Skip to content
Hightop docs header art
Hightop
Start Here

Security and Control#

The previous pages explained how Hightop works and how your wallet is structured. This page explains why that structure is trustworthy — who is in charge, what agents explicitly cannot do, how you revoke access, and how you stay informed while agents operate.

Your research agent has been paying vendors around the clock for months. Here is why that has been safe.

Who Controls What#

There are three actors in Hightop, and they have clearly separated roles:

You hold the control wallet — the only address that can change the rules. Through the app, you decide when an agent is created, what permissions it receives, how much it can spend, which vendors it can pay, what assets it can touch, and when it expires. You can remove an agent at any time. You can move account control to a different wallet whenever you want. You are the only party that can widen permissions or approve new payment recipients.

Your agents operate through the API, inside the lanes you configured. They can execute allowed actions — pay an approved vendor, deposit into Earn, rebalance assets — but they cannot change the rules. An agent cannot grant itself new permissions, create other agents, approve new vendors, or move funds to unapproved destinations. Agents are operators, not controllers.

Hightop runs the app, the API, and the infrastructure. Hightop does not hold your control wallet's keys. Hightop cannot override the onchain rules, move your funds unilaterally, or change agent permissions on your behalf. Hightop does not take your deposits and lend them out behind your back, rehypothecate your assets, or make private bets with your money. If your funds earn yield, it is because you chose to deposit into Earn — and those funds go to visible, auditable protocols, not a hidden balance sheet.

For more on how the control wallet and smart contract wallet work together, see Your Hightop Wallet.

What Agents Cannot Do#

No matter what happens — a bug, a hallucination, a compromised API key — your research agent cannot:

  • exceed its spending or activity limits
  • touch assets outside its allowed set
  • use venues or protocols it was not approved for
  • pay recipients that are not on its approved list
  • bypass cooldowns, delays, or expiry windows
  • widen its own permissions or change its own limits
  • add other agents or escalate its own authority
  • access another agent's lane on the same account

These are not app-level restrictions that someone could turn off. They are enforced by the onchain control layer — the same smart contracts that hold your assets and validate every request.

But the boundaries only cover what is outside the lane — not what is inside it. If your research agent has permission to pay three vendors up to $200 per transaction in USDC, a compromised API key can still pay those three vendors up to $200 per transaction in USDC. The attacker gets the same authority the agent had. That is why narrow, purpose-built lanes matter: the tighter the lane, the less damage a compromise can cause.

How Outbound Money Is Controlled#

Every outbound movement of money in Hightop goes through one of three payment paths: Recurring Payments for known vendors with fixed limits, One-Off Payments for ad hoc payouts with review delays on larger amounts, and Trusted Transfers for fast moves to your own pre-approved destinations.

There is no "pay anyone, any amount, instantly" path. That is a design choice. Each path adds friction proportional to the risk: recurring vendors are pre-approved so the friction is low, one-off payments to new recipients have configurable delays, and trusted destinations require a days-long addition process before they become active.

If your research agent's API key is compromised, the attacker can only pay the vendors and amounts already in the agent's lane — they cannot redirect funds to a new address that was never approved.

How You Remove Access#

You are never locked into a delegation. Hightop gives you multiple ways to pull back control:

Remove an agent instantly. You can revoke an agent at any time through the app. Removal takes effect immediately — the agent can no longer act. There is no wind-down period where it retains partial authority.

Let agents expire automatically. When you create an agent, you can set an expiry window. When that window closes, the agent stops — even if you forget about it. Your research agent's six-month window means it stops on schedule whether you intervene or not.

Remove payment recipients. You can remove a recurring vendor or a trusted destination at any time. Once removed, no agent can pay that destination — even if the agent's other permissions are still intact.

The agent lifecycle is simple: Created → Waiting → Active → Expired or Removed. An agent does not start with full power and have it taken away. It starts inactive, becomes active only after any configured delay, operates within its lane, and then stops when it expires or you remove it.

What Kinds of Policies Are Enforced#

The controls you configure in Hightop span several categories:

  • Who an agent can pay — approved vendors, one-off recipients, trusted destinations
  • How much it can spend — per-transaction caps, per-period budgets, lifetime ceilings
  • What assets it can touch — restricted to specific tokens like USDC, or broader
  • What venues it can use — which markets and protocols the agent can interact with
  • How often it can act — cooldowns between actions, maximum action counts per period
  • When it can act — activation delays before it starts, expiry windows when it stops
  • What happens to larger payments — review delays and cancellation windows for one-off payouts

These are not just settings in a dashboard. Key policies in each of these categories are enforced onchain by open-source smart contracts. The app is where you configure them. The blockchain is where they are enforced.

For the full parameter reference, see Agent Permissions and Limits. For the trust argument behind onchain enforcement, see Why Onchain Enforcement Matters.

Delays That Protect You#

Some changes in Hightop do not take effect instantly — and that is the point.

Adding a new trusted transfer destination is delayed, often for days. New agents and recurring vendors also do not become active until their activation delay has passed, and larger one-off payments can sit behind a review delay. These delays create a response window against some of the highest-risk changes.

While a delayed change is waiting, all existing rules remain in force. Agents are still bound by their current limits, approved assets, and approved recipients. Hightop notifies you when these delayed changes are initiated, giving you time to see what is happening and cancel before they go live. But that delay protects the add path, not destinations that are already active. Small one-off payments can still clear within the rules already in force, and an already active trusted destination can be used immediately by the control wallet.

Visibility and Account Access#

You are not flying blind while agents operate. The Hightop app gives you real-time notifications when agents act — payments sent, limits reached, one-off payouts pending review — and alerts you when critical changes like new trusted destinations are initiated. You can review all agent activity in the app at any time.

The app supports biometric authentication and optional TOTP-based two-factor authentication. With these enabled, physical access to your device alone is not enough to approve transactions or change agent rules.

What This Model Does Not Eliminate#

Hightop reduces custody and account-control risk — your funds are not sitting on a company's balance sheet, and agents cannot exceed their configured boundaries. But this addresses custody and account-control risk, not all financial risk. DeFi protocols carry their own risks, and Hightop is not FDIC insured. Reduced risk is not zero risk.

If you configure a broad lane for an agent, a compromise of that agent's API key can use the full breadth of that lane. If you keep the default Turnkey embedded setup, your email-based access path still matters — a compromised email could be a path to your control wallet. If a one-off payment falls below the instant threshold, it clears within the rules you already configured, with no additional review delay. And if a trusted destination is already active, the control wallet can move funds there immediately.

The controls work best when you configure them deliberately: narrow lanes, short expiry windows, tight limits, and the minimum permissions each agent actually needs. The system enforces whatever boundaries you set — but it cannot make those boundaries tighter than you chose.

Where to Go Next#

Previous

Your Hightop Wallet

Next

Agents