Five Layers of Security for Agents That Spend Money
A defense-in-depth policy strategy for AI agents handling real money. Spending limits, counterparty controls, time windows, micropayment guardrails, and real-time alerts, configured through Conto's policy engine.
An agent with a wallet and no policies is an open checkbook. It can spend any amount, to any address, at any time. That's fine for a hackathon demo. It's not fine for production.
Securing an agent that handles real money requires defense in depth: multiple independent controls that each catch a different class of risk. We recommend five layers.
Layer 1: Spending Limits
The most fundamental control. Set how much an agent can spend per transaction, per day, per week, and per month.
This catches the obvious failure modes: a runaway loop that drains a wallet, a prompt injection that tricks an agent into overspending, or a misconfigured amount. Even if every other control fails, spending limits cap the blast radius.
A reasonable starting point for most agents:
- Per-transaction: $100
- Daily: $500
- Monthly: $5,000
These are conservative recommendations for new agents. Note that Conto's system defaults for auto-created wallets are higher (daily: $1,000, weekly: $5,000, monthly: $20,000) — you should tighten them based on the agent's actual needs, not its theoretical maximum.
Layer 2: Counterparty Controls
Spending limits control how much. Counterparty controls determine who.
An allowlist restricts the agent to a known set of addresses: verified vendors, internal wallets, trusted API providers. A blocklist catches known bad actors. Both can be combined.
For high-security deployments, start with an allowlist-only approach. The agent can only transact with addresses you've explicitly approved. That eliminates the class of attacks where the agent is tricked into sending money to an attacker-controlled address.
Layer 3: Time Windows
Not every agent should be able to spend money at 3 AM on a Saturday. Time window policies restrict when payments can happen: business hours only, weekdays only, or custom schedules.
This matters most for agents that interact with external services. If the agent shouldn't be making procurement decisions outside of working hours, enforce it at the policy level instead of relying on the agent's own judgment.
Layer 4: Micropayment Controls
Agents increasingly pay for APIs using protocols like x402 and MPP. These are small, high-frequency payments (often fractions of a dollar) that add up quickly.
Micropayment-specific policies let you cap per-request amounts, set per-service daily limits, restrict which services the agent can pay for, and limit session deposits. Without these, an agent could rack up hundreds of dollars in API fees before anyone notices.
Layer 5: Alerts and Monitoring
Policies prevent bad transactions. Alerts tell you when something unusual is happening, even if it's technically within limits.
Set up alerts for denied payments, high-value transactions, unusual spending patterns, and new counterparty interactions. The point is to give humans visibility into agent financial behavior in real time, not to auto-block.
Evaluation Order
Conto evaluates policies in a specific order: wallet-level limits first, then agent-specific policies. The first denial wins. If any rule at any level blocks the payment, it stops.
You can set conservative defaults and then selectively loosen them for specific agents. A procurement agent might get a higher per-transaction limit than a monitoring agent, while both inherit the same counterparty blocklist.
Start Strict, Loosen Gradually
The safest approach is to deploy with tight controls and relax them as you build confidence. It's easier to increase a spending limit after watching the agent's behavior than to recover from overly permissive defaults.
The full configuration guide with code examples for every layer is in the docs: Securing Agents with Policies. For quick setup commands, see Recipes.
Related
- How to Test Agent Payments Without Losing Real Money - validate your policies on Tempo Testnet
- x402: How Agents Pay for APIs with HTTP - deep dive on micropayment controls
- MPP: Session-Based Payments for Agents on Tempo - session deposit and budget controls
Need help designing a policy strategy for your agents? Get in touch or start building.