🔒 Security-First Architecture

Built for Zero Trust

AgentLeash was designed from day one for enterprise and government environments where security isn't optional. Every design decision prioritizes safety, auditability, and human control.

Core Security Principles
These aren't aspirational. They're enforced in code, verified on-chain, and audited on every action.
🚫
Fail Closed
Any error during verification results in denial. Network timeout? Deny. Cache miss? Verify, then deny if unresolvable. Ambiguity is always denial.
⛓️
Dual Verification
Permissions live both on-chain (immutable) and in our database (fast). Both must agree. If they don't, the agent is blocked until resolved.
🔥
Instant Revocation
Burn a token on-chain and the agent is immediately inert. No propagation delay, no grace period. One transaction, zero access.
🎭
Privacy by Default
Real agent names never appear on the public blockchain. Decoy identifiers are generated automatically. Only you can link them back.
🔐
Zero-Knowledge Credentials
Agents never see raw API keys or passwords. The vault injects credentials at the moment of use, in-memory only, then discards them.
📋
Complete Audit Trail
Every tool call, every decision, every token lifecycle event is logged. Exportable, searchable, and tamper-evident via blockchain anchoring.
How Verification Works
Every single tool call goes through this pipeline. No exceptions.
🤖
Agent Tool Call
read, exec, message...
🔌
Runtime Plugin
Intercepts before execution
Verify API
Cache → DB → Chain
Allow
Tool executes normally
or
🚫
Deny
Blocked with reason
Security Features
Defense in depth. Every layer adds protection.
🔗
Blockchain-Backed Permissions
Permissions are minted as NFTs on Base (ERC-721) or Algorand (ASA). Immutable, verifiable, and publicly auditable.
🔒
Encrypted Permission Tokens
AES-256-GCM encryption with per-token key derivation (HKDF). Even if the database is compromised, permissions remain encrypted.
🔑
Session Binding
Tokens can be bound to a specific session. A stolen token ID is useless in a different session context.
🚫
Non-Transferable Tokens
PATs cannot be transferred between wallets. Only the issuer can move them via revocation. No token marketplace, no unauthorized sharing.
Auto-Expiration
Tokens auto-expire after a configurable period (default: 1 year). The chain-sync service checks every 5 minutes.
🛡️
Data Protection Blocks
Block agents from accessing passwords, credit cards, PII, or health data at the content level, not just the tool level.
🌍
GeoFence + OFAC Screening
14 OFAC-sanctioned countries blocked at signup. OFAC SDN list screened (9,180 entries, weekly refresh). MaxMind GeoIP2 for production.
🚦
Rate Limiting
Redis sliding-window rate limits on every endpoint. Per-IP, per-user, per-agent. 429 with Retry-After. Fail-open if Redis is down (traffic still flows).
Compliance Ready
Built for organizations that answer to regulators, not just users.
🏛️
OFAC Compliant
GeoFence + SDN screening at signup. 14 sanctioned countries blocked.
📋
Full Audit Trail
Every verification logged. CSV/JSON export. Blockchain-anchored timestamps.
🔐
Encryption at Rest
AES-256-GCM for permissions. AWS KMS for key management. HKDF derivation.
🏥
Data Protection
Content-level PII, HIPAA, PCI blocks. Agent can't see what you don't allow.
<5ms
Cached verification latency
2
Blockchains supported
21
Interceptable tools
100%
Tool calls verified
Security FAQ
What happens if the verification API goes down?
The agent is blocked. AgentLeash fails closed by design. No verification = no tool execution. This is configurable (you can set fallback to "allow" for non-critical agents), but the default is always deny.
Can an agent bypass the permission check?
No. The AgentLeash plugin runs at the kernel level of the agent runtime (priority 100, before all other plugins). Every tool call passes through it. There is no code path that skips verification when the plugin is loaded.
What data is stored on the public blockchain?
By default, only a pseudonymous identifier (SHA-256 hash) and a permissions hash. Real agent names, full permission schemas, and all sensitive data stay in our encrypted database. You can opt in to showing the real name on-chain, but it's off by default.
How fast is revocation?
Immediate. When you revoke a token, the on-chain transaction processes in 2-4 seconds. The Redis cache is invalidated instantly. The agent's next tool call will fail verification. There is no grace period or propagation delay.
Does the agent ever see my API keys or passwords?
Never. The Secure Vault stores credentials encrypted with AES-256-GCM. When an agent needs to call an API, the runtime injects the credential at the moment of the HTTP request, in-memory only. The agent sees the API response, never the key.
Is AgentLeash suitable for government use?
Yes. AgentLeash was designed with government and enterprise compliance in mind. OFAC screening, GeoFence enforcement, HIPAA-level data protection blocks, full audit trails, and blockchain-verified immutable records. We're actively engaged with federal agencies on pilot programs.
Where is data stored?
AWS US-East-2 (Ohio). RDS PostgreSQL with Multi-AZ deployment. ElastiCache Redis for caching. All data encrypted in transit (TLS) and at rest (AES-256). On-chain data lives on Ethereum L2 - Base (Ethereum L2) and/or Algorand.
Ready to Leash Your Agents?
Start for free during beta. No credit card required.
Get Started Free →
© 2026 TokenForm LLC. All rights reserved. | security@tokenform.com