Building bulletproof AI agent security requires more than just hoping your agent won't make mistakes—you need systematic policy enforcement that assumes your agent will eventually try something dangerous. WAIaaS implements 21 policy types with default-deny enforcement, creating multiple security layers between your AI agent and your funds.
Why AI Agent Security Can't Be an Afterthought
Here's the uncomfortable truth: AI agents with wallet access will eventually surprise you. They'll misunderstand instructions, hallucinate token addresses, or try to approve unlimited spending to unknown contracts. The question isn't whether something will go wrong—it's whether your security system will catch it.
Traditional wallet security assumes a human is making every decision. But AI agents operate differently: they make hundreds of micro-decisions per hour, they can't distinguish between "spend $10" and "spend $10,000" without context, and they'll confidently execute any transaction that seems reasonable based on their training.
This is where most crypto AI projects fail. They either give agents unrestricted wallet access (dangerous) or try to solve security through better prompting (ineffective). WAIaaS takes a different approach: assume the agent will eventually do something wrong, then build systems to prevent damage.
3-Layer Security: Defense in Depth
WAIaaS implements three security layers that work together to prevent unauthorized transactions:
Layer 1: Session Authentication + Time Limits
Every AI agent gets a limited session token, not direct wallet access. Sessions expire automatically and can be revoked instantly.
# Create a session with 24-hour expiry
curl -X POST http://127.0.0.1:3100/v1/sessions \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"ttl": 86400,
"maxRenewals": 5
}'
Layer 2: Policy Engine with Default-Deny
This is where WAIaaS gets serious about security. Instead of hoping your agent behaves, policies enforce exactly what's allowed and block everything else.
# Default-deny token policy: agent can only touch USDC and SOL
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [
{"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"},
{"address": "native:solana", "symbol": "SOL", "chain": "solana"}
]
}
}'
Layer 3: 4-Tier Approval System
Every transaction gets classified into one of four security tiers based on amount and risk:
# Spending limits with escalating security
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 10,
"notify_max_usd": 100,
"delay_max_usd": 1000,
"delay_seconds": 900,
"daily_limit_usd": 5000
}
}'
This creates four security tiers:
- INSTANT: ≤$10 executes immediately
- NOTIFY: ≤$100 executes with notification
- DELAY: ≤$1000 waits 15 minutes (cancellable)
- APPROVAL: >$1000 requires human approval
The 21 Policy Types: Granular Control
WAIaaS provides 21 different policy types because different applications need different restrictions. Here are the most important ones for security:
ALLOWED_TOKENS: Default-Deny Token Control
Without this policy, your agent can interact with any token. With it, only whitelisted tokens are accessible.
{
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [
{"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}
]
}
}
CONTRACT_WHITELIST: Only Approved Protocols
Prevents your agent from interacting with unknown or malicious contracts.
{
"type": "CONTRACT_WHITELIST",
"rules": {
"contracts": [
{"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4", "name": "Jupiter", "chain": "solana"}
]
}
}
APPROVED_SPENDERS: Block Unlimited Approvals
Prevents the classic "approve unlimited spending" attack vector.
{
"type": "APPROVED_SPENDERS",
"rules": {
"spenders": [
{"address": "0xDEF1...", "name": "Uniswap Router", "maxAmount": "1000000000"}
]
}
}
RATE_LIMIT: Prevent Transaction Spam
Limits how many transactions your agent can execute per hour/day.
{
"type": "RATE_LIMIT",
"rules": {
"maxTransactions": 50,
"period": "hourly"
}
}
TIME_RESTRICTION: Business Hours Only
Prevents overnight surprises by restricting when transactions can execute.
{
"type": "TIME_RESTRICTION",
"rules": {
"allowedHours": {"start": 9, "end": 17},
"timezone": "UTC"
}
}
Default-Deny: Secure by Default
The most important security concept in WAIaaS is default-deny enforcement. Here's how it works:
Without ALLOWED_TOKENS policy: Agent can interact with any token (dangerous)
With ALLOWED_TOKENS policy: Agent can only touch whitelisted tokens
Without CONTRACT_WHITELIST policy: Agent can call any smart contract (dangerous)
With CONTRACT_WHITELIST policy: Agent can only interact with approved contracts
This means you explicitly define what's allowed, and everything else is automatically blocked. No surprises.
# Check what policies are protecting a wallet
curl http://127.0.0.1:3100/v1/policies \
-H "Authorization: Bearer wai_sess_<token>"
Human-in-the-Loop Approval Channels
When transactions exceed policy limits, WAIaaS has multiple channels to request human approval:
WalletConnect Integration
High-value transactions can require approval through MetaMask or other WalletConnect wallets.
# Connect owner's wallet for approvals
curl -X POST http://127.0.0.1:3100/v1/walletconnect/connect \
-H "X-Master-Password: my-secret-password"
Push Notifications
Get notified immediately when your agent tries something unusual:
# Setup push notifications
curl -X POST http://127.0.0.1:3100/v1/notifications/setup \
-H "X-Master-Password: my-secret-password" \
-d '{"channel": "push", "endpoint": "https://..."}'
Kill Switch Recovery
If something goes wrong, you can immediately revoke all agent access:
# Emergency: revoke all sessions
curl -X DELETE http://127.0.0.1:3100/v1/sessions/all \
-H "X-Master-Password: my-secret-password"
Example: Securing a Trading Agent
Here's how you'd secure an AI trading agent that should only trade SOL/USDC on Jupiter with strict limits:
# 1. Create spending limits
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 50,
"notify_max_usd": 200,
"delay_max_usd": 500,
"delay_seconds": 600,
"daily_limit_usd": 1000
}
}'
# 2. Lock down to SOL and USDC only
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [
{"address": "native:solana", "symbol": "SOL", "chain": "solana"},
{"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}
]
}
}'
# 3. Only allow Jupiter for swaps
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "CONTRACT_WHITELIST",
"rules": {
"contracts": [
{"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4", "name": "Jupiter", "chain": "solana"}
]
}
}'
# 4. Prevent transaction spam
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "RATE_LIMIT",
"rules": {
"maxTransactions": 20,
"period": "hourly"
}
}'
With these policies:
- Agent can only trade SOL and USDC
- Agent can only use Jupiter (no unknown DEXs)
- Trades >$50 send notifications
- Trades >$200 have 10-minute delays
- Trades >$500 require approval
- Max $1000 per day
- Max 20 transactions per hour
Quick Start: Secure Agent Setup
- Install and start WAIaaS:
npm install -g @waiaas/cli
waiaas init
waiaas start
- Create a wallet with restrictive policies:
waiaas wallet create --name "secure-agent" --chain solana
- Set up token whitelist (replace with your desired tokens):
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: $(cat ~/.waiaas/master-password)" \
-d '{"walletId": "<wallet-id>", "type": "ALLOWED_TOKENS", "rules": {"tokens": [{"address": "native:solana", "symbol": "SOL", "chain": "solana"}]}}'
- Create spending limits:
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: $(cat ~/.waiaas/master-password)" \
-d '{"walletId": "<wallet-id>", "type": "SPENDING_LIMIT", "rules": {"instant_max_usd": 10, "notify_max_usd": 50, "delay_max_usd": 200, "delay_seconds": 300, "daily_limit_usd": 500}}'
- Create agent session:
waiaas session create --wallet-id <wallet-id>
Now your agent has strictly limited access: only approved tokens, spending limits with escalating security, and human approval for large transactions.
What's Next
Security is an ongoing process, not a one-time setup. Start with restrictive policies and gradually expand permissions as you gain confidence in your agent's behavior. Monitor transaction patterns and adjust limits based on actual usage.
Ready to build secure AI agents? Check out the WAIaaS GitHub repository for complete documentation and examples. Visit waiaas.ai to learn more about advanced security features and production deployment patterns.
Top comments (0)