// GLOSSARY -- AGENTIC FINANCE

What are Agent Custody Models?

1 min read Updated

How an agent's private keys are stored — self-custody (agent holds), managed (service holds), MPC (split across parties), or smart account (programmable validation).

WHY IT MATTERS

Key storage is critical. Each model trades off security, convenience, decentralization, and control capabilities.

Self-custody: simple but risky. MPC: split keys. Smart accounts: on-chain validation. Each affects what controls are possible.

EOAs need external enforcement. Smart accounts embed wallet-level controls. MPC can include policy as a signing party.

HOW POLICYLAYER USES THIS

PolicyLayer supports all custody models — consistent non-custodial controls regardless of key storage.

FREQUENTLY ASKED QUESTIONS

Which is most secure?
No universal answer. MPC distributes risk, smart accounts enable programmable security, self-custody has no third-party risk. The best choice depends on threat model and operational needs.
Can I change custody models?
Yes, but it usually means migrating to a new wallet address. PolicyLayer policies transfer easily — just update the wallet reference.
What about HSMs?
Hardware Security Modules are common for managed custody. They protect keys but don't enforce spending policies — that's PolicyLayer's role.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.