21 Policy Types, 4 Security Tiers: Building Bulletproof AI Agent Guardrails
AI agents with wallets need bulletproof security guardrails. One misconfigured prompt or compromised model could drain your funds faster than you can hit the emergency stop button. The solution isn't to avoid giving agents access to money — it's to build proper guardrails that protect your assets while letting legitimate transactions through.
Why Agent Security Can't Be an Afterthought
Traditional API keys can leak credentials or run up cloud bills. But crypto wallets hold real money that disappears permanently when sent to the wrong address. A trading bot that goes rogue doesn't just spam your logs — it can liquidate your entire portfolio in minutes.
Most developers building AI agents either go full paranoid (agents can only read, never transact) or full YOLO (give the agent a wallet and pray). Neither approach works for production systems that need to move real money safely.
The 3-Layer Security Architecture
WAIaaS implements defense in depth with three distinct security layers:
Layer 1: Session Authentication — AI agents get limited-scope JWT tokens, not raw private keys. Each session can be individually revoked, expired, or restricted to specific wallets.
Layer 2: Policy Engine — 21 policy types with 4 security tiers (INSTANT/NOTIFY/DELAY/APPROVAL) enforce spending limits, token whitelists, and time restrictions. Default-deny means transactions are blocked unless explicitly allowed.
Layer 3: Human Oversight — High-value transactions require human approval via WalletConnect, Telegram, or push notifications. Owners can monitor, delay, or kill-switch any agent activity.
The 21 Policy Types: Your Security Toolbox
WAIaaS provides 21 policy types that cover every attack vector:
Core Security Policies:
SPENDING_LIMIT— 4-tier amount-based restrictionsWHITELIST— Only approved recipient addressesTIME_RESTRICTION— Trading hours enforcementRATE_LIMIT— Max transactions per period
Token & Contract Protection:
ALLOWED_TOKENS— Default-deny token whitelistCONTRACT_WHITELIST— Only approved smart contractsAPPROVED_SPENDERS— Token approval restrictionsMETHOD_WHITELIST— Allowed function selectors only
DeFi-Specific Safeguards:
LENDING_LTV_LIMIT— Max loan-to-value ratiosPERP_MAX_LEVERAGE— Prevent over-leveragingVENUE_WHITELIST— Approved trading venues only
Here's how to create a multi-layered spending policy:
# Layer 1: Amount-based 4-tier security
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 10,
"notify_max_usd": 100,
"delay_max_usd": 1000,
"delay_seconds": 300,
"daily_limit_usd": 500
}
}'
The 4 security tiers automatically classify every transaction:
- INSTANT (≤$10): Execute immediately, no notification
- NOTIFY (≤$100): Execute immediately, send alert to owner
- DELAY (≤$1000): Queue for 5 minutes, owner can cancel
- APPROVAL (>$1000): Require explicit human approval
Default-Deny: The Security Foundation
WAIaaS follows a default-deny security model. Without explicit policies, agents can't interact with tokens or contracts:
# Layer 2: Token whitelist (required for any token operations)
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [
{"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"},
{"address": "native:solana", "symbol": "SOL", "chain": "solana"}
]
}
}'
# Layer 3: Contract whitelist (required for DeFi interactions)
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "CONTRACT_WHITELIST",
"rules": {
"contracts": [
{"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4", "name": "Jupiter", "chain": "solana"}
]
}
}'
Without these whitelists, the agent's token transfers and DeFi actions are automatically blocked.
Advanced Security: Time and Rate Controls
Sophisticated attacks often happen outside business hours or in rapid bursts. WAIaaS prevents both:
# Time-based restrictions
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "TIME_RESTRICTION",
"rules": {
"allowedHours": {"start": 9, "end": 17},
"timezone": "UTC"
}
}'
# Rate limiting
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "RATE_LIMIT",
"rules": {
"maxTransactions": 10,
"period": "hourly"
}
}'
DeFi-Specific Protections
DeFi protocols introduce unique risks like liquidation cascades and over-leveraging. WAIaaS includes specialized policies:
# Prevent over-leveraging in perpetual futures
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "PERP_MAX_LEVERAGE",
"rules": {
"maxLeverage": 5.0
}
}'
# Lending LTV limits
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "LENDING_LTV_LIMIT",
"rules": {
"maxLtv": 0.75
}
}'
Human Approval Channels
When transactions exceed policy limits, WAIaaS routes them through human approval channels:
- WalletConnect: Mobile wallet approval with transaction details
- Telegram: Bot sends transaction for approval with one-tap buttons
- Push notifications: Real-time alerts to multiple devices
The owner sees exactly what the agent is trying to do and can approve, deny, or kill-switch the entire session.
Real-World Security Scenario
Consider an AI trading agent that gets compromised. Here's how WAIaaS policies contain the damage:
- Spending limit policy blocks any transaction over $1,000
- Token whitelist prevents interaction with unknown/scam tokens
- Contract whitelist blocks calls to unverified DeFi protocols
- Rate limiting stops rapid-fire drain attempts
- Time restrictions block 3 AM suspicious activity
- Venue whitelist restricts trading to approved DEXes only
Even with full session compromise, the attacker is constrained to small amounts on approved tokens through verified protocols during business hours.
The Approval Override System
For emergency situations, WAIaaS includes multiple override mechanisms:
# Emergency: kill all sessions for a wallet
curl -X DELETE http://localhost:3100/v1/sessions/wallet/<wallet-id> \
-H 'X-Master-Password: <password>'
# Approve a specific delayed transaction
curl -X POST http://localhost:3100/v1/transactions/<tx-id>/approve \
-H 'X-Owner-Signature: <signature>' \
-H 'X-Owner-Message: <signed-message>'
Quick Start: Secure Agent Setup
Set up a security-hardened AI agent in 5 steps:
- Install and initialize WAIaaS:
npm install -g @waiaas/cli
waiaas init
waiaas start
- Create a wallet with basic policies:
# Creates wallet + session
waiaas quickset --mode mainnet
# Add spending limits
waiaas create-policy --type SPENDING_LIMIT --instant-max 10 --notify-max 100
- Configure token and contract whitelists:
# Only allow USDC and SOL
waiaas create-policy --type ALLOWED_TOKENS --tokens USDC,SOL
# Only allow Jupiter DEX
waiaas create-policy --type CONTRACT_WHITELIST --contracts JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4
- Set up MCP for AI integration:
waiaas mcp setup --all
- Test with a small transaction: Your AI agent can now execute small transactions instantly while larger ones require your approval.
Security isn't about making things harder — it's about making the right things easy and the wrong things impossible. With proper guardrails, your AI agents can operate autonomously within safe boundaries while you maintain ultimate control.
Check out the GitHub repository for complete documentation and examples, or visit waiaas.ai to get started with secure AI agent wallets today.