AI agents with crypto wallets need guardrails, but most developers bolt on security as an afterthought. The result? Agents that can drain wallets, approve unlimited token spending, or execute trades without human oversight when things go wrong.
Why Security-First Matters
The crypto space is littered with stories of smart contracts gone rogue, bots that emptied treasuries, and AI systems that made catastrophic trades. When you give an AI agent direct wallet access, you're essentially handing over the keys to your digital vault to an algorithm that might hallucinate, misinterpret instructions, or get compromised.
Traditional wallet integrations for AI agents follow a "request permission" model—the agent asks for broad access upfront, then operates freely within those bounds. But this approach fails when agents encounter edge cases, when policies need real-time updates, or when humans need to intervene quickly.
3-Layer Security Architecture
WAIaaS implements defense in depth with three security layers: session authentication, policy enforcement with time delays, and human approval channels.
Layer 1: Session Authentication
Every AI agent gets a scoped session token instead of direct wallet access. Sessions have configurable time limits, renewal restrictions, and absolute lifetimes:
curl -X POST http://127.0.0.1:3100/v1/sessions \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"ttl": 3600,
"maxRenewals": 5,
"absoluteLifetime": 86400
}'
The session token (wai_sess_...) provides limited access—agents can query balances and submit transactions, but cannot modify policies, create new wallets, or access master controls.
Layer 2: Policy Engine with Time Delays
The policy engine uses 21 policy types with 4 security tiers: INSTANT, NOTIFY, DELAY, and APPROVAL. The key insight: different transaction amounts and types require different security measures.
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 10,
"notify_max_usd": 100,
"delay_max_usd": 1000,
"delay_seconds": 300,
"daily_limit_usd": 500
}
}'
Small transactions (under $10) execute instantly. Medium transactions ($10-100) execute but trigger notifications. Large transactions ($100-1000) get queued for a 5-minute delay—giving you time to cancel if needed. Anything over $1000 requires explicit human approval.
Layer 3: Human Approval Channels
When transactions exceed policy limits, WAIaaS routes them through human approval channels. The Telegram bot integration provides mobile-first transaction signing, letting you approve or reject agent transactions from anywhere.
Default-Deny Token Policy
The most critical security feature is default-deny for token operations. Without explicit token whitelisting, agents cannot transfer, approve, or interact with any tokens:
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [
{"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}
]
}
}'
This prevents the classic attack vector where agents interact with malicious tokens or approve unlimited spending on legitimate ones.
Contract Interaction Whitelist
Similarly, smart contract calls are blocked by default unless explicitly allowed:
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "CONTRACT_WHITELIST",
"rules": {
"contracts": [
{"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4", "name": "Jupiter", "chain": "solana"}
]
}
}'
This ensures agents can only interact with DeFi protocols you've explicitly approved, preventing interaction with unverified or malicious contracts.
Telegram Bot Setup for Mobile Approvals
The Telegram signing channel provides secure mobile approvals using the push-relay service. When agents submit transactions requiring approval, you receive a Telegram message with transaction details and approve/reject buttons.
First, configure the Telegram bot credentials and notification setup through the CLI:
waiaas notification setup
This walks you through connecting your Telegram bot and configuring approval workflows. The push-relay service handles secure message delivery while keeping your bot token isolated from the main daemon.
Emergency Controls
Every wallet has an owner authentication system separate from agent sessions. Owner auth uses message signing (SIWS/SIWE) and provides emergency controls:
- Kill switch: Instantly revoke all agent sessions
- Policy overrides: Bypass policies for urgent transactions
- Recovery mode: Regain control if master password is compromised
# Emergency session termination
curl -X DELETE http://127.0.0.1:3100/v1/sessions/<session-id> \
-H "X-Owner-Signature: <ed25519-or-secp256k1-signature>" \
-H "X-Owner-Message: <signed-message>"
Transaction Simulation
Before executing any transaction, agents can simulate the outcome using the dry-run API:
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
-H "Content-Type: application/json" \
-H "Authorization: Bearer wai_sess_<token>" \
-d '{
"type": "TRANSFER",
"to": "recipient-address",
"amount": "0.1",
"dryRun": true
}'
Simulation shows gas costs, slippage estimates, and potential failures without spending actual funds or gas. This prevents agents from submitting transactions that will fail on-chain.
7-Stage Transaction Pipeline
Every transaction flows through a 7-stage pipeline with validation, authentication, policy enforcement, delays, execution, and confirmation:
- Validate: Schema validation, balance checks, network connectivity
- Authenticate: Session token verification, permission checks
- Policy: Apply all 21 policy types, determine security tier
- Wait: Queue transactions requiring delays or approvals
- Execute: Submit to blockchain with proper gas estimation
- Confirm: Wait for block confirmation, handle failures
- Notify: Send notifications based on policy configuration
Each stage can halt the transaction if security conditions aren't met.
Quick Start: Secure Agent Setup
Here's how to set up a security-first AI agent in 5 steps:
- Install and initialize WAIaaS:
npm install -g @waiaas/cli
waiaas init
waiaas start
- Create wallet with restricted session:
waiaas wallet create --chain solana --environment mainnet
waiaas session create --wallet-id <uuid>
- Configure default-deny policies:
# Allow only USDC transfers
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "ALLOWED_TOKENS",
"rules": {"tokens": [{"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}]}
}'
- Set up spending limits:
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 5,
"notify_max_usd": 50,
"delay_max_usd": 200,
"delay_seconds": 600,
"daily_limit_usd": 100
}
}'
- Configure Telegram approvals:
waiaas notification setup
# Follow prompts to connect Telegram bot
Your agent now operates within strict guardrails—it can only transfer USDC, amounts over $5 trigger notifications, amounts over $50 require a 10-minute delay, and amounts over $200 need your explicit approval via Telegram.
What's Next
Security isn't a feature you add later—it's a foundation you build on. WAIaaS provides the infrastructure for AI agents that are powerful but not dangerous, autonomous but not uncontrolled.
Ready to build secure AI agents? Check out the full implementation at GitHub or explore the complete security documentation at waiaas.ai.
Top comments (0)