Giving an AI agent access to your crypto wallet is like handing a toddler your credit card — without proper guardrails, things can go very wrong very quickly. When your agent can execute transactions autonomously, one misconfigured prompt or exploited vulnerability could drain your entire portfolio.
This isn't a theoretical risk. As AI agents become more sophisticated at managing DeFi positions and executing trades, the attack surface grows exponentially. A compromised agent could approve unlimited token spending, interact with malicious contracts, or transfer funds to attacker-controlled addresses. Traditional wallet security assumes human oversight for every transaction, but autonomous agents break that assumption entirely.
Why Agent Security Requires a New Approach
Most wallet infrastructure treats security as binary — either you have access or you don't. But AI agents operate in a gray area between full automation and human control. They need enough permissions to be useful (checking balances, executing trades, managing positions) while being restricted enough to prevent catastrophic losses.
The challenge goes beyond technical controls. You need visibility into what your agent is doing, the ability to intervene when something looks wrong, and confidence that your security policies will be enforced even when you're not actively monitoring. This requires purpose-built infrastructure that assumes agents will eventually encounter edge cases, bugs, or adversarial inputs.
Three Layers of Protection
WAIaaS implements a defense-in-depth security model with three distinct layers between your AI agent and your funds.
Layer 1: Session Authentication with Limited Scope
Instead of giving your agent direct access to private keys, WAIaaS uses session-based authentication. Your agent gets a JWT token that expires and can be revoked instantly:
# Create a session with specific permissions
curl -X POST http://127.0.0.1:3100/v1/sessions \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "your-wallet-uuid",
"maxRenewals": 10,
"ttl": 3600
}'
The agent gets a session token that automatically expires, preventing long-term credential compromise. You maintain administrative control through the master password, while the agent operates with limited, revocable access.
Layer 2: Default-Deny Policy Engine
This is where WAIaaS differs fundamentally from traditional wallets. Instead of allowing everything by default, WAIaaS blocks all transactions unless explicitly permitted by your policies. Your agent literally cannot touch tokens or contracts you haven't whitelisted.
Here's a restrictive policy that only allows small USDC transfers:
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: your-password" \
-d '{
"walletId": "your-wallet-uuid",
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [{
"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
"symbol": "USDC",
"chain": "solana"
}]
}
}'
Without this policy, your agent cannot transfer USDC at all. Even with this policy, you can layer on spending limits:
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: your-password" \
-d '{
"walletId": "your-wallet-uuid",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 10,
"notify_max_usd": 100,
"delay_max_usd": 1000,
"delay_seconds": 900,
"daily_limit_usd": 5000
}
}'
This creates a four-tier security system:
- Under $10: Execute immediately
- $10-$100: Execute with notification
- $100-$1000: Wait 15 minutes (cancellable), then execute
- Over $1000: Require explicit human approval
Layer 3: Human Approval Channels
For high-value or unusual transactions, WAIaaS can require explicit human approval through multiple channels. When your agent tries to execute a transaction that exceeds your policy thresholds, it gets queued for approval rather than rejected:
# Agent attempts large transaction
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
-H "Content-Type: application/json" \
-H "Authorization: Bearer wai_sess_your-token" \
-d '{
"type": "TRANSFER",
"to": "recipient-address",
"amount": "5000"
}'
# Returns: {"status": "PENDING_APPROVAL", "id": "tx-uuid"}
You receive notifications through your configured channels and can approve via WalletConnect signatures. If something looks suspicious, you can reject the transaction or implement a kill switch to disable the agent entirely.
Contract and Method Whitelisting
Beyond token controls, WAIaaS implements contract-level security. Your agent can only interact with contracts you've explicitly approved:
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: your-password" \
-d '{
"walletId": "your-wallet-uuid",
"type": "CONTRACT_WHITELIST",
"rules": {
"contracts": [{
"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4",
"name": "Jupiter",
"chain": "solana"
}]
}
}'
You can further restrict this to specific function calls using METHOD_WHITELIST policies. This prevents your agent from calling unexpected functions even on approved contracts.
ERC-8004: Onchain Agent Reputation
For environments where agents interact with each other, WAIaaS supports ERC-8004 Trustless Agents — an onchain reputation system that tracks agent behavior and reliability. This allows you to set reputation thresholds for agents your system interacts with:
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: your-password" \
-d '{
"walletId": "your-wallet-uuid",
"type": "REPUTATION_THRESHOLD",
"rules": {
"minimum_score": 80,
"minimum_interactions": 100
}
}'
The WAIaaS MCP integration provides tools for checking agent reputation before interacting:
User: "Check the reputation of agent 0x123... before proceeding"
→ Claude calls erc8004-get-reputation tool
→ Returns reputation score and interaction history
→ Agent can decide whether to proceed based on reputation threshold
Transaction Simulation and Dry Runs
Before executing any transaction, you can simulate its effects without spending gas or risking funds:
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
-H "Content-Type: application/json" \
-H "Authorization: Bearer wai_sess_your-token" \
-d '{
"type": "TRANSFER",
"to": "recipient-address",
"amount": "0.1",
"dryRun": true
}'
This returns the expected outcome, gas costs, and any policy violations without executing the transaction. Your agent can use this to validate transactions before submission, catching errors or policy violations early.
Monitoring and Observability
Security is only as good as your visibility into what's happening. WAIaaS provides comprehensive logging and monitoring of agent activity:
- All transactions are logged with full context
- Policy evaluations are recorded with reasons for approval/denial
- Session activity is tracked with renewal and expiration events
- Real-time notifications for transactions exceeding thresholds
The 7-stage transaction pipeline provides granular visibility into where transactions succeed or fail: validation, authentication, policy evaluation, delay periods, execution, and confirmation.
Self-Hosted Security
WAIaaS runs entirely on your infrastructure, giving you complete control over the security model. There's no third-party service that can be compromised or change their policies unexpectedly. Your private keys never leave your server, and you can audit the entire codebase since it's open source.
The Docker deployment uses non-root containers (UID 1001), includes health checks, and supports Docker Secrets for production credential management:
# Production deployment with secrets
mkdir -p secrets
echo "your-secure-master-password" > secrets/master_password.txt
chmod 600 secrets/master_password.txt
docker compose -f docker-compose.yml -f docker-compose.secrets.yml up -d
Quick Start: Secure Agent Setup
Here's how to set up a security-hardened agent wallet in five steps:
- Install and initialize WAIaaS:
npm install -g @waiaas/cli
waiaas init
waiaas start
- Create a restricted wallet:
waiaas wallet create --name "agent-wallet" --chain solana --environment mainnet
- Set up default-deny token policy:
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: your-password" \
-d '{
"walletId": "your-wallet-uuid",
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [{"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}]
}
}'
- Configure spending limits with human approval:
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: your-password" \
-d '{
"walletId": "your-wallet-uuid",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 1,
"notify_max_usd": 10,
"delay_max_usd": 100,
"delay_seconds": 300,
"daily_limit_usd": 50
}
}'
- Create a session and test restrictions:
waiaas session prompt --wallet your-wallet-uuid
# Agent now has limited access - test by attempting transactions above limits
Your agent can now operate within strict boundaries. It can check balances and execute small USDC transfers instantly, but anything significant requires your approval.
What's Next
This security model scales from simple trading agents to complex DeFi portfolio managers. As your confidence grows, you can gradually relax policies while maintaining safety nets. The key is starting restrictive and expanding permissions based on observed behavior rather than hoping nothing goes wrong.
Explore the complete security reference and deployment guides at the official documentation: https://waiaas.ai. The full source code, including all security implementations, is available for audit at https://github.com/minhoyoo-iotrust/WAIaaS.
Top comments (0)