← Back to Home

Why AI Agents Need Constrained Delegation

Rialo provides a principled framework for granting autonomous agents access to real-world resources while protecting credentials, enforcing policies, and maintaining a complete audit trail.

The New Risk: Autonomous Agents with Real-World Access

AI agents are becoming increasingly capable of autonomous action, executing complex, multi-step tasks on behalf of individuals and institutions. To perform these tasks, agents are granted access to real-world resources — Web2 services, stablecoins and other digital assets, and read/write access to potentially sensitive data — by providing them with API keys and cryptographic secrets.

AI agents operate with a degree of inherent unpredictability. They can misinterpret instructions, be manipulated by malicious inputs to act against their owners, or make errors that propagate rapidly across interconnected systems before any human has the opportunity to intervene.

Granting an AI agent broad resource access introduces a new and poorly understood category of operational risks — one that sits at the intersection of software failure, adversarial exploitation, financial exposure, and data integrity.

Additionally, giving agents API keys and cryptographic secrets makes them a honeypot for attacks. Adversaries can target agents to steal keys and extract sensitive information. AI software is fundamentally different from traditional software — source code analysis and test frameworks are not applicable. Moreover, AI is prone to entirely new attack vectors such as prompt injection.

What Is Needed

A new approach must be taken to address the risks posed by AI agents. Specifically:

✓ Protect credentials API keys and cryptographic secrets must be shielded so that agents cannot leak them by mistake and attackers cannot compromise them.
✓ Guard-rail resource access Access must be constrained to protect against mistakes by agents themselves or actions triggered by malicious parties interacting with the agent.
✓ Monitor and audit Every action taken or attempted must be logged in a tamper-proof record.

What is needed is a principled framework for constrained delegation of access to resources — a mechanism by which an agent can be granted access to a resource while protecting the access credentials, limiting the scope of access, and monitoring all actions. Without such guarantees, the operational risk of deploying AI agents remains unacceptably high for any institution that bears fiduciary, regulatory, or contractual responsibility for outcomes.

The Rialo Framework

Rialo provides exactly this framework.

Gateways

For each resource, a gateway can be defined that guards access and enforces restrictions. Gateways run inside Rialo's confidential computing engine (REX), ensuring that credentials are protected at all times and can only be used through the gateway.

Access restrictions can be simple or complex:

✓ Capping quotas and limiting daily transaction volumes
✓ Allowing only read access instead of read/write
✓ Keyword-based content filtering
✓ Complex policies formulated in natural language and translated by LLMs into access control rules

Credential Protection

Users can encrypt their API keys under Rialo's encryption key, so credentials stay protected at all times and can only be used through the gateway. Similarly, users attach their Rialo omni account to a gateway to guard-rail the use of their tokens and digital assets.

Agent Registration

Users register their agents with Rialo and define exactly what access they want to allow and what restrictions to put in place. Agents can run anywhere — on users' hardware, in the cloud, or directly on Rialo.

Blockchain-Powered Guarantees

By running gateways on Rialo, users benefit from the unparalleled security and availability that blockchain offers:

✓ Auditable logs of all actions agents have taken — or have attempted to take and were denied
✓ Resource sharing users can share resources with other users' agents and monetize such sharing, since payment is native to blockchain
✓ RLO token Unified payment with RLO, no need for multiple wallets, different payment systems, or topping up separate accounts

The Gateway Marketplace

Gateways are typically tailored to the resource they protect. They can be created by users and made available to others through a marketplace.

✓ Auditable gateways that earn reputation through verifiable usage and performance metrics
✓ SLA enforcement backed by crypto-economic guarantees
✓ Measurable gateways different gateways for the same resource can be compared and evaluated by verified metrics
✓ Crypto economics that pay creators for building great gateways and ensure quality
✓ On-chain insurance pool funded by fees, offering users assurance if a gateway should fail

Live Demo

This site hosts a live demonstration of the email gateway. An OpenClaw agent extension submits a transaction to the Rialo blockchain to send an email. The transaction hits a smart contract that validates the request and forwards it to a REX node. The REX node's policy engine checks for compliance — rate limits, blocked content, sender verification — and if approved, delivers the email. The result is stored on-chain regardless of outcome.

You can explore the policy engine, view request logs, and see delivery details in the live dashboard.

The OpenClaw extension source is available at github.com/SubzeroLabs/openclaw-extension.