the deployment target. The Bybit MCP trading bot guide covers the strategy and execution code. This article is the wrapper around that bot that keeps your main balance safe.
How This Compares to Other Exchanges
Bybit is the first major centralized exchange to ringfence AI agents this way. The pattern is starting to spread:
| Exchange | AI Agent Isolation | Notes |
|---|---|---|
| Bybit | Mandatory AI Sub-Account (May 2026) | API-only, no withdrawals, per-bot caps |
| Gemini | MCP-based agentic trading (April 2026) | Regulated US, per-API-key permissions |
| Alpaca | Paper trading mode | Separate from live, key-scoped |
| Binance | Sub-account with normal API keys | No AI-specific isolation yet |
| Hyperliquid | Agent wallet pattern | On-chain, per-bot signing wallet |
If you split bots across venues, Hyperliquid’s agent wallet pattern and Bybit’s AI Sub-Account give you the strongest isolation. Binance and most others still rely on you setting the permissions correctly on a normal API key.
What to Avoid
A few habits that defeat the protection:
- Granting withdrawal on the parent account from the same machine the bot runs on. A compromised machine still leaks the main account credentials.
- Reusing the same AI Sub-Account for multiple strategies. Each bot should have its own sub so the caps are tuned to that strategy’s loss tolerance.
- Skipping the IP pin. Without it, a leaked key is portable.
- Disabling the daily trade cap to “see what the bot does.” Loop bugs are the most common cause of unintentional fund drawdown.
Where to Go Next
- If you have not built the bot yet, start with the Bybit MCP trading bot tutorial and use the AI Sub-Account keys instead of testnet keys when you go live.
- For a broader view of MCP-based exchanges, the MCP servers for AI trading guide covers Bybit, Alpaca, Gemini, and others.
- If you trade across multiple venues, the daily AI trading research routine shows how to track sub-account PnL alongside your main book.
The AI Sub-Account adds about 15 minutes to your first bot setup. After that, it is invisible. The trade-off is that a bug or a leaked key can lose at most the balance you funded the sub with, never the whole account. For anyone running an agent in production, that is the cheapest insurance Bybit has shipped.
