Valkurai is a financial firewall that sits between every AI agent and every payment. Identity verification, budget policy, prompt injection detection, and human approval — before a single cent moves.
100 transactions free · No credit card · Beta access
These are documented cases where AI agents spent money without meaningful controls. They are not hypotheticals.
A startup's Google API key was compromised. Attackers ran Gemini API calls for 48 hours. Normal monthly spend: $180. Google cited shared responsibility and declined to cover it.
Four LangChain agents entered an infinite retry loop for 11 days. The team assumed rising costs were organic growth. No spend cap. No loop detection. No circuit breaker.
An AI agent (Lobstar Wild) suffered a session crash. On reboot, a decimal parsing error caused it to send 52 million tokens — 5% of total supply — to a random address.
More documented incidents: github.com/valkurai/agent-financial-governance
Add Valkurai to any AI agent in minutes. Works with LangChain, CrewAI, OpenAI Assistants, Anthropic, and any HTTP-capable framework.
Register your agent with a spending cap, category allowlist, and approval threshold. One API call. The key is PBKDF2-hashed and never stored in plaintext.
Before any payment, screen the transaction through Valkurai. Works with your existing Stripe integration — Valkurai sits in front of it, not instead of it.
SAFE proceeds immediately. FLAGGED routes to you for approval via Slack, email, or SMS. BLOCKED is rejected instantly. Every outcome is logged immutably.
Every decision — including rejections — is logged with agent identity, request payload, classification reason, and timestamp. SHA-256 integrity hash per record. 10-year retention.
Every transaction produces exactly one of three outcomes. No timeouts. No partial states. No silent failures.
Identity verified, policy compliant, no adversarial patterns detected, below approval threshold. Stripe is called. Payment proceeds. Audit record written.
Transaction exceeds your approval threshold. Stripe is not called. You receive a Slack, email, or SMS notification. You have 60 minutes to approve or deny. Auto-deny on timeout.
Policy violation, adversarial pattern detected, or category not permitted. Stripe is not called. Reason written to audit trail. No human action required.
One-click export in formats accepted by auditors. Australian-hosted infrastructure for data sovereignty.
All data processed exclusively in AWS ap-southeast-2 (Sydney). No data leaves Australia at Phase 1.
No credit card required for beta access. Enterprise pricing is engagement-based.
Valkurai is the reference implementation of an open, vendor-neutral standard for declaring runtime financial controls in AI agent definition files.
A YAML configuration block that sits under compliance in your agent definition file. Declares spending caps, approval thresholds, and which firewall enforces them. Vendor-neutral. Apache 2.0.
The spec emerged from community discussion at open-gitagent/gitagent-protocol issue #38, where the absence of runtime financial enforcement was independently identified by contributors. Endorsed as technically sound.
View RFC thread →A curated, public database of real AI agent financial incidents — updated as the space evolves. Use it for CISO conversations, design partner discussions, and regulatory submissions.
View incident database →100 transactions free. No credit card. Register now to lock in beta access.
100 tx/month free · No credit card · Beta access