AI agents need wallets to participate in DeFi, but giving an autonomous system direct access to your funds is like handing a toddler your credit card. One bug, one prompt injection, or one hallucination could drain your entire wallet in seconds.
The solution isn't to avoid AI agents entirely — their potential is too valuable. Instead, you need multiple layers of security that let agents operate autonomously for small, safe transactions while requiring human approval for anything risky. This is exactly what WAIaaS's 4-tier security system provides.
Why Security Tiers Matter for AI Agents
Traditional crypto wallets are binary: either you have the private key and can do anything, or you don't and can do nothing. But AI agents operate in a gray area — they need some autonomy to be useful, but unlimited autonomy is dangerous.
Consider a trading bot that needs to:
- Check balances and prices (safe)
- Execute small arbitrage trades (low risk)
- Rebalance a large portfolio (medium risk)
- Emergency liquidations to prevent margin calls (high risk)
Each operation has different risk profiles and should have different security requirements. WAIaaS's policy engine recognizes this reality with 21 policy types enforced across 4 security tiers.
The 4 Security Tiers Explained
WAIaaS classifies every transaction into one of four tiers based on your policies:
INSTANT — Execute immediately, no notification
- Small amounts you're comfortable losing
- Whitelisted addresses you trust completely
- Gas payments and routine operations
NOTIFY — Execute immediately, send notification
- Medium amounts where you want awareness
- Transactions to known-safe contracts
- Regular trading within daily limits
DELAY — Queue for a time delay, then execute (cancellable)
- Larger amounts that warrant a cooling-off period
- New contracts or recipients
- Emergency brake opportunity
APPROVAL — Require explicit human approval
- Large amounts that could hurt if lost
- Unlimited token approvals
- Transactions outside normal patterns
The genius is in the default: anything not explicitly allowed is denied entirely. Your agent can't accidentally interact with a malicious contract because contracts must be whitelisted first.
Creating Your First Security Policy
Let's set up a spending limit policy that implements all four tiers. This requires masterAuth since you're configuring security settings:
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: your-master-password' \
-d '{
"walletId": "your-wallet-uuid",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 10,
"notify_max_usd": 100,
"delay_max_usd": 1000,
"delay_seconds": 300,
"daily_limit_usd": 500,
"monthly_limit_usd": 5000
}
}'
Now when your AI agent tries to spend money:
- $5 transaction → INSTANT (executes immediately)
- $50 transaction → NOTIFY (executes, sends notification)
- $500 transaction → DELAY (waits 5 minutes, cancellable)
- $5000 transaction → APPROVAL (requires human approval)
Default-Deny: The Nuclear Option
WAIaaS's most powerful security feature is default-deny policies. When you create an ALLOWED_TOKENS policy, your agent can only interact with those specific tokens:
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: your-master-password' \
-d '{
"walletId": "your-wallet-uuid",
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [
{
"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
"symbol": "USDC",
"chain": "solana"
}
]
}
}'
Similarly, CONTRACT_WHITELIST policies prevent your agent from calling any contract not explicitly approved:
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: your-master-password' \
-d '{
"walletId": "your-wallet-uuid",
"type": "CONTRACT_WHITELIST",
"rules": {
"contracts": [
{
"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4",
"name": "Jupiter Swap",
"chain": "solana"
}
]
}
}'
This is the ultimate guard against prompt injection attacks. Even if someone tricks your agent into trying to interact with a malicious contract, the policy engine will reject it.
Advanced Security: Time and Rate Limits
Beyond amount-based controls, you can restrict when and how often your agent operates:
# Only allow trading during market hours
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: your-master-password' \
-d '{
"walletId": "your-wallet-uuid",
"type": "TIME_RESTRICTION",
"rules": {
"allowedHours": {"start": 9, "end": 17},
"timezone": "UTC"
}
}'
# Limit to 10 transactions per hour
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: your-master-password' \
-d '{
"walletId": "your-wallet-uuid",
"type": "RATE_LIMIT",
"rules": {
"maxTransactions": 10,
"period": "hourly"
}
}'
The 3-Layer Security Architecture
WAIaaS implements defense in depth with three distinct layers:
Layer 1: Session Authentication
Your AI agent gets a JWT token with limited scope and TTL. Even if compromised, the damage window is bounded.
Layer 2: Policy Engine
Every transaction is evaluated against 21 policy types. Policies are combined with AND logic — all must pass.
Layer 3: Human Oversight
Notifications, time delays, and approval workflows give you multiple chances to intervene.
This architecture means a security failure requires multiple simultaneous breaches — a much higher bar than single-layer systems.
Approval Workflows: The Human in the Loop
When a transaction requires APPROVAL tier, WAIaaS supports multiple notification channels. The system includes 3 signing channels for getting human approval:
For high-stakes transactions, you can set up WalletConnect integration that prompts you to approve transactions on your mobile wallet:
# Check WalletConnect status
curl http://127.0.0.1:3100/v1/walletconnect/status \
-H "X-Master-Password: your-master-password"
# Approve a pending transaction
curl -X POST http://127.0.0.1:3100/v1/transactions/<tx-id>/approve \
-H "X-Owner-Signature: <ed25519-or-secp256k1-signature>" \
-H "X-Owner-Message: <signed-message>"
Testing Your Security Setup
Before deploying your agent, test your policies with dry-run transactions:
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
-H "Content-Type: application/json" \
-H "Authorization: Bearer wai_sess_<your-token>" \
-d '{
"type": "TRANSFER",
"to": "recipient-address",
"amount": "1000",
"dryRun": true
}'
This shows you exactly which policies would trigger and what tier the transaction would be assigned, without actually executing anything.
Quick Start: Secure AI Agent in 5 Steps
- Install and start WAIaaS
npm install -g @waiaas/cli
waiaas init
waiaas start
- Create a wallet with basic policies
waiaas quickset --mode mainnet
- Set up token whitelist (replace with your preferred tokens)
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: your-password' \
-d '{
"walletId": "your-wallet-uuid",
"type": "ALLOWED_TOKENS",
"rules": {"tokens": [{"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}]}
}'
- Test with a small transaction
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
-H "Authorization: Bearer your-session-token" \
-d '{"type": "TRANSFER", "to": "test-address", "amount": "0.01", "dryRun": true}'
- Monitor via Admin UI
open http://127.0.0.1:3100/admin
What's Next
You now understand WAIaaS's 4-tier security model and how to implement defense-in-depth for AI agents. The policy engine supports 21 policy types beyond what we covered here — explore the full range for fine-grained control over your agent's capabilities.
Ready to build secure AI agents? Check out the open-source code at GitHub or explore the full documentation at waiaas.ai.
Top comments (0)