21 Policy Types for AI Agent Risk Management: From Spending Limits to Reputation Thresholds

Giving an AI agent a wallet without guardrails is like handing a toddler a credit card and hoping for the best. When AI agents can autonomously execute DeFi trades, transfer tokens, or interact with smart contracts, you need more than just "trust the model" — you need systematic risk controls. WAIaaS provides 21 policy types that create multiple security layers between your AI agent and catastrophic financial losses.

Why AI Agent Security Can't Be an Afterthought

The promise of autonomous AI agents managing crypto portfolios is compelling: imagine an agent that stakes your tokens when yields spike, rebalances across DeFi protocols, or executes complex arbitrage strategies while you sleep. But every week brings new stories of trading bots gone rogue, smart contract exploits, or simple bugs that drain entire treasuries.

Unlike traditional APIs that might send an extra email or create duplicate records, financial APIs have permanent consequences. An AI agent making a mistake with your wallet doesn't just crash — it can transfer your entire balance to an attacker's address in seconds. The same autonomy that makes AI agents powerful makes them dangerous without proper constraints.

The challenge isn't just preventing malicious behavior. Even well-intentioned AI models can misinterpret instructions, hallucinate contract addresses, or make timing errors that cost thousands. You need security controls that assume your agent will eventually make mistakes, not systems that hope it won't.

The WAIaaS Security Stack: 3 Layers of Protection

WAIaaS implements defense-in-depth with three complementary security layers, each designed to catch different types of failures:

Layer 1: Session Authentication + Policy Engine

Every AI agent gets a limited session token, never access to your private keys. The policy engine evaluates every transaction against 21 different policy types before execution:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300,
      "daily_limit_usd": 500,
      "monthly_limit_usd": 5000
    }
  }'

This spending limit policy creates four security tiers: transactions under $10 execute instantly, $10-100 trigger notifications, $100-1000 get delayed by 5 minutes (giving you time to cancel), and anything above $1000 requires explicit human approval.

Layer 2: Default-Deny Token and Contract Policies

Most wallet security relies on blacklists — blocking known bad actors. WAIaaS flips this to default-deny: your agent literally cannot touch tokens or contracts you haven't explicitly whitelisted.

# Create token whitelist — agent can ONLY transfer these tokens
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ALLOWED_TOKENS",
    "rules": {
      "tokens": [
        {"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"},
        {"address": "native:solana", "symbol": "SOL", "chain": "solana"}
      ]
    }
  }'

Without an ALLOWED_TOKENS policy, your agent gets blocked on every token transfer. Without CONTRACT_WHITELIST, every smart contract interaction fails. This might seem restrictive, but it prevents the most common attack vector: tricking your agent into interacting with malicious contracts or transferring attacker-controlled tokens.

Layer 3: Human Approval Channels

For high-value transactions that exceed your policy limits, WAIaaS routes approvals through multiple channels:

• WalletConnect: Review and sign transactions in your mobile wallet
• Telegram notifications: Get real-time alerts with approve/deny buttons
• Push notifications: Cross-platform alerts through the push-relay service

# Approve a pending transaction via API
curl -X POST http://127.0.0.1:3100/v1/transactions/<tx-id>/approve \
  -H "X-Owner-Signature: <ed25519-or-secp256k1-signature>" \
  -H "X-Owner-Message: <signed-message>"

The key insight: your AI agent can be autonomous within bounds you set, but humans stay in the loop for decisions that could be financially catastrophic.

The Complete Policy Toolkit: 21 Risk Controls

WAIaaS provides 21 policy types that cover different attack vectors and risk categories:

Financial Controls

SPENDING_LIMIT: The foundation policy that assigns security tiers based on transaction amounts. Configure different limits for instant, notify, delay, and approval tiers, plus daily/monthly caps and per-token overrides.

RATE_LIMIT: Prevent runaway agents by limiting transaction frequency — max 10 per hour, 100 per day, etc.

LENDING_LTV_LIMIT: For DeFi agents, set maximum loan-to-value ratios to prevent over-leveraged positions that could face liquidation.

PERP_MAX_LEVERAGE and PERP_MAX_POSITION_USD: Control perpetual futures risk by limiting leverage and position sizes.

Access Controls

WHITELIST: Classic recipient address whitelist for transfers. Useful for agents that should only send funds to known addresses like exchanges or your cold storage.

CONTRACT_WHITELIST: Default-deny contract interaction. Your agent can only call contracts you've explicitly approved — critical for preventing smart contract exploits.

ALLOWED_TOKENS: Default-deny token transfers. Prevents agents from being tricked into transferring worthless or malicious tokens.

METHOD_WHITELIST: Restrict which smart contract functions your agent can call. Allow swap() but block transferOwnership().

DeFi-Specific Protections

APPROVED_SPENDERS: Control which contracts can spend your tokens via ERC-20 approvals. Default-deny prevents unlimited approval exploits.

APPROVE_AMOUNT_LIMIT: Block unlimited token approvals and set maximum approval amounts.

LENDING_ASSET_WHITELIST: Restrict which assets your agent can lend or borrow in DeFi protocols.

VENUE_WHITELIST: Limit trading to specific DEXes or centralized exchanges.

Advanced Security

REPUTATION_THRESHOLD: Integrate with ERC-8004 onchain reputation systems to require minimum reputation scores for counterparties.

X402_ALLOWED_DOMAINS: For agents that pay for API calls automatically via the x402 protocol, whitelist which domains can charge your wallet.

ERC8128_ALLOWED_DOMAINS: Control which domains your agent can interact with via ERC-8128 HTTP request signing.

Here's how you might configure a conservative DeFi trading agent:

# 1. Spending limits with human approval above $500
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 50,
      "notify_max_usd": 200,
      "delay_max_usd": 500,
      "delay_seconds": 600,
      "daily_limit_usd": 2000
    }
  }'

# 2. Only allow major stablecoins and ETH
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "type": "ALLOWED_TOKENS",
    "rules": {
      "tokens": [
        {"address": "0xA0b86a33E6411b5e269db7f78C156149A46AdF18", "symbol": "USDC", "chain": "ethereum"},
        {"address": "native:ethereum", "symbol": "ETH", "chain": "ethereum"}
      ]
    }
  }'

# 3. Restrict to trusted DEXes only
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "type": "CONTRACT_WHITELIST",
    "rules": {
      "contracts": [
        {"address": "0xE592427A0AEce92De3Edee1F18E0157C05861564", "name": "Uniswap V3", "chain": "ethereum"},
        {"address": "0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D", "name": "Uniswap V2", "chain": "ethereum"}
      ]
    }
  }'

Preventing Common Attack Patterns

The policy system is designed around real attack patterns observed in the wild:

Malicious Contract Calls: An attacker tricks your agent into calling a contract that drains approved tokens. CONTRACT_WHITELIST prevents this by default-denying all contract interactions.

Unlimited Approval Exploits: Your agent approves a contract to spend unlimited tokens, then the contract gets hacked. APPROVED_SPENDERS and APPROVE_AMOUNT_LIMIT prevent unlimited approvals.

Social Engineering via AI: An attacker convinces your AI to transfer funds to their address by claiming to be a legitimate service. WHITELIST ensures transfers only go to pre-approved addresses.

Runaway Trading: A bug or model hallucination causes your agent to execute hundreds of trades in minutes. RATE_LIMIT and daily SPENDING_LIMIT caps prevent this.

Leveraged Liquidations: Your DeFi agent takes on too much leverage and gets liquidated when markets move. LENDING_LTV_LIMIT and PERP_MAX_LEVERAGE provide automatic risk management.

Testing Your Security Setup

WAIaaS includes transaction simulation to test your policies without risking real funds:

curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "TRANSFER",
    "to": "recipient-address",
    "amount": "0.1",
    "dryRun": true
  }'

The dry-run mode shows you exactly which policies would trigger and what security tier the transaction would receive, without actually executing it.

Quick Start: Securing Your AI Agent

Here's how to set up a security-first AI agent wallet in 5 minutes:

1. Install and initialize WAIaaS:

npm install -g @waiaas/cli
waiaas init
waiaas start

2. Create a wallet and session:

waiaas wallet create --chain ethereum --name trading-bot
waiaas session prompt  # Creates session for your agent

3. Set up basic security policies (replace <wallet-uuid> with your wallet ID):

# Spending limits with human approval above $100
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {"instant_max_usd": 10, "delay_max_usd": 100, "delay_seconds": 300}
  }'

# Token whitelist (blocks all transfers except these tokens)
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ALLOWED_TOKENS",
    "rules": {
      "tokens": [
        {"address": "native:ethereum", "symbol": "ETH", "chain": "ethereum"}
      ]
    }
  }'

4. Test your security with a dry-run transaction:

curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Authorization: Bearer wai_sess_<your-token>" \
  -H "Content-Type: application/json" \
  -d '{"type": "TRANSFER", "to": "0x...", "amount": "0.01", "dryRun": true}'

5. Connect your AI agent using the session token from step 2.

Your agent now operates within strict guardrails: it can't transfer tokens you haven't whitelisted, can't spend more than your limits without approval, and can't execute transactions faster than your rate limits allow.

What's Next

The 21 policy types in WAIaaS give you fine-grained control over AI agent financial risk, but they're just tools. The real skill is combining them into a security profile that matches your risk tolerance and use case. Start conservative with strict limits and default-deny policies, then gradually expand permissions as you gain confidence in your agent's behavior.

Ready to secure your AI agent wallet? Check out the full setup guide on GitHub or explore more advanced configurations at waiaas.ai.