Loyal
Download now

Smart Accounts for AI Agents

Every wallet address in Loyal is a Smart Account with its own policies and spending caps — so your agents can't spend more or send funds somewhere you didn't approve.

Get started
Loyal agent permission ladder with spending limit card

Why we built this

AI agents are getting better at deciding what to do. They're worse at being trusted to do it with money. A trading bot might identify a good rebalance opportunity at 3am, but unless it can sign a transaction without your input, it can't act on it. A subscription agent can spot the API key you need to renew, but it can't pay for it. Today most agents are stuck at the recommend-but-don't-execute boundary.

The obvious fix is to give the agent a key. The obvious problem with that is that a key gives the agent unlimited authority — your entire wallet balance, any address, any contract, forever. A single jailbroken prompt drains the wallet.

Loyal takes a different approach using on-chain policy enforcement: the agent gets a key, but the wallet it points at is a Smart Account that decides what the key can actually do. The policy lives in an Anchor program on Solana — not on a Loyal server, not in a config file the agent could rewrite.

What an agent wallet on Loyal is

Every Loyal wallet is a Smart Account — a Squads-based on-chain program that holds the funds and evaluates every transaction against a policy you set. When you onboard an agent, the agent gets its own sub-account with its own signing key, and you assign it a permission tier plus, optionally, a spending cap and an allowlist of approved destinations.

The agent can sign transactions whenever it wants. The Smart Account decides whether to co-sign and let them land on Solana. If the transaction doesn't match the policy, it's rejected on-chain. There's no Loyal server in the loop that can be bribed or subverted; the rules live in Anchor programs.

Each agent on Loyal also has a name and an avatar — Stash, Spotty, Buddy — so you can see at a glance which agent is holding what and which one is allowed to do what. These are defaults; you can rename them and add more.

The agent layer is separate from the privacy layer. Loyal also makes USDC and SOL transfers unlinkable via a Confidential VM signer and a shielded vault — covered on the private transfers page.

The three permission tiers

You don't trust every agent the same way. Loyal's permission model has three levels, set per agent:

Can Suggest

Propose a transaction. You sign each one. No autonomy, full visibility. Best for new agents you're evaluating and advisory bots.

Can Sign

Co-sign alongside you. The transaction lands when both signatures are present. Best for high-value flows where you want the agent's signature and your approval.

Can Execute

Sign autonomously within the spending cap and allowlist. Best for trusted agents on routine flows: subscriptions, micropayments, vetted strategies.

Spending limits and allowlists

Permission tier sets how an agent can transact. Spending limits and allowlists set what it can transact on.

Together, permission tier plus spending limits plus address allowlists form the agent guardrails every transaction is checked against on-chain.

Spending cap

A dollar amount per day, per week, or per month. The agent cannot exceed the cap, even with Can Execute. Caps reset on the schedule you set.

Address allowlist

A list of pre-approved destinations: specific routers, payees, or contracts. Off-list destinations are rejected at the Smart Account layer.

What you can build

With scoped, on-chain enforcement, entire categories of agent behavior become safe to deploy without supervision.

Subscription agents

Autonomous bots paying for API credits, RPC endpoints, model inference. Can Execute with a monthly cap means a runaway agent can't drain the wallet.

Trading bots

DEX-routing strategies. An allowlist limits the agent to vetted routers — Jupiter, Phoenix, Raydium — so it can't bridge funds to an attacker-controlled venue.

Social and content bots

Agents that tip, reward, or pay creators on Solana. The cap limits the monthly budget; the allowlist restricts to known creator addresses.

MCP-driven assistants

Claude, ChatGPT, or any MCP-connected assistant signing transactions on the user's behalf. The user defines the tier and the cap; the assistant operates within them.

Treasury operations

A DAO or team treasury that delegates routine payouts to an agent (payroll, vendor invoices) while keeping principal signers on the multisig. Can Sign is the natural fit.

Commerce agents

Checkout and payments agents that pay merchants or settle invoices on their own. Can Execute with a per-merchant allowlist and a monthly cap turns 'let the agent buy it' into a bounded, auditable action.

Security model

Every constraint is enforced on Solana, not on a Loyal server:

On-chain enforcement

Permission tier, cap, and allowlist are all evaluated by the Smart Account's Anchor program before a transaction lands.

There's no off-chain rule-checker that can be compromised.

Squads underneath

The Smart Account is a Squads multisig — the most-deployed smart-account framework on Solana — extended with a policy module.

The signing model has been battle-tested across thousands of teams.

Self-custodial

Each agent holds its own signing key. You hold the Smart Account control key. Neither Loyal nor any third party can move funds without one of those keys.

Revocable

You can revoke an agent's permissions at any time from the wallet UI. The change takes effect on the next transaction.

No hidden execution

Every action the agent takes is a regular Solana transaction with the agent's signature on it. Block explorers see exactly what happened.

The result is a safe wallet for autonomous agent behavior at scale: every constraint is in code, on-chain, with no off-chain authority Loyal or anyone else can override.

For developers

The agent wallet is open-source and composable. Point your agent at a user's Loyal Smart Account with the @loyal-labs/private-transactions SDK — the Smart Account handles permission tier, spending cap, and allowlist enforcement on-chain.

Read the SDK
Loyal SDK quick-start for agent transactions

Get started

Runs in the web app, browser extension, Telegram mini-app, and Android app — all backed by the same Squads Smart Account. Supported assets: USDC, SOL, USDT.

Get started
Loyal browser extension wallet showing balance, tokens, and the Shield action

Questions?
Answers.

An agent wallet is a self-custodial crypto wallet designed for an AI agent to operate autonomously. It holds funds and signs transactions on the agent's behalf, but is constrained by an on-chain Smart Account policy — permission tier, spending cap, address allowlist — so the agent cannot exceed the limits its user defined. Loyal is an agent wallet on Solana with these guardrails built in.

Every wallet address in Loyal is a Smart Account — a Squads-based on-chain program with its own policies and spending caps. Agents you authorize get sub-accounts with permission tiers; the Smart Account evaluates every transaction against the policy before it lands on Solana.

Loyal has three permission tiers per agent: Can Suggest (agent proposes, you sign), Can Sign (agent co-signs alongside you), and Can Execute (agent signs autonomously within a spending cap and allowlist). Tiers are stackable across a fleet — different agents can run on different tiers at the same time.

No, with a permission tier and a cap or allowlist set. Can Execute is gated by a spending cap per period and an address allowlist. With both active, the agent's worst case is a transfer up to the cap, to an address you already trust. Can Suggest and Can Sign require your signature for every transaction, so an agent on those tiers can't move funds without you.

All three solve the same problem — scoped agent access without giving up the wallet — at different layers of the stack. Coinbase Agentic Wallets are wallet infrastructure for Base; MetaMask Advanced Permissions are an EVM standard (ERC-7715) implemented in the MetaMask Smart Accounts Kit. Loyal is a deployed self-custodial agent wallet on Solana with the same intent-based model, built on Squads smart accounts and the @loyal-labs/private-transactions SDK.

Yes via the SDK today. A dedicated loyal-mcp MCP server is on the roadmap. The current path is to wrap @loyal-labs/private-transactions in a thin MCP layer — straightforward TypeScript, a few hundred lines.

Three reasons. Transaction cost: agents that spend often need micro-spends to stay economical, and Solana fees are sub-cent. Latency: Smart Account policy evaluation finishes in one slot (~400ms), fast enough that agent-driven UX doesn't feel laggy. Composability: Squads, Jupiter, Phoenix, Kamino, and most of the agent-relevant ecosystem are Solana-native — which is why we think the best wallet for AI agents on Solana looks more like Loyal than like a generic EVM smart account.

Yes. Each agent holds its own signing key. You hold the Smart Account control key. Neither Loyal nor any third party can move funds without one of those keys. The Smart Account is policy-enforcement code, not a custodian.

Agent Wallet on Solana — Smart Accounts for AI Agents · Loyal