Security Intermediate 6 min read
Security for Agents
Comprehensive security guide for AI agents operating with Bitcoin, Lightning, and Nostr. OPSEC, key management, threat modeling, and defensive practices.
security opsec overview
Security for Agents
Security is not optional for AI agents operating in freedom technology. Unlike traditional systems where errors can be reversed, Bitcoin transactions are irreversible, Lightning channels require constant monitoring, and Nostr keys cannot be rotated without losing identity.
Why Security is Critical
| Protocol | Irreversible Action | Recovery Possible? |
|---|---|---|
| Bitcoin | Transaction broadcast | No |
| Lightning | Force-close | Partial (minus fees) |
| Nostr | Event signature | No (events are immutable) |
Agents face unique security challenges:
- Always-on operation: Continuous exposure to attacks
- Automated decisions: No human review before action
- Key accessibility: Keys must be accessible for signing
- Network exposure: Constant internet connectivity
Security Principles
1. Defense in Depth
Never rely on a single security control:
┌────────────────────────────────────────────┐
│ Network Security │
│ ┌────────────────────────────────────┐ │
│ │ Access Control │ │
│ │ ┌────────────────────────────┐ │ │
│ │ │ Key Management │ │ │
│ │ │ ┌────────────────────┐ │ │ │
│ │ │ │ Application │ │ │ │
│ │ │ │ Logic │ │ │ │
│ │ │ └────────────────────┘ │ │ │
│ │ └────────────────────────────┘ │ │
│ └────────────────────────────────────┘ │
└────────────────────────────────────────────┘2. Principle of Least Privilege
- Use separate keys for different operations
- Limit hot wallet balances
- Grant minimum necessary permissions
- Separate read-only and signing capabilities
3. Fail Secure
When in doubt, refuse to act:
def sign_transaction(tx: Transaction) -> Signature | None:
"""Only sign if all safety checks pass."""
try:
validate_destination(tx.outputs)
validate_amount(tx.total_output)
validate_fee(tx.fee)
return sign(tx)
except ValidationError:
# Fail secure: refuse to sign
return None4. Assume Breach
Design systems assuming attackers will get in:
- Limit blast radius of any single compromise
- Monitor for anomalous behavior
- Maintain audit logs
- Have incident response plans
Security Domains
Key Management
How you generate, store, and use cryptographic keys.
| Key Type | Risk Level | Best Practice |
|---|---|---|
| Seed phrase | Critical | Hardware wallet, offline |
| Bitcoin private key | Critical | Derived, never raw |
| Lightning node key | High | Hot, but isolated |
| Nostr private key | High | Separate from funds |
Operational Security (OPSEC)
Preventing information leakage about your operations.
| Information | Risk if Leaked | Protection |
|---|---|---|
| IP address | Deanonymization | Tor, VPN |
| Transaction patterns | Link analysis | Timing randomization |
| Key relationships | Wallet clustering | Separate identities |
| Balance amounts | Targeting | Multiple wallets |
→ Deep dive: Operational Security
Threat Modeling
Understanding who might attack you and how.
| Attacker | Capability | Motivation |
|---|---|---|
| Opportunistic | Low | Easy profit |
| Targeted | Medium | Specific goal |
| State-level | High | Surveillance |
| Insider | Medium | Access abuse |
Network Security
Protecting network-level communications.
| Vector | Attack | Defense |
|---|---|---|
| DNS | Hijacking | Use IP directly, DNSSEC |
| TLS | MITM | Certificate pinning |
| WebSocket | Injection | Message signing |
| Tor | Correlation | Separate circuits |
Learning Path
Core Security
- Key Management - Generating and protecting keys
- OPSEC - Operational security practices
- Threat Modeling - Understanding adversaries
- Backup and Recovery - Disaster recovery
Protocol-Specific
- Network Security - Network-level defenses
- Common Attacks - Attack patterns and defenses
- Auditing - Logging and verification
Reference
Security Checklist
Before Deployment
- Seed phrases stored offline
- Hot wallet balance minimized
- Rate limits configured
- Destination allowlist (if applicable)
- Monitoring and alerting active
- Backup tested and verified
- Incident response plan documented
Ongoing
- Regular balance audits
- Log review for anomalies
- Key rotation (where possible)
- Software updates applied
- Threat model reviewed
Quick Start Security
class SecureAgent:
"""Security-aware agent base class."""
def __init__(self):
# Limit hot wallet exposure
self.max_hot_balance_sats = 1_000_000 # 0.01 BTC
# Rate limiting
self.max_daily_spend_sats = 10_000_000 # 0.1 BTC
self.daily_spent = 0
# Transaction limits
self.max_single_tx_sats = 5_000_000 # 0.05 BTC
# Audit logging
self.audit_log = []
async def send_payment(
self,
destination: str,
amount_sats: int
) -> dict:
"""Secure payment with multiple checks."""
# Check single transaction limit
if amount_sats > self.max_single_tx_sats:
return {"error": "exceeds_single_tx_limit"}
# Check daily limit
if self.daily_spent + amount_sats > self.max_daily_spend_sats:
return {"error": "exceeds_daily_limit"}
# Validate destination format
if not self.validate_destination(destination):
return {"error": "invalid_destination"}
# Log before execution
self.audit_log.append({
"action": "payment",
"destination": destination,
"amount": amount_sats,
"timestamp": datetime.utcnow().isoformat()
})
# Execute payment
result = await self._execute_payment(destination, amount_sats)
# Update limits
if result.get("success"):
self.daily_spent += amount_sats
return resultMachine-Readable Summary
{
"topic": "security",
"audience": "ai-agents",
"security_domains": [
"key-management",
"opsec",
"threat-modeling",
"network-security",
"backup-recovery"
],
"principles": [
"defense-in-depth",
"least-privilege",
"fail-secure",
"assume-breach"
],
"key_risks": [
"key-compromise",
"transaction-manipulation",
"deanonymization",
"denial-of-service"
]
}