Blocked swap
Swap 100 USDC for DAI
Intent diverged from decoded transaction
The wallet never signs. Seraph records the mismatch, decoded call, and simulation result.
Seraph / Beta
The firewall for agents that can move money.
Seraph checks autonomous commerce actions before they reach the wallet, router, tool, or settlement path.
Compare user intent against decoded transaction behavior.
Screen poisoned tools, malicious routes, approve(max), honeypots, fake routers, slippage, and OFAC exposure.
Return allow, block, or review before execution with evidence attached.
Why Seraph
Prompt injection becomes different when the agent can sign, approve, or pay.
A compromised chat session is bad. A compromised agent with wallet authority is a financial target. Seraph exists at the point where tool output, policy, and transaction execution need to agree before anything reaches broadcast.
Seraph intercept
Live pre-execution policy check
Blocked
What You Gain
Security decisions before an autonomous agent reaches the wallet.
Seraph sits between an autonomous agent and the transaction tool it wants to use. It checks whether the action still matches intent, whether the swap path is real, and whether the token, router, pool, and counterparty are acceptable.
Stop bad swaps
Catch honeypots, fake routers, locked tokens, and broken pools before an agent signs.
Preserve intent
Make sure the transaction still maps to what the user or mandate actually asked for.
Create proof
Return an allow, block, or review verdict with reasons that can feed policy, legal, and vendor review.
Coverage
Checks built for the threats agents will actually run into.
The beta focuses on practical transaction risk: the places an agent can be tricked, routed incorrectly, or allowed to move value somewhere it should never touch.
Honeypot & Fake Token Checks
Flags tokens that trap swaps, block sells, mimic legitimate assets, or otherwise prevent the expected exit path.
Router & Pool Integrity
Detects fake routers, rug-pulled pools, and manipulated swap paths that do not return the expected output token amount.
Fee & Slippage Risk
Reviews high-fee tokens and unusual slippage so an agent does not approve a transaction with warped economics.
Sanctions Screening
Checks OFAC blacklisted addresses and high-risk counterparties before an agent routes value through them.
Threat Surface
Seraph treats agentic commerce as a full execution path, not a single swap.
Agents do not fail in one neat place. They can be influenced by tools, over-authorized by session keys, routed through malicious contracts, or tricked into approving something the user never asked for.
Tool & MCP Layer
Poisoned tool descriptions, schema drift, malicious arguments, and response-based data exfiltration can turn a normal agent session into a transaction setup.
Tool-description injection
Mid-session schema changes
Secret or PII egress
Wallet & Transaction Layer
Session keys, approvals, routers, bundlers, and paymasters create new ways for intent to separate from what actually gets signed.
approve(max) drains
Intent-vs-call divergence
Session-key overreach
Counterparty & Route Layer
Agents need to reason about tokens, routers, pools, counterparties, reputation, sanctions exposure, and settlement paths before value moves.
Honeypots and fake tokens
Fake routers and rug-pulled pools
OFAC and counterparty risk
Defense Layers
Every action has to survive independent checks.
Seraph is strongest when it combines fast policy checks with transaction understanding. The goal is not to make agents timid. It is to make their authority explicit, bounded, and reviewable.
01
Intent Verifier
Compare the natural-language or mandate intent against decoded calldata, route behavior, and expected output.
02
Policy Engine
Apply risk posture, spending caps, allowlists, mandate rules, tool constraints, and legal or vendor requirements.
03
Simulation & Screening
Probe high-risk swaps, inspect state changes, evaluate slippage, and catch routes that would trap or drain funds.
04
Decision Receipt
Preserve the inputs, reasons, risk signals, and final verdict so teams can review what was allowed or blocked.
Risk Posture
You define how cautious the agent should be.
Low friction
Allow routine actions that match intent and pass baseline counterparty checks.
Balanced
Escalate mismatched tools, medium-risk counterparties, or ambiguous checkout paths.
Strict
Block anything outside approved mandates, known destinations, or verified agent workflows.
Seraph Expansion
Seraph becomes the control plane for agentic money movement.
The firewall is the wedge. The larger opportunity is the operating layer: know the agent, prove the mandate, screen risk, issue receipts, launch protected commerce flows, and keep vendor/legal review attached to policy.
Know the Agent
Agent passports, owner context, wallet scope, and reputation signals become inputs to every pre-execution decision.
Prove the Mandate
Seraph verifies whether the agent was authorized for the action, counterparty, amount, chain, tool, and time window.
Screen the Risk
Wallet risk, KYT, OFAC, router integrity, pool health, slippage, and tool-risk data are pulled into one policy verdict.
Issue the Receipt
Every allow, block, or review outcome carries the reason, proof, policy inputs, and final verdict before money moves.
Launch Protected Agents
Agentic commerce traders and execution flows can launch with Seraph already installed as the default protection layer.
Close the Loop
Vendor review, legal requirements, compliance updates, investigation notes, and policy changes feed back into the engine.
This is the compliance layer, without splitting the story into a second product.
Seraph can begin as the pre-execution firewall and grow into the trust fabric around autonomous commerce: identity, authority, risk, evidence, launch, review, and policy updates in one system.
Why Now
Agents are crossing from information into execution.
Agents now call tools
MCP and tool-calling give agents broad reach into external systems.
Agents now pay
x402, wallets, session keys, and account abstraction make autonomous value movement practical.
Agents now need proof
Teams need a durable record of why a financial action was allowed, blocked, or escalated.
Beta Focus
Built for the moment agents start acting faster than humans can review.
Seraph is designed for agent-driven purchasing, trading, approvals, and delegated wallet activity where a clean pre-flight check matters. It currently focuses on honeypots, fake routers, high-fee tokens, fake tokens that lock swaps, rug-pulled pools, unusual slippage, and OFAC blacklisted addresses.
The output is intentionally simple: allow, block, or review, with enough evidence for a human, compliance system, vendor review, or legal workflow to understand what happened.
Try Seraph Beta