The first question we get from every CTO is: "Do I have to give you my private keys?"
The answer is a hard NO.
Here's why Non-Custodial Security is the only viable architecture for Agentic Finance, and how PolicyLayer implements it.
The Risk of Centralised Custody
If a security provider holds your keys (even in an MPC enclave), they become a Single Point of Failure:
- Security risk: If they get hacked, you lose everything
- Legal risk: If they get subpoenaed, your funds can be frozen
- Operational risk: If they go offline, your business stops
- Counterparty risk: If they go bankrupt, your assets are in limbo
The crypto industry has learned these lessons the hard way. Every major custodial failure—Mt. Gox, FTX, Celsius—followed the same pattern: users trusted a third party with their keys, and that trust was betrayed.
Custodial vs Non-Custodial: The Comparison
| Aspect | Custodial Model | Non-Custodial (PolicyLayer) |
|---|---|---|
| Key location | Third party servers | Your infrastructure |
| Single point of failure | Yes (the custodian) | No |
| Regulatory classification | Money transmitter | Software service |
| Insurance required | Yes (expensive) | No |
| Funds at risk if provider hacked | All of them | None |
| Can provider freeze your funds? | Yes | No |
| Business continuity if provider offline | Blocked | Continue with bypass |
The regulatory distinction is particularly important. Custodians are classified as Money Transmitters (in the US) or Virtual Asset Service Providers (globally), requiring licenses, capital reserves, and compliance overhead. Non-custodial services avoid this entirely.
The PolicyLayer Model: "Check, Don't Hold"
We designed PolicyLayer to be an Enforcement Sidecar, not a Vault. Think of us as a security guard at a door, not a bank vault.
What We See
When you call PolicyLayer, we receive only the transaction intent:
{
chain: 'base',
asset: 'usdc',
to: '0x1234...abcd',
amount: '10000000', // 10 USDC
orgId: 'your-org',
walletId: 'agent-1'
}
We evaluate this against your policy rules:
- Is 10 USDC under the per-transaction limit? ✓
- Is the recipient whitelisted? ✓
- Is the daily limit still available? ✓
Then we return a signed approval (or rejection).
What We NEVER See
- Seed phrases — Never transmitted, never stored
- Private keys — Remain on your servers
- Wallet passwords — Not our concern
- API secrets — For your wallet SDK, not ours
The Complete Flow
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Your Agent │──────▶│ PolicyLayer │──────▶│ Your Agent │
│ (Your Server) │ Intent│ (Our Service) │Approve│ (Your Server) │
│ │ │ │ Token │ │
│ Has Keys │ │ No Keys │ │ Signs Tx │
└─────────────────┘ └──────────────────┘ └─────────────────┘
- Your agent constructs a transaction intent on your server
- Intent (metadata only) sent to PolicyLayer
- We evaluate against policies and return Yes/No with cryptographic signature
- Your server signs the transaction using your key
- Your server broadcasts to the blockchain
At no point do private keys leave your infrastructure.
The Security Guarantee
Even in a worst-case scenario where PolicyLayer is completely compromised:
What an attacker could do:
- See transaction intents (amounts, recipients)
- Approve transactions that should be denied
- Deny transactions that should be approved
What an attacker could NOT do:
- Steal your funds (no keys to sign with)
- Redirect funds to their address (can't modify signed transactions)
- Access funds from other customers (no keys stored)
The maximum damage is operational disruption—not financial loss. Your keys, your funds.
Compliance Without Compromise
This architecture enables regulated entities to use PolicyLayer without violating custody rules:
For Registered Investment Advisers (RIAs)
- Maintain qualified custodian relationships
- PolicyLayer doesn't trigger custody requirements
- Full audit trail for SEC examinations
For Banks and Fintechs
- No additional money transmitter licensing needed
- PolicyLayer is a software service, not a financial service
- Compatible with existing custody arrangements
For DAOs and Treasuries
- Multisig remains with signers
- PolicyLayer adds policy layer, not custody layer
- No single point of compromise
Emergency Bypass: Business Continuity
What happens if PolicyLayer goes offline?
Because we don't hold your keys, you have options:
Option 1: Direct signing
Your wallet SDK can sign transactions directly, bypassing PolicyLayer. You lose policy enforcement temporarily but maintain operational capability.
// Normal operation
await policyWallet.send({ ... }); // Calls PolicyLayer
// Emergency bypass
await directWallet.send({ ... }); // Signs directly, no policy check
Option 2: Local policy cache
The SDK can cache recent policy decisions for offline enforcement (reduced security, but operational continuity).
Option 3: Failover to backup
Enterprise deployments can configure backup PolicyLayer endpoints.
With custodial solutions, provider downtime means complete stoppage. With non-custodial, you maintain options.
Trust Architecture
Traditional security models require you to trust the provider. Our model requires you to trust only cryptography:
| Trust Requirement | Custodial | PolicyLayer |
|---|---|---|
| Provider won't steal funds | Required | Not applicable |
| Provider won't get hacked | Required | Minimal impact |
| Provider will stay online | Required | Optional (bypass available) |
| Cryptographic signatures | — | Only trust requirement |
The signed approval tokens from PolicyLayer are cryptographically verifiable. You can independently confirm that a specific transaction was approved at a specific time. This creates an audit trail without trust.
When Non-Custodial Matters Most
High-value treasuries: When managing millions, custody risk compounds. One breach can be catastrophic.
Regulated industries: Banking, investment management, and fintech have strict custody rules. Non-custodial solutions avoid regulatory complexity.
Decentralised organisations: DAOs and protocols can't hand keys to a centralised custodian—it defeats the purpose.
Enterprise compliance: SOC 2, ISO 27001, and similar frameworks treat third-party custody as high risk. Non-custodial reduces compliance burden.
The Philosophy
We believe security providers should be checkpoints, not chokepoints.
Your keys should remain yours. Your funds should remain accessible. Your operations should continue even if we don't.
PolicyLayer exists to make your agents safer, not to become another dependency that can fail catastrophically. That's why we don't want your keys—and never will.
Related reading:
Ready to secure your AI agents?
- Quick Start Guide - Get running in 5 minutes
- GitHub - Open source SDK
Top comments (0)