Let AI agents pay — but never without control.
SignGate is the policy, risk, and signer control layer that sits between an AI agent's payment intent and the moment a key signs. It verifies intent, enforces spending policy, and screens every recipient — then returns a decision your signer can actually act on.
Once agents can pay on their own, mistakes don't stay small — they scale.
As AI agents start buying API access, paying subscriptions, settling invoices, and calling x402 merchants, a new class of payment risk shows up — one that didn't exist when a human clicked confirm: misread intent leading to overpayment, duplicate or replayed payment requests, recipient addresses tampered with in transit, malicious merchants that look legitimate to an agent, prompt injection triggering an unauthorized payment call, and no audit trail when someone finally asks who approved this, and why. This isn't a question of whether the model will make a mistake. It's a question of whether there's a control layer in front of the signature. SignGate is that layer.
Five checkpoints before any key signs
Agent request, intent verification, policy check, recipient and merchant risk, decision, signer directive, then a controlled signer executes — or doesn't. SignGate doesn't replace your signer, whether that is KMS, MPC, a smart account, or custody. It decides whether that signer is allowed to sign.
- Agent payment request
- Verifiable intent
- Enterprise policy
- Recipient and contract risk
- Signer directive
Not another risk score. An enforceable decision.
Teams should not guess why a payment was blocked. Every decision includes reason codes so engineering, risk, finance, and compliance teams can trace the same payment.
Decision
- allow: policy-compliant, continue
- review: human or secondary confirmation required
- deny: reject immediately
Signer Directive
- sign: signing allowed
- require_approval: approval required before signing
- reject: signing rejected
Reason Code
- POLICY_LIMIT_EXCEEDED
- NEW_RECIPIENT_REVIEW_REQUIRED
- RECIPIENT_RISK_HIGH
- INVOICE_HASH_MISMATCH
- EXPIRED_INTENT
- NONCE_REPLAY_DETECTED
- BLOCKLISTED_MERCHANT
- DOMAIN_NOT_VERIFIED
Turn risk rules into machine-executable signing instructions
SignGate supports per-transaction and daily spending limits, agent-level budgets, merchant and address allowlists, blocklists, mandatory review for new recipients, automatic denial for high-risk recipients, manual approval thresholds, policy versioning, and policy simulation against historical traffic before you ship a change.
This isn't generic AML. It's preflight risk for agent-initiated payments.
SignGate checks wallet address risk, merchant risk, domain reputation and verification status, smart contract risk, invoice integrity, recipient-to-intent mismatch, chain and token mismatch, unusual amount detection, new counterparty flagging, known malicious infrastructure matching, and blocklist or sanctions sources where available. The question SignGate answers isn't whether this address is risky in general. It is whether this specific agent-initiated payment should be trusted right now.
Agents never touch private keys
Agent can request. SignGate decides. Signer executes only when policy allows. SignGate doesn't replace your signer. It sits between the agent and the signer, issuing a signer directive. The key stays exactly where it already is: KMS, MPC, smart account modules, or enterprise custody signers. SignGate holds no assets and takes no custody. It only issues the preflight decision and the signer directive.
One request decides whether this payment can move
POST /v1/payments/preflight
Request
{
"agent_id": "agent_ap_research_01",
"intent_id": "intent_2026_001",
"merchant": {
"name": "Data API Vendor",
"domain": "api.vendor.com"
},
"payment": {
"chain": "base",
"token": "USDC",
"amount": "12.50",
"recipient": "0x742d..."
},
"invoice": {
"invoice_id": "inv_8842",
"invoice_hash": "0x91ab..."
},
"controls": {
"nonce": "n_7fd9",
"expires_at": "2026-07-03T08:30:00Z"
}
}Response
{
"decision": "review",
"risk_score": 72,
"risk_level": "high",
"signer_directive": "require_approval",
"reason_codes": [
"NEW_RECIPIENT_REVIEW_REQUIRED",
"RECIPIENT_RISK_HIGH"
],
"policy_id": "policy_enterprise_stablecoin_v1",
"policy_version": "2026-07-01",
"audit_id": "audit_9x28f"
}risk_score is 0-100. Higher means riskier: 0-30 low risk, 31-70 medium risk, 71-100 high risk. Full docs are available at /docs or /openapi.
x402 wrapper: GET /v1/x402/agent/payment-risk-gateway · $0.005
Who runs this in front of their signer
AI Agent SaaS
Control exactly when an agent is allowed to pay on a customer's behalf.
x402 API Marketplaces
Preflight every paid API call before the charge goes through.
Stablecoin Payment Companies
Add policy and recipient risk checks in front of USDC/USDT settlement.
Wallets / Smart Accounts
Add agent payment-intent verification before signing — no signer rewrite required.
Custody Providers
Turn an existing signer into a policy-driven enterprise signing system.
Bank Innovation Teams
Pilot AI agent payments, stablecoin settlement, and policy-controlled signing with minimal integration risk.
Built for the security lead's questions, not just the API docs.
SignGate — The policy, risk, and signer control layer before AI agents pay.
- No private key custody, ever
- Policy versioning — every rule change is recorded
- Immutable audit trail
- Every decision ships with a reason code
- Nonce + expiry + invoice hash prevent replay and tampering
- Signer directives integrate with your existing KMS / MPC / custody signer
- Review queue — high-risk cases don't get auto-approved
One request decides whether this payment can move
Developer Preview: Test with x402 — keep this below the fold, not in the hero, so the product doesn't read like a toy API.