Security-minded developers know that giving an AI agent unrestricted wallet access is like handing a toddler your credit card. While AI agents can execute sophisticated DeFi strategies, they need precise guardrails to prevent catastrophic mistakes or exploitation. WAIaaS solves this with ACTION_CATEGORY_LIMIT policies that let you define exactly which DeFi activities your agent can perform and under what conditions.
Why Granular DeFi Control Matters
AI agents operating in DeFi face unique risks. Unlike traditional applications where bugs cause data corruption, wallet mistakes lose real money permanently. An agent with broad permissions might:
- Execute high-risk strategies during market volatility
- Interact with unvetted protocols containing smart contract bugs
- Fall victim to social engineering attacks that trick it into malicious transactions
- Amplify small logic errors into massive financial losses
The solution isn't to avoid AI agents entirely—it's to implement defense-in-depth security that assumes your agent will eventually make mistakes.
WAIaaS 3-Layer Security Architecture
WAIaaS implements a security model designed around the assumption that AI agents need adult supervision:
Layer 1: Session Authentication & Isolation
Each agent gets a time-limited session token with specific wallet access. No direct private key exposure.
Layer 2: Policy Engine with Default-Deny
21 policy types control every transaction type. Unless explicitly permitted, actions are blocked. ACTION_CATEGORY_LIMIT policies provide the finest-grained control over DeFi activities.
Layer 3: Human Approval Channels
High-risk transactions require explicit owner approval via WalletConnect, Telegram, or push notifications.
ACTION_CATEGORY_LIMIT: Surgical DeFi Permissions
The ACTION_CATEGORY_LIMIT policy lets you define spending limits per DeFi category. Instead of giving your agent blanket access to all protocols, you can set specific USD limits for different activity types:
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "ACTION_CATEGORY_LIMIT",
"rules": {
"limits": {
"SWAP": {
"instant_max_usd": 100,
"daily_limit_usd": 1000
},
"LENDING_SUPPLY": {
"instant_max_usd": 500,
"daily_limit_usd": 2000
},
"LENDING_BORROW": {
"instant_max_usd": 0,
"notify_max_usd": 200,
"delay_max_usd": 1000,
"delay_seconds": 300
},
"STAKING": {
"instant_max_usd": 1000,
"monthly_limit_usd": 5000
},
"PERPETUAL_TRADING": {
"instant_max_usd": 0
}
}
}
}'
This policy configuration means:
- Swaps: Up to $100 instant, $1,000 daily limit
- Lending supply: Up to $500 instant deposits
- Lending borrow: No instant loans, $200 with notification, $1,000 after 5-minute delay
- Staking: Up to $1,000 instant, $5,000 monthly cap
- Perpetual trading: Completely blocked (instant_max_usd: 0)
Default-Deny: Your Safety Net
WAIaaS follows a default-deny security model. Your agent cannot interact with tokens or contracts unless you've explicitly permitted them:
# Allow only specific tokens
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [
{
"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
"symbol": "USDC",
"chain": "solana"
}
]
}
}'
# Whitelist trusted protocols only
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "CONTRACT_WHITELIST",
"rules": {
"contracts": [
{
"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4",
"name": "Jupiter",
"chain": "solana"
}
]
}
}'
Without these whitelist policies, your agent cannot move any tokens or interact with any contracts—even if it has a valid session token.
4-Tier Security Response
WAIaaS implements 4 security tiers that automatically escalate based on transaction risk:
- INSTANT: Execute immediately, no notification
- NOTIFY: Execute immediately, send notification
- DELAY: Queue for specified delay period (cancellable by owner)
- APPROVAL: Require explicit human approval
Each policy rule can specify different USD thresholds for each tier:
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 10,
"notify_max_usd": 100,
"delay_max_usd": 1000,
"delay_seconds": 900,
"daily_limit_usd": 5000
}
}'
Transactions above $1,000 require explicit approval via WalletConnect or configured notification channels.
Real-World Example: AI Trading Bot with Guardrails
Here's how you might configure a conservative AI trading agent:
# 1. Create wallet and session
waiaas wallet create --name "trading-bot" --chain "solana"
WALLET_ID=$(waiaas wallet info --name "trading-bot" --json | jq -r '.id')
waiaas session create --wallet-id "$WALLET_ID"
# 2. Set spending limits
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d "{
\"walletId\": \"$WALLET_ID\",
\"type\": \"SPENDING_LIMIT\",
\"rules\": {
\"instant_max_usd\": 50,
\"notify_max_usd\": 200,
\"daily_limit_usd\": 1000
}
}"
# 3. Limit DeFi activities
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d "{
\"walletId\": \"$WALLET_ID\",
\"type\": \"ACTION_CATEGORY_LIMIT\",
\"rules\": {
\"limits\": {
\"SWAP\": {
\"instant_max_usd\": 50,
\"daily_limit_usd\": 500
},
\"LENDING_SUPPLY\": {
\"instant_max_usd\": 100
},
\"LENDING_BORROW\": {
\"instant_max_usd\": 0
}
}
}
}"
# 4. Whitelist safe tokens and protocols
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d "{
\"walletId\": \"$WALLET_ID\",
\"type\": \"ALLOWED_TOKENS\",
\"rules\": {
\"tokens\": [
{\"address\": \"So11111111111111111111111111111111111111112\", \"symbol\": \"SOL\", \"chain\": \"solana\"},
{\"address\": \"EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v\", \"symbol\": \"USDC\", \"chain\": \"solana\"}
]
}
}"
This configuration allows your AI agent to:
- Swap up to $50 instantly between SOL and USDC
- Supply liquidity up to $100 per transaction
- Cannot borrow (disabled for safety)
- Cannot touch any other tokens or protocols
- All transactions over $50 send notifications
- Daily spending capped at $1,000
Human Oversight: The Kill Switch
Even with policies in place, you need the ability to intervene. WAIaaS provides multiple oversight mechanisms:
Real-time Monitoring
# Check what your agent is doing
curl http://127.0.0.1:3100/v1/sessions \
-H "X-Master-Password: <password>"
# View recent transactions
curl http://127.0.0.1:3100/v1/transactions \
-H "Authorization: Bearer <session-token>"
Emergency Controls
# Pause a session immediately
curl -X POST http://127.0.0.1:3100/v1/sessions/<session-id>/pause \
-H "X-Master-Password: <password>"
# Revoke session permanently
curl -X DELETE http://127.0.0.1:3100/v1/sessions/<session-id> \
-H "X-Master-Password: <password>"
Approval Workflow
For high-value transactions, WAIaaS can route approval requests to your mobile device via WalletConnect or Telegram. You see the transaction details and approve/reject in real-time.
Getting Started with Secure AI Agent Wallets
Set up your first secured AI agent wallet in under 5 minutes:
- Install and initialize WAIaaS
npm install -g @waiaas/cli
waiaas init
waiaas start
- Create a wallet with policies
waiaas quickset --mode mainnet
# This creates wallets and applies conservative default policies
- Configure your AI agent
# Get the session token for your agent
waiaas session list --wallet "solana-mainnet"
export WAIAAS_SESSION_TOKEN="wai_sess_..."
- Test with dry-run
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
-H "Authorization: Bearer $WAIAAS_SESSION_TOKEN" \
-d '{"type": "TRANSFER", "to": "test-address", "amount": "0.01", "dryRun": true}'
-
Monitor and adjust
Use the Admin Web UI at
http://127.0.0.1:3100/adminto view transactions, modify policies, and manage sessions.
Beyond Basic Security
WAIaaS supports advanced security patterns for production environments:
- ERC-4337 Account Abstraction: Smart contract wallets with custom validation logic
- Hardware wallet integration: D'CENT hardware wallet support for high-value approvals
- Cross-chain policies: Different rules for different networks
- Time-based restrictions: Trading hours, weekend limits
- Reputation-based limits: Integration with ERC-8004 onchain reputation systems
The key insight is that AI agents need adult supervision. WAIaaS provides the infrastructure to give your agents useful capabilities while maintaining strict boundaries around what they can and cannot do with your funds.
For developers building production AI agent systems, this isn't just about preventing losses—it's about building trust with users who need to know their funds are protected even when AI systems behave unexpectedly.
Related Posts
Setting Up WAIaaS with Docker: Production-Ready AI Agent Wallets
MCP Integration: Connect Claude AI to Your DeFi Wallet in 5 Minutes
What's Next
Ready to implement secure AI agent wallets? Check out the complete documentation and source code at GitHub or explore the production deployment guide at waiaas.ai. Your AI agents can be powerful and safe—you just need the right guardrails.
Top comments (0)