The Trust Boundary for AI Agents

The trust boundary
for AI agents.

Nothing worth stealing ever lives inside the agent. WiKey keeps keys, tokens and data out of the agent's reach — it requests actions, and the policy gateway approves, signs and tracks them across every system your agents touch.

3 active pilots
Live production identities
Any system the agent touches

Two ways to lose everything —
one boundary that stops both

Either the key is stolen, or the agent is turned. WiKey removes both from the agent's reach — it holds no keys, no tokens, no data, so a compromised agent has nothing to leak.

The Problem

  • The key is stolen — a stored secret is extractable; prompt injection or a rogue dependency lifts it, and it's copied into every backup
  • The agent is turned — phishing or prompt injection tricks it into leaking data or approving an action; the key stays put, the data still leaves
  • Data & PII flow through the agent — anything it can read, a compromised agent can exfiltrate
  • Recovery is the soft target — help-desk resets bypass even phishing-resistant MFA

WiKey Solution

  • The agent holds nothing — no keys, no tokens, no data; a compromised agent has nothing to leak
  • Keys stay sealed — held in a post-quantum virtual HSM; never read, never copied, never backed up
  • Data is tokenized — PII is tokenized before it reaches the agent; a phished agent leaks tokens, not records
  • Every instruction vetted — the gateway approves, signs and tracks each action, and revokes any of them in one click

The agent asks. The boundary decides.

The agent holds no keys or tokens — it requests an action, and the policy gateway approves, signs and tracks it. Protection happens outside the model, where reasoning can't reach.

1
Human Client

A device-bound credential on the phone anchors the identity to a real person

2
AI Agent Requests

The agent asks for a signature — it never holds the key, so there is nothing to leak

3
vHSM + Compliance Engine

Keys never leave the enclave; an external engine checks every login, read, write and transfer against policy

4
Distributed Guardians

Recovery by cryptographic attestation — hardware-attested, deepfake-immune, no help-desk reset

Key Insight: The agent holds no keys, no tokens, no data — it requests actions, it doesn't hold what they unlock. Nothing to steal. Nothing to phish. Nothing to reset. Just protection — at any scale.

Download the WiKey App

Get started in seconds. Download WiKey on your mobile device and take control of your digital identity.

Download App

One identity layer.
Every system your agents touch.

Keep keys, data and recovery out of the agent's reach, and vet every instruction it sends — with a gateway the agent can't switch off.

Agent Identity & Key Security

Unreadable Keys, Traceable Actions

Keys held in a post-quantum virtual HSM, never stored or backed up. Every action runs under a scoped, revocable sub-identity that traces to a human owner.

View more
Flagship · Settlement & Treasury

Settlement at Agent Speed

Take the human off the hot signing path. Deterministic policy, sanctions and anomaly checks clear in ~200ms; above threshold, a quorum of independent humans reviews before the vHSM signs.

View more
Account Recovery

Recovery That Can't Be Social-Engineered

The breaches start at recovery. WiKey recovers by cryptographic attestation — trusted parties sign with their own keys. No password, no phone number, no help-desk reset.

View more

Settlement at
Agent Speed

$2.8B+ has been lost to bridges built on multisig and human signers, and 82% of breaches involve the human element. We take the human off the hot signing path — for funds, custody and treasury.

Deterministic Checks · ~200ms

Three algorithms always run before any signature exists: policy compliance, counterparty and sanctions screening, and anomaly & velocity. All clear in around 200 milliseconds.

Quorum Above Threshold

When value warrants human judgment, N independent reviewers — distinct parties with no shared trust — check counterparty and on-chain provenance before anything moves.

The vHSM Signs

All signals agree, the decentralized policy engine releases, and the virtual HSM signs. No human ever held a key or produced a signature — the quorum approves, the protocol signs.

Cross-Chain, Beyond EVM

Replaces multisig like Safe (Gnosis) and third-party custodians like Anchorage — adding compliance, recovery and reach across chains, with no counterparty risk and no custody fees.

Architecture That Eliminates Risk

Nothing to steal, nothing to hack, rules that can't be changed — across every chain.

0
Keys or Personal Info to Hack

Nothing stored. Nothing to steal.

0
Databases

No one can change the rules.

Full On-Chain Control & Audit

Block. Control. Audit. Immutable.

All Blockchains

Bitcoin, Ethereum, Solana, and more.

Banks want to offer crypto services but face regulatory, security, and cost barriers that existing solutions don't solve.

Legal Compliance

Courts can't enforce orders on crypto. Seizures, OFAC sanctions, garnishments — all unenforceable.

Custody Risk

One breach = total loss. MPC protects the key but not the command. Stolen credentials compromise everything.

Custody Cost

Third-party custodians charge 10-50 basis points and create counterparty risk.

Transaction Compliance & Privacy

Every transfer must conform with KYC/AML rules. Manual compliance doesn't scale.

WiKey Solves All Four

A treasury agent moves $5M from Ethereum to Solana. Deterministic checks clear policy, sanctions and anomaly in ~200ms. Above $1M, N independent humans review counterparty and on-chain provenance. All signals agree → the vHSM signs — no human ever held a key or produced a signature. Compliance, recovery and security across every chain, with no database to hack, no custodian fees and no counterparty risk.

Explore Solutions

Everything worth stealing —
kept out of the agent's reach

Keys — Post-Quantum vHSM

Held in a post-quantum virtual HSM — the secure enclave. Never read, never copied, never backed up. No copy to steal or restore.

Data & PII — Tokenized

Tokenized before it reaches the agent. It works on tokens; detokenization happens server-side, outside its control. A phished agent leaks tokens, not records.

Recovery — Cryptographic Attestation

Trusted parties sign with their own keys. No password, no phone number, no help-desk reset. A signature can't be social-engineered.

Gateway — Every Instruction Vetted

The agent holds no keys or tokens. It requests an action; the gateway approves, signs, tracks and revokes — egress and spend guarded.

0

Active Pilots, Three Categories

0

Orgs Hit by One Stolen Agent Token

0%

Of Breaches Involve the Human Element

0

Keys Stored or Backed Up

Compromise the agent.
No damage gets through.

Whoever is compromised, the compliance engine evaluates every request independently — outside the agent's reach, before a signature ever exists. No single party moves what policy hasn't approved.

  • Prompt injection — the agent has no key to leak; it requests signatures, it doesn't produce them
  • Jailbroken reasoning — scope and limits are enforced outside the model, where reasoning can't reach
  • Stolen tokens & seeds — credentials are short-lived, scoped and revocable; nothing standing to hold
  • Compromised dependency — recovery by guardian attestation, the same flow for one agent or ten thousand
Learn More

Protect the Agentic World

Nothing to steal. Nothing to phish. Nothing to reset. Just protection — at any scale. If you're building — or investing in — the rails of the agentic world, we should talk.

Get in Touch