The threat model
An AI agent that can pay is an AI agent that can be tricked into paying. These are the concrete attacks, each mapped to the OWASP Agentic Top 10 class it belongs to. Fidacy stops every one of them deny-by-default, and issues Bitcoin-anchored proof, third-party verifiable, of exactly what was and was not authorized.
1,843
Actions gated, all time
3,414
Signed verdicts issued
Live from the engine, re-fetch them yourself at api.fidacy.com/v1/pulse. Early traffic includes evaluation and testing, we do not dress it up as real-world attacks.
The attack. A prompt-injected instruction swaps the real supplier for a lookalike, acme-supplies becomes acrne-supplies.inc, and the agent is told to pay it.
The block. The payee is not on the signed mandate allowlist, so the request is DENIED before any grant is issued. No grant, no settlement.
1 blocked so far
The attack. The same invoice is re-presented, sometimes at a higher amount, sometimes with a whitespace or case tweak, to get paid twice.
The block. One payment per invoice is enforced by invoice identity, canonicalized against case, spacing and Unicode. A second request for the same invoice is DENIED at any amount, and the state survives a process restart.
3 blocked so far
The attack. A poisoned document or reply tells the agent to redirect a legitimate payment to an attacker or inflate the amount.
The block. Every money-moving call is gated against the signed mandate: payee, amount, currency and category must all be inside the authorized envelope, or it is DENIED.
5 blocked so far
The attack. The agent is nudged into a single payment above the per-transaction cap, or into draining the total budget across many small ones.
The block. Per-transaction and cumulative caps are enforced per mandate window. The cumulative counter rehydrates from the tamper-evident audit at boot, so a restart cannot reset the spend.
The attack. In an agent-to-agent handoff, a malicious agent claims another party already approved the payment or the counterparty.
The block. The claim is only trusted if its Ed25519 signature verifies against the issuer's public keys. A forged approval fails verification and is treated as hostile.
Fidacy does not promise your agent will never be attacked. It promises the unauthorized payment does not settle, and that you can prove, to a counterparty, an auditor or an insurer, exactly what was authorized. Deny-by-default means the failure mode is money that does not move, never money that moves wrong.