// GLOSSARY -- SECURITY & COMPLIANCE

What is Custody Risk?

1 min read Updated

Custody risk is the possibility of losing cryptocurrency due to failure, compromise, or misconduct of the entity holding the private keys — whether that's an exchange, a custodian service, or the key management infrastructure used for agent wallets.

WHY IT MATTERS

FTX, Mt. Gox, QuadrigaCX — crypto history is littered with custodial failures. When you trust someone else with your keys, you're exposed to their operational security, financial health, and honesty. Custody risk is counterparty risk applied to key management.

For AI agents, custody risk takes additional forms. If the agent's signing keys are managed by a third-party service, that service's failure means your agents stop functioning. If the key management infrastructure is compromised, all wallets are at risk simultaneously.

Mitigating custody risk means minimizing trust dependencies. Self-custody eliminates counterparty risk. MPC distributes risk across parties. Smart contract controls limit damage even if keys are compromised. The goal is defense in depth.

HOW POLICYLAYER USES THIS

PolicyLayer's non-custodial architecture eliminates custody risk. Your keys stay in your infrastructure. PolicyLayer enforces spending rules without ever touching private keys — providing controls without introducing a new custody dependency.

FREQUENTLY ASKED QUESTIONS

What are the main sources of custody risk for agents?
Third-party key management services failing, cloud infrastructure compromises exposing keys, insider threats at the key management provider, and single points of failure in the signing infrastructure.
How does self-custody reduce risk?
No third party can freeze, lose, or steal your funds. You bear full responsibility for key security, but you eliminate counterparty risk. This is the tradeoff: operational complexity vs. elimination of trust dependencies.
Can smart contract controls mitigate custody risk?
Yes. Even if a key is compromised, smart contract spending limits bound the loss. Session keys with time expiration limit the window. Multisig prevents single-key compromise. These are layers on top of key management.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.