Skip to main content
Your agent can hold crypto, execute trades, interact with DeFi protocols, and make payments — all autonomously. The security model is designed so that giving your agent real power doesn’t mean giving up control. Security is layered. No single mechanism carries all the risk. Here’s what each layer does.

Key custody — your assets are protected at the infrastructure level

Cobo offers two wallet models, each with a different custody architecture. Both are available to use with Cobo Agentic Wallet. MPC wallets split signing authority across multiple independent parties using Multi-Party Computation. Signing authority is split into independent key shares held by separate parties. A threshold number must cooperate to sign a transaction. This is a mathematical guarantee, not a software promise. Custodial wallets keep your private keys protected by Cobo’s institutional-grade infrastructure — generated and stored inside hardware security modules (HSMs) that prevent key extraction by any party, including Cobo’s own operators. Assets are held across three tiers (cold, warm, hot) with ~95% kept offline in FIPS-certified hardware.

Pact mechanism — your agent can’t exceed what you approved

Every task your agent takes on runs inside a pact — a structured authorization you review and approve before anything executes. The pact defines intent, an execution plan, spending limits, allowed chains and contracts, and completion conditions. When the pact ends, access revokes automatically. Your agent cannot modify its own pact, raise its own limits, or approve its own requests. Every transaction is evaluated by the policy engine before it reaches the blockchain: it must match approved allowlists, stay within spending limits, and clear any review thresholds. The most restrictive rule always wins.

Emergency controls — stop your agent immediately

If something looks wrong, you can act in one step:
  • Freeze — suspends your agent immediately. Your pact terms are preserved. Unfreezing restores access with no re-approval needed.
  • Revoke — permanently terminates the pact. Your agent must submit a new pact and go through approval before it can act again.
Both take effect the moment you confirm. There is no delay or grace period.

What’s at risk if something goes wrong

Your agent can only access the one wallet you connected it to, and only within the limits of the active pact. If your agent is compromised, the damage is bounded by those limits. Transactions above your approval threshold are blocked until you review them. Freezing stops all new operations immediately. The one thing a pact cannot undo is a transaction your agent already executed within its approved limits. Set your limits at a level you’re comfortable with, and review your activity regularly.