Giving an AI agent a wallet is like handing a toddler a credit card — without proper guardrails, you're one hallucination away from disaster. Most developers building AI agents either avoid crypto entirely or accept the risk of unlimited wallet access, but there's a third path that gives you the best of both worlds.
Why Human-in-the-Loop Matters for Agent Wallets
AI agents are getting smarter, but they're still prone to misunderstanding instructions, making calculation errors, or being manipulated by adversarial prompts. When an agent controls real money on blockchain networks where transactions are irreversible, these failure modes become catastrophic risks.
The stakes are higher than traditional software bugs. A confused agent might interpret "buy a small amount of ETH" as "swap my entire treasury for a memecoin" or fall victim to a prompt injection attack that tricks it into sending funds to an attacker's address. Unlike web2 applications where you can roll back transactions or contact support, blockchain operations are final.
The solution isn't to avoid giving agents financial capabilities — it's to implement proper controls that let humans maintain oversight while preserving the agent's autonomy for routine operations.
The 3-Layer Security Model
WAIaaS implements a defense-in-depth approach with three security layers: session authentication, policy-based controls, and human approval channels.
Layer 1: Session Authentication
Every AI agent gets a limited session token instead of raw private key access. Sessions have configurable lifetimes, renewal limits, and can be instantly revoked:
# Create a session for your AI agent
curl -X POST http://127.0.0.1:3100/v1/sessions \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{"walletId": "<wallet-uuid>", "ttl": 86400, "maxRenewals": 5}'
The agent uses this session token for all operations, never touching the underlying private keys:
# Agent checks balance using session token
curl http://127.0.0.1:3100/v1/wallet/balance \
-H "Authorization: Bearer wai_sess_eyJhbGciOiJIUzI1NiJ9..."
If the agent goes rogue or gets compromised, you revoke its session and create a new one. The private keys remain secure in the daemon.
Layer 2: Policy Engine with Default-Deny
WAIaaS includes 21 policy types that create granular spending controls. The key insight is default-deny enforcement — agents can only touch tokens and contracts you've explicitly allowed.
Here's a spending limit policy with 4 security tiers:
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 10,
"notify_max_usd": 100,
"delay_max_usd": 1000,
"delay_seconds": 900,
"daily_limit_usd": 5000
}
}'
This policy creates four security tiers:
- INSTANT: Transactions ≤ $10 execute immediately
- NOTIFY: Transactions ≤ $100 execute with notification
- DELAY: Transactions ≤ $1000 wait 15 minutes (cancellable)
- APPROVAL: Transactions > $1000 require human approval
The default-deny token whitelist prevents agents from touching unexpected assets:
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [
{"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}
]
}
}'
Without this policy, the agent can't transfer any tokens — including the native token. You must explicitly allow each asset the agent should access.
Layer 3: Human Approval Channels
When transactions exceed policy limits or involve high-risk operations, WAIaaS routes them through human approval channels. The system supports 3 signing channels for different security preferences.
WalletConnect Integration
Connect your mobile wallet for transaction approval:
# Agent initiates a large transaction
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
-H "Content-Type: application/json" \
-H "Authorization: Bearer wai_sess_<token>" \
-d '{
"type": "TRANSFER",
"to": "recipient-address",
"amount": "5000"
}'
Since this exceeds the $1000 delay limit, it requires approval. The transaction enters PENDING status and WAIaaS sends a WalletConnect request to your mobile wallet. You review the details and approve or reject.
Push Notifications
For high-value operations, WAIaaS can send push notifications to your mobile device with transaction details and one-tap approval links.
Telegram Bot
Connect a Telegram bot to receive transaction approval requests as messages with inline buttons for approve/reject actions.
Real-World Example: Trading Agent with Guardrails
Here's how these layers work together for a DeFi trading agent:
# Set up token whitelist (only allow USDC and SOL)
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [
{"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"},
{"address": "So11111111111111111111111111111111111111112", "symbol": "SOL", "chain": "solana"}
]
}
}'
# Whitelist Jupiter swap contract
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "CONTRACT_WHITELIST",
"rules": {
"contracts": [
{"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4", "name": "Jupiter", "chain": "solana"}
]
}
}'
# Set spending limits
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 50,
"notify_max_usd": 200,
"delay_max_usd": 1000,
"delay_seconds": 600,
"daily_limit_usd": 2000
}
}'
Now your trading agent can:
- Swap between USDC and SOL on Jupiter (whitelisted contract)
- Execute trades up to $50 instantly
- Execute trades up to $200 with notifications
- Execute trades up to $1000 after a 10-minute delay
- Request approval for trades above $1000
But it cannot:
- Touch other tokens (blocked by ALLOWED_TOKENS)
- Interact with other contracts (blocked by CONTRACT_WHITELIST)
- Exceed daily limits (blocked by SPENDING_LIMIT)
- Drain the wallet in a single transaction
Advanced: Dry-Run Simulation
Before any transaction executes, you can simulate it to see exactly what will happen:
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
-H "Content-Type: application/json" \
-H "Authorization: Bearer wai_sess_<token>" \
-d '{
"type": "TRANSFER",
"to": "recipient-address",
"amount": "0.1",
"dryRun": true
}'
This returns the transaction structure, gas estimates, and policy evaluation without executing anything. Your agent can use this to validate transactions before submitting them.
Getting Started with Secure Agent Wallets
Ready to give your AI agent financial superpowers with proper guardrails? Here's how to get started:
- Install and start WAIaaS:
npm install -g @waiaas/cli
waiaas init
waiaas start
- Create a wallet with policies:
# Create wallet
waiaas wallet create --name "trading-agent" --chain solana --environment mainnet
# Set up basic security policies through the admin UI
open http://127.0.0.1:3100/admin
- Create an agent session:
# Create session for your AI agent
waiaas session create --wallet-name "trading-agent"
- Test with MCP integration (if using Claude):
waiaas mcp setup --all
- Start with restrictive policies, then gradually expand as you gain confidence in your agent's behavior.
The key is starting with maximum restrictions and selectively allowing specific capabilities. Your agent might complain that it can't access certain tokens or contracts, but that's the point — it should only touch what you've explicitly approved.
Security-minded developers understand that the best offense is a good defense. With WAIaaS, your AI agents get the financial capabilities they need while you maintain ultimate control over your funds. Because in crypto, paranoia isn't a bug — it's a feature.
Ready to build agents that are both powerful and safe? Start with the open-source version at https://github.com/minhoyoo-iotrust/WAIaaS or explore the full documentation at https://waiaas.ai.
Top comments (0)