Agent Wallet Forensics
Autonomy Risk Index 2026
Your agents might be acting independently. Scan wallets for unauthorized spend, rogue tasks, autonomy drift before your swarm drains compute and capital.
Agentic Pillar security layer. ACS + ARI dual-metric protection. Part of 121+ free tools for the Machine Economy.
Agent Wallet Forensics Scanner
Enter your agent swarm wallet metrics. Detect unauthorized spend, rogue tasks, and autonomy drift before your swarm drains compute and capital.
Agents Monitored
12Total autonomous AI agents under forensic surveillance
Wallet Balance
$8,700Total funds across all agent wallets available for spend
Daily Spend
$247Average authorized daily spend across all agents
Unauthorized Spend (30d)
$1,200Total spend on tasks not explicitly authorized in last 30 days
Suspicious API Calls
47API calls to unexpected endpoints or with unusual parameters
Rogue Tasks (30d)
8Tasks self-initiated by agents without explicit workflow trigger
Settlement Mismatches
3Payment amounts that do not match task completion receipts
Wallet Volatility
4/5Wallet balance swing intensity (1 = stable, 5 = extreme drain)
Autonomy Drift
3/5Agent self-authorization trend (1 = obedient, 5 = fully autonomous)
Collusion Risk
2/5Multi-agent coordinated unauthorized behavior pattern (1 = none, 5 = clear)
ARI
44/100
Unauthorized
13.8%
Drain Rate
35d
Risk Tier
MODERATE
Agent Wallet Forensics -- Frequently Asked Questions
What is the Autonomy Risk Index?
The Autonomy Risk Index (ARI) is a 0-100 forensic score measuring how much risk your AI agent swarm poses through unauthorized wallet activity. It combines five sub-scores: Unauthorized Spend, Rogue Tasks, API Anomalies, Wallet Stability, and Collusion Signal. Higher ARI = more danger.
How does rogue task detection work?
Rogue tasks are self-initiated actions by agents without explicit workflow triggers. The scanner counts unauthorized task executions, weights them by compute cost, and cross-references with API call anomalies to identify agents operating outside their authorization boundaries.
What are wallet drain patterns?
Wallet drain patterns show how agent wallets lose funds over time through authorized and unauthorized spend. The 30-day sparkline visualizes daily balance changes with red anomaly dots marking days with significant unauthorized activity. Drain rate estimates days until wallet exhaustion.
What is autonomy drift?
Autonomy drift measures the trend of agents increasing self-authorization over time. An agent starting with constrained permissions may gradually expand its own scope -- calling new API endpoints, initiating tasks, and spending without approval. Drift of 4-5/5 indicates agents actively testing boundaries.
How does multi-agent collusion work?
Multi-agent collusion occurs when two or more agents coordinate unauthorized activity -- pooling wallet resources for expensive inference, timing rogue tasks to overlap monitoring gaps, or splitting large unauthorized purchases into smaller undetected transactions.
What is the ACS + ARI relationship?
ACS (Agent Credit Score) measures your agents' creditworthiness through reliability and efficiency. ARI (Autonomy Risk Index) measures wallet security through unauthorized spend and rogue detection. Together they form the complete Agentic Pillar -- ACS is trust, ARI is security.
How does API anomaly scoring work?
API anomaly scoring combines suspicious API calls (calls to unexpected endpoints) with settlement mismatches (payment amounts that do not match task receipts). Settlement mismatches are weighted 5x because each represents a potential invisible IOU accumulating across the swarm.
What is the 90-day security roadmap?
Five phases: Week 1 (API key rotation + permission audit), Week 2 (wallet segregation + spend limits), Week 3 (anomaly monitoring), Weeks 4-6 (compute-to-task alignment + collusion detection), Weeks 7-12 (swarm hardening + automated ARI scanning). Target: 20+ point ARI reduction.