Skip to main content
HomeLanding pagesAI agent has no spending controls: the fix
LANDING PAGE

AI agent has no spending controls: the fix

7 min read·Last updated June 2, 2026

If your AI agent has no spending controls, it can in principle spend its whole wallet balance, which is a latent risk given that agents can be wrong or prompt-injected. The fix is a server-side spend policy: a per-transaction cap and a period allowance, set in the dashboard and enforced where the agent cannot override it, so payments beyond the bounds are refused regardless of what the agent does.

The problem

You have given an AI agent the ability to pay, a funded wallet and a way to settle payments, and it works. But nothing bounds how much it can spend. In principle, the agent could spend the whole wallet balance, in one payment or across many, because there is no enforced limit between it and the funds. Nothing has gone wrong yet, but nothing would stop it if it did.

This is the no-spending-controls problem, and it is a latent risk rather than an active incident. The agent pays correctly today, so it is easy to leave the gap unaddressed. But an agent with payment ability and no limit is one bug or one manipulation away from spending far more than intended, with nothing to catch it. The symptom is an agent that can pay without any cap on what it pays, and the fix is to put the cap in place before it is needed.

Why it is dangerous

The danger comes from the fact that agents can be wrong or manipulated. An agent reasons over inputs, and those inputs can be malformed, adversarial, or simply lead it astray. A bug in its logic, a confusing task, or a prompt injection, where an attacker plants instructions in content the agent reads, could direct it to spend far more than you intended, or to pay the wrong party. With no enforced limit, there is nothing between that bad instruction and the wallet's full balance.

What makes this particularly hazardous is that the risk is invisible until it triggers. An unbounded agent looks fine right up until the moment it overspends, at which point the damage is whatever the balance allowed. So the absence of controls is not a problem you will notice in normal operation; it is a problem you discover the hard way. That is exactly why controls should be put in place proactively, as a safeguard against the day something goes wrong, rather than added after an incident.

The fix

The fix is a server-side spend policy: a per-transaction cap and a period allowance on the agent's wallet. The per-transaction cap is the most the agent can spend in a single payment; the period allowance is the most it can spend over a window such as a day, a week, or a month. Set these in the dashboard, and the system enforces them: a payment that would exceed the cap or the remaining allowance is refused, regardless of what the agent was told or tricked into.

This caps the worst case in advance. The agent keeps paying freely within the bounds, so normal operation is unaffected, but the balance beyond the limits is protected even if the agent misbehaves. Crucially, the policy is enforced server-side, where the agent cannot reach it, so it is a real control rather than a request the agent might ignore. The no-controls problem is solved by adding exactly the enforced bound that was missing, which is the difference between an agent that can spend and one that can overspend.

How to set it up

Setting up the spend policy is done in the dashboard, not in code. You configure the agent's per-transaction cap and its period allowance, expressed in USDC, choosing a window such as a day, a week, or a month. Once saved, the policy takes effect immediately, and the agent's payments are bounded by it from that point. There is no change to the agent's own code; the control lives on the wallet.

The agent can read its current limits through a GET to its spend-permissions endpoint, which lets a planner reason about budget, but it cannot change them, the policy is read-only through the API and edited only in the dashboard. That read-but-not-write design is what keeps the control in your hands. The step-by-step is in how-to-set-up-agent-spending-limits, and the concept behind it in what-is-an-agent-spend-policy. The point is that establishing controls is configuration you do once, not a development task.

Verify it works

Confirm the controls actually bind before relying on them. On Base Sepolia with a sk_test_ key, set a low per-transaction cap and have the agent attempt a payment above it; the payment should be refused, not completed. Then have it make a payment within the cap and confirm that one succeeds. That pair of tests, over-limit refused, within-limit allowed, proves the policy is enforced rather than merely configured.

For the period allowance, run several payments that together approach the allowance and confirm that a payment which would exceed the period total is refused even though each individual payment is under the per-transaction cap. If an over-limit payment goes through, the policy may not be set on the right agent or wallet, recheck the dashboard. Once both the per-transaction and period bounds demonstrably refuse excess, the no-controls problem is fixed: the agent is now bounded, and you have seen the bound hold.

Why server-side, not the prompt

It is worth being explicit about why the control must be server-side rather than in the prompt, because the temptation to just tell the agent its budget is strong. A budget in the prompt is a suggestion the agent may follow, but it lives in the same space the agent can be manipulated, so a prompt injection or a reasoning slip can override it. A prompt budget fails exactly when you need it, under attack or error.

A server-side spend policy does not depend on the agent's cooperation. It is enforced outside the agent's reach, so it holds whatever the agent is told or tricked into, and a compromised agent's overspending is refused at the policy bound. This is the whole reason the fix is a server-side policy and not a prompt instruction: security that relies on the agent behaving is not security. For an autonomous agent that can be wrong or manipulated, the enforced, out-of-reach control is the only kind that actually protects the balance, which is why it is the right and only real fix.

Make controls the default, not an afterthought

The deeper fix for no spending controls is to make setting a spend policy part of how you create every agent, not something you remember later. If provisioning an agent and funding its wallet always includes setting a per-transaction cap and a period allowance, then no agent is ever unbounded, and the latent risk never accumulates across your fleet. Treating the spend policy as a required step in onboarding an agent, like setting a password, removes the gap entirely.

This matters more as the number of agents grows. One unbounded agent is a manageable oversight; a fleet of them is a standing liability you may not even have inventoried. So beyond fixing the agent in front of you, adopt the habit: every agent gets a spend policy at creation, sized to its role, tightened for new or risky agents and loosened for trusted ones. That way the no-controls problem is solved not just once but by default, and you never have to discover an unbounded agent the hard way.

If your agent has no spending controls, the fix is quick and worth doing before anything goes wrong. The step-by-step setup is in how-to-set-up-agent-spending-limits, and the concept is defined in what-is-an-agent-spend-policy. Together they take you from an unbounded agent to a bounded one in a few minutes of configuration. Pricing is on the pricing page.

FAQ

Frequently asked questions.

What does it mean for an AI agent to have no spending controls?

It means the agent can pay but nothing bounds how much. With a funded wallet and no spend policy, the agent could, in principle, spend the whole balance in one payment or many, since there is no enforced cap. It is a latent risk: nothing has gone wrong yet, but there is no limit standing between the agent and the full balance.

What is the fix for an agent with no spending controls?

Set a server-side spend policy on the agent's wallet: a per-transaction cap and a period allowance, configured in the dashboard. Once set, a payment that would exceed the cap or the remaining allowance is refused, enforced where the agent cannot override it. The agent keeps paying freely within the bounds, and the balance beyond them is protected.

Why is no spending control dangerous even if nothing has gone wrong?

Because agents can be wrong or manipulated. A bug, a bad decision, or a prompt injection could direct the agent to spend far more than intended, and with no enforced limit there is nothing to stop it. The danger is latent: it costs nothing until the day something goes wrong, at which point an unbounded agent can do real damage. The control caps that worst case in advance.

Can't I just tell the agent its budget in the prompt?

No, because a prompt-based budget is not enforced. An agent can be prompt-injected into ignoring it or simply reason past it, so a budget that lives only in the prompt is a suggestion. A server-side spend policy is enforced outside the agent's reach, so it holds even when the agent misbehaves, which is exactly when you need it.

Does adding controls stop the agent from doing its job?

Not if you size the limits sensibly. Set the per-transaction cap to the most a single legitimate payment should cost and the period allowance to a realistic total for the agent's work, with some headroom. The agent then operates normally within the bounds and is only stopped when it would exceed them, which is the behavior you want, unobtrusive in normal use, firm against excess.

Create your free agent wallet in 5 minutes.

First payment confirmed in under ten minutes. Free to start.