How to Stop Your AI Agent From Draining Your Wallet
x402 enables autonomous payments — but what prevents runaway spending? A practical guide to spending limits, monitoring, and the tooling gaps that still exist.
Your AI agent has a wallet. It can pay for APIs autonomously. That's the dream — but it's also terrifying. What stops it from draining your funds on a runaway loop?
This is the unsolved UX problem in agentic payments. Here's the current state and what you can do about it.
The Problem
x402 is designed for autonomous payments. Agent hits API, gets 402, signs payment, retries. No human in the loop. That's the point — but it's also the risk.
There's no "Confirm payment of $0.05?" popup. No push notification. No approval flow. The agent just... pays.
Scenarios that should worry you:
- Agent stuck in a retry loop, burning $0.02 per attempt
- Bug causes agent to call expensive API repeatedly
- Agent "decides" it needs to make 1,000 requests to complete a task
- Malicious prompt injection tricks agent into making payments
What Exists Today
1. Spending Limits (Coinbase Agentic Wallet)
# Set per-transaction cap
npx awal config set maxPerTransaction 0.10
# Set per-session cap
npx awal config set maxPerSession 10.00
This is your first line of defense. If a single API call costs more than your per-tx limit, it fails. If your agent tries to spend more than $10 in a session, it stops.
Limitation: These are hard caps, not approval prompts. The agent still spends autonomously up to these limits.
2. Small Wallet Balance
The simplest control: don't put much money in.
Fund your agent wallet with $10-20. When it runs out, it stops. You review, refill, repeat.
Pros:
- Dead simple
- Absolute cap on damage
- Forces regular review
Cons:
- Agent stops mid-task when funds run out
- Manual refill friction
- No granular control
3. Transaction History
npx awal history
See what your agent spent, when, and on what. Not preventative, but essential for catching problems.
You can also query the Base block explorer for your wallet address — every transaction is onchain and auditable.
4. Agent-Level Controls
Build spending awareness into your agent's prompts:
Before making any paid API call:
1. Estimate the cost
2. Check if it's necessary for the task
3. Prefer free alternatives when available
4. Log all payments for review
This is soft control — the agent can still pay, but it's prompted to be conservative.
What Doesn't Exist (Yet)
The tooling gap is real. Here's what we need:
Push Notifications
"Your agent is about to pay $0.50 to api.example.com. Approve?"
No wallet supports this for automated payments. You'd need a custom approval service sitting between the agent and the wallet.
Budget Alerts
"Your agent has spent $5 today (50% of daily budget)"
Doesn't exist as a native feature. You'd have to build it by polling transaction history.
Spending Dashboards
Real-time view of agent spending across services, with charts and anomaly detection.
Some teams are building this, but nothing production-ready yet.
Allowlists
"Only allow payments to these specific APIs"
Smart contract wallets could enforce this, but no turnkey solution exists.
Practical Recommendations
For Testing
- Use testnet (Base Sepolia)
- Zero financial risk
- All AgentUtil endpoints work on testnet
For Development
- $10 max in wallet
- $0.10 per-transaction limit
- Review history daily
For Production
- Separate wallet per agent/task
- Per-session limits based on expected usage
- Monitoring and alerts (build it yourself for now)
- Regular audits of transaction history
The "Prepaid Card" Mental Model
Think of your agent's wallet like giving a teenager a prepaid debit card:
- Load limited funds — only what they need
- Set spending limits — per-transaction caps
- Review statements — check the history
- Refill manually — forces regular check-ins
The inconvenience is a feature. It creates natural checkpoints where you review what's happening.
What We're Building
At AgentUtil, we're thinking about this problem. Ideas we're exploring:
- Spending receipts — email/webhook after each payment
- Budget tracking — dashboard showing spend by tool
- Rate limiting — cap requests per hour, not just per dollar
- Anomaly detection — alert when spending pattern changes
No timeline yet, but it's on the radar.
Summary
| Control | Prevents Overspend? | Requires Approval? | Exists Today? |
|---|---|---|---|
| Per-tx limits | ✓ (caps each payment) | ✗ | ✓ |
| Per-session limits | ✓ (caps total) | ✗ | ✓ |
| Small balance | ✓ (hard cap) | ✗ | ✓ |
| Transaction history | ✗ (detective only) | ✗ | ✓ |
| Push notifications | ✓ | ✓ | ✗ |
| Budget alerts | ✗ (warning only) | ✗ | ✗ |
| Allowlists | ✓ | ✗ | ✗ |
Bottom line: Use spending limits + small balances. Review history regularly. The tooling will get better, but for now, conservative funding is your best protection.
Resources
- Coinbase Agentic Wallet Docs
- Base Block Explorer — audit your wallet's transactions
- Setting Up an x402 Wallet — our setup guide
Questions? Email silas@agentutil.dev