Security & Risk Controls

Understand multi-layered security architecture, financial risk controls, and best practices for safe trading.

Security and risk management form the foundation of responsible automated trading. While Agentical provides powerful tools for capturing opportunities, protecting your capital and maintaining operational security remain paramount. This page covers the multi-layered security architecture, risk control mechanisms, and best practices that keep your assets safe while trading autonomously.

Security Architecture

Wallet Security Model

Agentical operates on a non-custodial model where you maintain complete control of your assets.

Non-Custodial Architecture:

WALLET SECURITY PRINCIPLES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Your Wallet (You Control):
├─ Private keys: NEVER shared with Agentical
├─ Seed phrase: NEVER requested or stored
├─ Asset custody: Always in your wallet
├─ Withdrawal control: Only you can withdraw
└─ Full sovereignty: Complete ownership

Agentical Access (Limited):
├─ Transaction approval: Required for each trade
├─ Read permissions: View balance & history
├─ Execute trades: Submit signed transactions
├─ NO direct control: Cannot move funds without approval
└─ Revocable: Disconnect wallet anytime

Security Flow:
┌────────────────────────────────────────┐
│ 1. Agent identifies opportunity        │
│ 2. Constructs transaction              │
│ 3. Requests wallet signature           │
│ 4. YOU control: Approve or reject      │
│ 5. Only approved transactions execute  │
└────────────────────────────────────────┘

What This Means:
✓ Your keys never leave your wallet
✓ Agentical cannot access funds directly
✓ Each transaction requires authorization
✓ You can revoke access instantly
✓ No custodial risk

Connection Security:

WALLET CONNECTION PROTOCOL
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Authentication Flow:
1. User initiates connection
2. Wallet presents authorization request
3. User approves connection
4. Encrypted session established
5. Permission scope defined

Permissions Granted:
✓ View public address
✓ View token balances
✓ View transaction history
✓ Request transaction signatures
✗ Access private keys (NEVER)
✗ Execute without approval (NEVER)
✗ Withdraw to other addresses (NEVER)

Session Security:
├─ Encrypted communication (TLS 1.3)
├─ Session tokens expire regularly
├─ Auto-disconnect on inactivity
├─ Re-authentication for sensitive actions
└─ Disconnect option always available

Red Flags to Watch:
⚠ Any request for seed phrase
⚠ Any request for private keys
⚠ Requests to approve suspicious contracts
⚠ Unexpected transaction requests
⚠ Withdrawal to unknown addresses

Platform Security Measures

Multiple security layers protect the Agentical platform and your interactions.

Infrastructure Security:

PLATFORM SECURITY LAYERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Layer 1: Network Security
├─ TLS 1.3 encryption for all connections
├─ DDoS protection and rate limiting
├─ Geographic redundancy
├─ Firewall and intrusion detection
└─ Regular security audits

Layer 2: Application Security
├─ Input validation and sanitization
├─ SQL injection prevention
├─ XSS protection
├─ CSRF token implementation
└─ Secure session management

Layer 3: API Security
├─ Authentication required for all endpoints
├─ Rate limiting per user
├─ Request signing and verification
├─ IP allowlisting (optional)
└─ Anomaly detection

Layer 4: Data Security
├─ Encryption at rest (AES-256)
├─ Encryption in transit (TLS 1.3)
├─ No storage of sensitive wallet data
├─ Regular security backups
└─ Access logging and monitoring

Layer 5: User Isolation
├─ Separate execution environments
├─ No cross-user data access
├─ Resource quotas enforced
├─ Activity sandboxing
└─ Independent security contexts

Authentication & Access Control:

ACCESS CONTROL SYSTEM
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Account Security:
├─ Wallet-based authentication (primary)
├─ AGNT token verification
├─ Session management
├─ Device fingerprinting
└─ Activity monitoring

Multi-Factor Authentication (Optional):
├─ Email verification for changes
├─ 2FA for sensitive operations
├─ Transaction confirmations
└─ Withdrawal approvals

Suspicious Activity Detection:
├─ Unusual login locations
├─ Rapid configuration changes
├─ Abnormal trading patterns
├─ Budget limit violations
└─ Automated alerts triggered

Account Recovery:
├─ Wallet-based recovery (primary)
├─ Email verification backup
├─ Support ticket system
└─ No password reset (wallet-based auth)

Financial Risk Controls

Budget & Spending Limits

Multiple financial guardrails prevent overexposure and capital depletion.

Budget Control Hierarchy:

FINANCIAL LIMIT STRUCTURE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Level 1: Per-Trade Limit
├─ Maximum: 1.0 SOL (example)
├─ Applies to: Each individual trade
├─ Cannot exceed: This amount per entry
├─ Purpose: Control position sizing
└─ Override: Requires manual approval

Level 2: Daily Spending Limit
├─ Maximum: 5.0 SOL (example)
├─ Applies to: 24-hour rolling period
├─ Resets: Every 24 hours from start
├─ Includes: All executed trades
└─ Behavior: Agent pauses when reached

Level 3: Weekly Limit (Optional)
├─ Maximum: 20.0 SOL (example)
├─ Applies to: 7-day rolling period
├─ Purpose: Extended timeframe control
└─ Useful for: Conservative strategies

Level 4: Reserve Balance
├─ Minimum: 2.0 SOL (always untouched)
├─ Purpose: Emergency fund, network fees
├─ Protected: Agent cannot use
└─ Safety net: Always available

Level 5: Maximum Portfolio Exposure
├─ Maximum: 60% of total balance
├─ Remaining: 40% stays liquid
├─ Purpose: Prevent full capital deployment
└─ Flexibility: Maintain trading ability

Hierarchy Enforcement:
All limits must be respected simultaneously.
Most restrictive limit takes precedence.

Limit Enforcement Example:

BUDGET LIMIT SCENARIO
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Wallet Balance: 10.0 SOL

Configured Limits:
├─ Per-Trade: 0.5 SOL
├─ Daily: 3.0 SOL
├─ Reserve: 2.0 SOL
└─ Max Exposure: 60% (6.0 SOL)

Available for Trading: 8.0 SOL
(10.0 total - 2.0 reserve)

Trade Execution Log:
09:00 - Trade 1: 0.5 SOL ✓
       Daily used: 0.5/3.0 (17%)
       
10:30 - Trade 2: 0.5 SOL ✓
       Daily used: 1.0/3.0 (33%)
       
12:15 - Trade 3: 0.5 SOL ✓
       Daily used: 1.5/3.0 (50%)
       
14:45 - Trade 4: 0.5 SOL ✓
       Daily used: 2.0/3.0 (67%)
       
16:20 - Trade 5: 0.5 SOL ✓
       Daily used: 2.5/3.0 (83%)
       
18:00 - Trade 6: 0.5 SOL ✓
       Daily used: 3.0/3.0 (100%)
       
18:30 - Trade 7: BLOCKED
       Reason: Daily limit reached
       Status: Agent paused until tomorrow
       
Next Trade Available: 09:00 tomorrow

Position Risk Management

Controls that limit exposure per position and across portfolio.

Position-Level Risk Controls:

POSITION RISK PARAMETERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Stop-Loss Protection:
├─ Type: Fixed percentage or price
├─ Default: -15% from entry
├─ Adjustable: Yes (per position)
├─ Enforcement: Automatic execution
└─ Override: Manual close only

Take-Profit Targets:
├─ Type: Fixed or scaled exits
├─ Default: +40% from entry
├─ Strategy: Single or multiple targets
├─ Execution: Automatic when hit
└─ Adjustment: Allowed during hold

Time-Based Exits:
├─ Maximum hold: 48-72 hours (typical)
├─ Purpose: Prevent indefinite holds
├─ Action: Force exit if not profitable
├─ Override: Manual extension possible
└─ Reasoning: Capital efficiency

Position Sizing Limits:
├─ Per position: 0.5 SOL (example)
├─ Vs liquidity: Max 5% of pool
├─ Risk-adjusted: Varies by risk score
├─ Dynamic: Adapts to conditions
└─ Purpose: Prevent overconcentration

Portfolio-Level Risk Controls:

PORTFOLIO RISK MANAGEMENT
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Maximum Simultaneous Positions:
├─ Limit: 3 positions (example)
├─ Purpose: Manageable diversification
├─ Risk: Prevents over-diversification
├─ Focus: Quality over quantity
└─ Benefit: Better position monitoring

Correlation Limits:
├─ Check: Similar token exposure
├─ Action: Reject correlated positions
├─ Purpose: True diversification
├─ Example: Limit dog-themed meme coins
└─ Flexibility: Configurable strictness

Maximum Drawdown Trigger:
├─ Threshold: -20% from peak (example)
├─ Action: Pause agent automatically
├─ Purpose: Limit losing streaks
├─ Recovery: Manual review required
└─ Reset: After analysis and adjustment

Daily Loss Limit:
├─ Maximum: -1.0 SOL per day (example)
├─ Action: Stop trading for remainder
├─ Purpose: Prevent cascade losses
├─ Reset: Next trading day
└─ Override: Requires manual approval

Portfolio Heat:
├─ Calculation: Sum of all position risks
├─ Maximum: 100% (all risk deployed)
├─ Typical: 30-60% utilization
├─ Action: New trades blocked if exceeded
└─ Purpose: Reserve capacity for opportunities

Operational Risk Controls

Agent Activity Monitoring

Automated monitoring detects unusual agent behavior.

Activity Monitoring System:

ANOMALY DETECTION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Monitored Behaviors:

Execution Anomalies:
├─ Unusually high trade frequency
├─ Rapid position entries/exits
├─ Execution failures spike
├─ Slippage consistently high
└─ Action: Alert + automatic pause

Strategy Deviation:
├─ Trades outside criteria
├─ Budget violations attempted
├─ Risk score threshold ignored
├─ Unauthorized position sizes
└─ Action: Immediate stop + investigation

Performance Anomalies:
├─ Win rate drops >20% suddenly
├─ Loss streak exceeds 5 trades
├─ Average loss increases significantly
├─ Drawdown exceeds threshold
└─ Action: Pause + user notification

Network Anomalies:
├─ Connection failures increase
├─ Transaction submission errors
├─ RPC node issues detected
├─ Blockchain congestion
└─ Action: Switch to backup systems

Example Alert:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚠️ ANOMALY DETECTED

Agent: Balanced Strategy
Issue: Loss streak (5 consecutive losses)
Action: Agent automatically paused
Recommendation: Review recent trades
Next: Manual restart required after review

[View Details] [Review Trades]

Execution Safety Mechanisms

Safeguards prevent problematic trade execution.

Pre-Execution Validation:

EXECUTION SAFETY CHECKS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Pre-Trade Validation Checklist:

✓ Wallet Connection Active
✓ Sufficient SOL Balance
✓ Budget Limits Not Exceeded
✓ Position Slots Available
✓ Token Liquidity Sufficient
✓ Criteria Met Completely
✓ Risk Score Acceptable
✓ No Conflicting Positions
✓ Network Conditions Normal
✓ RPC Nodes Responsive

Any Failed Check = Trade Blocked

Real-Time Checks:
├─ Liquidity depth verification
│  └─ Reject if pool <2x position size
├─ Price impact estimation
│  └─ Reject if impact >5%
├─ Token contract validation
│  └─ Reject if honeypot detected
├─ Slippage tolerance check
│  └─ Retry if exceeded, fail after 3x
└─ Network fee affordability
   └─ Reject if fees >2% of trade

Post-Execution Verification:
├─ Transaction confirmation received
├─ Tokens received correctly
├─ Entry price within tolerance
├─ Position recorded accurately
└─ Monitoring activated successfully

Token Security Screening

Automated Security Analysis

Every token undergoes security screening before trading approval.

Security Screening Process:

TOKEN SECURITY EVALUATION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Contract Security Checks:

Ownership Analysis:
├─ Owner wallet status
│  ├─ Renounced: ✓ Best (no owner)
│  ├─ Locked: ✓ Good (timelocked)
│  └─ Active: ⚠ Requires scrutiny
├─ Mint authority
│  ├─ Disabled: ✓ Safe
│  ├─ Locked: ⚠ Acceptable
│  └─ Active: ✗ High risk
└─ Update authority
   ├─ Revoked: ✓ Safe
   └─ Active: ⚠ Risk present

Liquidity Security:
├─ LP tokens locked: Required ✓
├─ Lock duration: Minimum 30 days
├─ Lock provider: Verified service
├─ Lock percentage: 100% preferred
└─ Verification: On-chain confirmed

Function Analysis:
├─ Hidden functions: Detected & flagged
├─ Backdoors: Pattern matching
├─ Honeypot detection: Automated test
├─ Transfer restrictions: Identified
└─ Fee mechanisms: Analyzed for abuse

Blacklist Checking:
├─ Known scam contracts: Database check
├─ Developer history: Track record
├─ Similar scam patterns: ML detection
├─ Community reports: Aggregated
└─ Real-time updates: Continuous feed

Security Red Flags:

AUTOMATIC REJECTION TRIGGERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Critical Red Flags (Auto-Reject):
✗ Known scam contract address
✗ Honeypot detection confirmed
✗ Unlimited mint authority active
✗ Hidden malicious functions detected
✗ Developer blacklisted
✗ No liquidity lock (>1 SOL pool)
✗ Contract ownership not renounced (high cap)

Warning Flags (Requires High Score):
⚠ Liquidity lock <30 days
⚠ Low holder count for age
⚠ Top holder >8% concentration
⚠ Recent similar token rug pulled
⚠ Copy of existing token
⚠ Suspicious wallet patterns

Example Security Scan:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Token: EXAMPLE

Contract Analysis:
✓ Owner: Renounced
✓ Mint: Disabled
✓ Update: Revoked
✓ No hidden functions
✓ Standard transfer logic
✓ No honeypot patterns

Liquidity Analysis:
✓ 47 SOL locked
✓ Duration: 90 days
✓ Provider: Team Finance (verified)
✓ 100% locked

Blacklist Check:
✓ Not in scam database
✓ Developer: Clean history
✓ No similar scam patterns

Security Score: 95/100 (Excellent)
Approval: SAFE TO TRADE

User Security Best Practices

Account Protection

Steps you should take to maintain account security.

Security Checklist:

USER SECURITY GUIDELINES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Wallet Security:
☑ Use hardware wallet (Ledger/Trezor)
☑ Never share seed phrase with anyone
☑ Store seed phrase offline, securely
☑ Use strong wallet password
☑ Enable wallet 2FA if available
☑ Verify transaction details before signing
☑ Disconnect wallet when not in use

Platform Security:
☑ Verify official Agentical URL
☑ Bookmark authentic site
☑ Watch for phishing attempts
☑ Enable email notifications
☑ Review permissions granted
☑ Monitor account activity regularly
☑ Report suspicious behavior immediately

Computer Security:
☑ Keep OS and browser updated
☑ Use antivirus/antimalware software
☑ Avoid public WiFi for trading
☑ Use VPN for enhanced privacy
☑ Clear browser cache regularly
☑ Don't save passwords in browser

Operational Security:
☑ Start with small budgets initially
☑ Test strategies thoroughly
☑ Monitor agent activity regularly
☑ Don't share account details
☑ Be skeptical of "support" messages
☑ Verify any Agentical communications

Recognizing Threats

Common security threats and how to avoid them.

Threat Awareness:

COMMON THREATS & DEFENSES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Phishing Attempts:
Threat: Fake Agentical sites, emails, messages
Signs:
├─ Misspelled URLs (agentical.io vs agentlcal.io)
├─ Requests for seed phrases
├─ Urgent security warnings
├─ Unsolicited "support" contacts
└─ Links to unofficial sites

Defense:
✓ Bookmark official site
✓ Verify URL before connecting wallet
✓ Never share seed phrase
✓ Contact official support only
✓ Be skeptical of urgent messages

Smart Contract Exploits:
Threat: Malicious token approvals
Signs:
├─ Requests to approve unknown contracts
├─ Unlimited spending approvals
├─ Transactions to unfamiliar addresses
└─ Unexpected token transfer requests

Defense:
✓ Review all transaction details
✓ Only approve Agentical transactions
✓ Use limited approvals when possible
✓ Revoke unused approvals regularly
✓ Maintain hardware wallet verification

Social Engineering:
Threat: Impersonators seeking access
Signs:
├─ "Support" asking for credentials
├─ Offers too good to be true
├─ Pressure to act immediately
├─ Requests for remote access
└─ Fake team members

Defense:
✓ Never share account details
✓ Verify through official channels
✓ Ignore unsolicited messages
✓ No legitimate support needs your keys
✓ Report impersonators immediately

Malware & Keyloggers:
Threat: Software stealing credentials
Signs:
├─ Unexpected system slowness
├─ Unknown programs running
├─ Unauthorized transactions
├─ Wallet access from unknown devices
└─ Suspicious browser behavior

Defense:
✓ Use hardware wallet (immune to keyloggers)
✓ Keep antivirus updated
✓ Don't download unknown software
✓ Verify all software sources
✓ Regular security scans

Risk Mitigation Strategies

Conservative Risk Approach

Recommendations for risk-averse users.

Conservative Configuration:

LOW-RISK SETUP
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Strategy: Conservative Template

Capital Allocation:
├─ Maximum Portfolio: 30% of total holdings
├─ Per-Trade: 0.1-0.3 SOL
├─ Daily Limit: 1.0-2.0 SOL
├─ Reserve: 50% of wallet (untouchable)
└─ Emergency fund: Always maintained

Risk Parameters:
├─ Minimum risk score: 75/100
├─ Stop-loss: -10% (tight)
├─ Take-profit: +25-35% (realistic)
├─ Max positions: 2 simultaneous
└─ Max hold time: 24 hours

Token Criteria:
├─ Minimum holders: 1,500+
├─ Maximum top holder: 3%
├─ Liquidity lock: Required (90+ days)
├─ DEX listing: Required
├─ Twitter verified: Required
├─ Token age: 12-72 hours (established)
└─ Contract: Must be renounced

Monitoring:
├─ Check dashboard: 2-3 times daily
├─ Review trades: Daily
├─ Strategy adjustment: Weekly
├─ Performance evaluation: Monthly
└─ Risk tolerance review: Quarterly

Expected Profile:
├─ Trade frequency: 2-4 per week
├─ Win rate target: 65-75%
├─ Average profit: +20-30%
├─ Maximum drawdown: <10%
└─ Monthly return: +10-20%

Balanced Risk Approach

Moderate risk tolerance with growth focus.

Balanced Configuration:

MODERATE-RISK SETUP
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Strategy: Balanced Template

Capital Allocation:
├─ Maximum Portfolio: 50% of total holdings
├─ Per-Trade: 0.3-0.7 SOL
├─ Daily Limit: 3.0-5.0 SOL
├─ Reserve: 25% of wallet
└─ Active trading capital: 50%

Risk Parameters:
├─ Minimum risk score: 65/100
├─ Stop-loss: -15% (standard)
├─ Take-profit: +40-60%
├─ Max positions: 3 simultaneous
└─ Max hold time: 48 hours

Token Criteria:
├─ Minimum holders: 1,000+
├─ Maximum top holder: 5%
├─ Liquidity lock: Preferred
├─ DEX listing: Preferred
├─ Social presence: Required
├─ Token age: 4-48 hours
└─ Contract: Reviewed for safety

Monitoring:
├─ Check dashboard: Daily
├─ Review trades: 2-3 times weekly
├─ Strategy adjustment: Bi-weekly
├─ Performance evaluation: Monthly
└─ Risk adjustment: As needed

Expected Profile:
├─ Trade frequency: 5-10 per week
├─ Win rate target: 55-65%
├─ Average profit: +30-50%
├─ Maximum drawdown: <15%
└─ Monthly return: +20-40%

Emergency Procedures

Account Compromise Response

Steps to take if you suspect account security breach.

Immediate Actions:

SECURITY BREACH PROTOCOL
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

IMMEDIATE (Within Minutes):
1. Disconnect wallet from Agentical
2. Emergency stop all agents
3. Close all open positions
4. Move funds to secure wallet
5. Document suspicious activity

SHORT-TERM (Within Hours):
6. Change all related passwords
7. Review transaction history
8. Check for unauthorized approvals
9. Revoke all token approvals
10. Contact Agentical support

MEDIUM-TERM (Within Days):
11. Security audit of devices
12. Malware scan all systems
13. Review access logs
14. Assess total damage
15. Report to authorities if needed

LONG-TERM (Ongoing):
16. Implement enhanced security
17. Use hardware wallet moving forward
18. Enable all security features
19. Monitor for further issues
20. Learn from the incident

The Security Foundation

Security and risk control aren't features you enable—they're the foundation upon which Agentical operates. Every transaction requires your explicit approval through wallet signing. Every position carries automatic stop-loss protection. Every token undergoes security screening before trading consideration. Every operational parameter respects configured limits.

The multi-layered approach ensures that even if one control fails, multiple backups provide redundancy. From wallet custody you never relinquish, to budget limits that prevent overexposure, to security screening that blocks obvious scams, to monitoring systems that detect anomalies—each layer adds protection while preserving the autonomous efficiency that makes automated trading valuable.

Safe trading isn't about avoiding all risk—it's about understanding, measuring, and controlling risk within acceptable boundaries while maintaining operational security that protects your assets and account integrity.

PreviousAgent Control & Trade Management NextAGNT Token Overview

Last updated 18 hours ago

Good afternoon

hashtagSecurity Architecture

hashtagWallet Security Model

hashtagPlatform Security Measures

hashtagFinancial Risk Controls

hashtagBudget & Spending Limits

hashtagPosition Risk Management

hashtagOperational Risk Controls

hashtagAgent Activity Monitoring

hashtagExecution Safety Mechanisms

hashtagToken Security Screening

hashtagAutomated Security Analysis

hashtagUser Security Best Practices

hashtagAccount Protection

hashtagRecognizing Threats

hashtagRisk Mitigation Strategies

hashtagConservative Risk Approach

hashtagBalanced Risk Approach

hashtagEmergency Procedures

hashtagAccount Compromise Response

hashtagThe Security Foundation