{"currentVersionId":"ver_seed_20260324000000_20260324000000","generatedAt":"2026-05-04T00:12:05.617Z","latestDraftVersionId":null,"report":{"publishedAt":"2026-03-24T00:00:00.000Z","slug":"agent-treasury-controls-2026","summary":"A category report on how agent products should separate runtime spend policy, treasury approval, custody controls, and owner release.","title":"Agent Treasury Controls, 2026","updatedAt":"2026-03-24T00:00:00.000Z"},"versionCount":1,"versions":[{"actor":{"method":"system","name":"System snapshot","role":"system","userId":null},"artifactCount":8,"artifactFormats":["markdown","json","charts","definition","evidence","methodology","sources","bundle"],"artifacts":[{"apiPath":"/api/reports/agent-treasury-controls-2026/markdown","byteLength":15789,"format":"markdown","priceUsdc":0,"sha256":"489ebf1f1aa700f72ea3835f6aafc92ab35a8db903f5a9f0a6f595ceeb60bc90","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/json","byteLength":null,"format":"json","priceUsdc":0,"sha256":null,"status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/charts","byteLength":3529,"format":"charts","priceUsdc":0,"sha256":"6d1f8e2038072ff2b5fda2bed92ac39bb23213d6ef6d1527e17cbcb66a91f40e","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/definition","byteLength":2552,"format":"definition","priceUsdc":0,"sha256":"035b18e2cf567a9ad2f0aa1ba0443f9fca5c419a82cb20f0917809fc26b37339","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/evidence","byteLength":7451,"format":"evidence","priceUsdc":0,"sha256":"71fabae6f0e4c2a828d8ff4549c3474593d11a55d65e7724bab7c21e67f9c5dc","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/methodology","byteLength":1048,"format":"methodology","priceUsdc":0,"sha256":"7c4792ffac7827f29266926a75b4940dd2196a9d174382f4c605d3db98a2b2cb","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/sources","byteLength":2608,"format":"sources","priceUsdc":0,"sha256":"93407e2938c6aa89485cba6fcf586738453205d12589512eaaf83ae0d1b24fa3","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/bundle","byteLength":null,"format":"bundle","priceUsdc":0,"sha256":null,"status":"live"}],"chartCount":2,"createdAt":"2026-03-24T00:00:00.000Z","evidenceClaimCount":6,"definitionEntryCount":15,"hashes":{"bundleSha256":null,"chartsSha256":"6d1f8e2038072ff2b5fda2bed92ac39bb23213d6ef6d1527e17cbcb66a91f40e","definitionSha256":"035b18e2cf567a9ad2f0aa1ba0443f9fca5c419a82cb20f0917809fc26b37339","evidenceSha256":"71fabae6f0e4c2a828d8ff4549c3474593d11a55d65e7724bab7c21e67f9c5dc","jsonSha256":null,"markdownSha256":"489ebf1f1aa700f72ea3835f6aafc92ab35a8db903f5a9f0a6f595ceeb60bc90","methodologySha256":"7c4792ffac7827f29266926a75b4940dd2196a9d174382f4c605d3db98a2b2cb","sourcesSha256":"93407e2938c6aa89485cba6fcf586738453205d12589512eaaf83ae0d1b24fa3"},"id":"ver_seed_20260324000000_20260324000000","liveArtifactCount":8,"methodologyStepCount":4,"note":"Seeded from the currently published deep report state.","publishedAt":"2026-03-24T00:00:00.000Z","reportCharts":[{"chartType":"bar","pointCount":5,"series":["custody policy","finance approval","fresh owner step-up","runtime policy"],"title":"Which treasury control surface should dominate each action","unit":"relative control weight"},{"chartType":"bar","pointCount":5,"series":["product operator","security or executive owner","treasury or finance owner"],"title":"Who should own the final decision for each treasury action","unit":"relative ownership weight"}],"reportClaims":[{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"rebalances-are-treasury-events","kind":"comparison","section":"Top-ups and rebalances extend authority","sourceLabels":["AI Runtime Security multi-agent controls","Fireblocks custody overview","Stripe Treasury overview"],"statement":"Cross-rail rebalance or bridge actions should be treated as treasury events because they change settlement exposure, counterparties, and recovery assumptions rather than merely consuming budget."},{"chartTitles":["Who should own the final decision for each treasury action"],"confidence":"high","id":"payouts-need-accountability","kind":"finding","section":"Payouts need named accountability","sourceLabels":["Fireblocks custody overview","Oracle delegate versus reassign","Stripe Treasury overview"],"statement":"Customer payouts or refunds need named accountability, destination review, and stronger finance ownership because outward value transfer is harder to reverse than routine runtime spend."},{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"scope-release-is-governance","kind":"comparison","section":"Scope release is governance, not spending","sourceLabels":["Cloudflare human-in-the-loop","Oracle delegate versus reassign","Passage step-up authentication"],"statement":"Private-route or policy expansion should require diff-aware review and fresh owner presence rather than relying on the same delegated authority used for routine execution."},{"chartTitles":["Who should own the final decision for each treasury action"],"confidence":"high","id":"ownership-needs-separate-lanes","kind":"comparison","section":"Bottom line","sourceLabels":["Cerbos authorization in workflows","Cloudflare human-in-the-loop","Coinbase CDP Wallets overview"],"statement":"Product operators, treasury owners, and release owners should see different decision lanes because treasury control is really a coordination problem across runtime policy, custody, finance approval, and owner release."},{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"runtime-spend-stays-delegated","kind":"comparison","section":"Routine spend should stay delegated","sourceLabels":["Cerbos authorization in workflows","Coinbase CDP Wallets overview","Turnkey embedded wallet guide"],"statement":"Routine API or tool spend should usually stay inside runtime caps, scope checks, and destination allowlists instead of reopening finance review for every bounded action."},{"chartTitles":["Which treasury control surface should dominate each action"],"confidence":"high","id":"refills-extend-authority","kind":"finding","section":"Top-ups and rebalances extend authority","sourceLabels":["Fireblocks custody overview","Stripe Treasury overview","Turnkey embedded wallet guide"],"statement":"Wallet top-ups or refills are authority-extending actions because they add fresh balance that future runtime activity can keep using, so finance approval and custody policy should dominate more than routine runtime convenience."}],"reportDefinitionEntries":[{"category":"dataset_window","label":"Q1 2026 operator docs and production guidance"},{"category":"domain_hint","label":"developers.cloudflare.com"},{"category":"domain_hint","label":"developers.fireblocks.com"},{"category":"domain_hint","label":"docs.cdp.coinbase.com"},{"category":"domain_hint","label":"docs.passage.id"},{"category":"domain_hint","label":"docs.stripe.com"},{"category":"domain_hint","label":"docs.turnkey.com"},{"category":"prompt_guidance","label":"Keep the category boundary sharp: runtime policy, custody policy, finance approval, and owner release are different control layers."},{"category":"prompt_guidance","label":"Prefer action-by-action operator decisions over abstract autonomy rhetoric."},{"category":"prompt_guidance","label":"Use charts only if they clarify which control surface or owner should dominate a treasury action."},{"category":"research_prompt","label":"Boundary failure sweep :: gpt-5.4-mini"},{"category":"research_prompt","label":"Treasury control sweep :: gpt-5.4-mini"},{"category":"search_query","label":"Rebalance and payout controls :: bridge rebalance payout treasury approval custody controls agents"},{"category":"search_query","label":"Release and step-up controls :: step up authentication publish approval workflow treasury controls"},{"category":"search_query","label":"Runtime spend versus refill guidance :: agent runtime spend caps wallet top up treasury controls March 2026"}],"reportMethodology":["Anchored the report in official custody, treasury, workflow, wallet, and step-up documentation from Coinbase, Stripe, Turnkey, Fireblocks, Passage, Cloudflare, and Oracle as of March 24, 2026.","Used one deep research run plus three focused search sweeps to separate routine agent spend from refill, rebalance, payout, and release decisions.","Modeled treasury control as four distinct surfaces: runtime policy, custody policy, finance approval, and fresh owner presence.","Preferred operator decision rules and control ownership over generalized governance language."],"reportPublishedAt":"2026-03-24T00:00:00.000Z","reportSources":[{"kind":"ecosystem","label":"AI Runtime Security multi-agent controls","note":"Runtime guardrail framing for delegation depth, no-privilege-escalation, and scope inheritance.","url":"https://airuntimesecurity.io/core/multi-agent-controls"},{"kind":"ecosystem","label":"Cerbos authorization in workflows","note":"Application-layer framing for authorization that persists across workflow state transitions.","url":"https://www.cerbos.dev/blog/authorization-in-workflows"},{"kind":"official","label":"Cloudflare human-in-the-loop","note":"Workflow pause, approval, timeout, and resume patterns for long-running agent systems.","url":"https://developers.cloudflare.com/agents/concepts/human-in-the-loop"},{"kind":"official","label":"Coinbase CDP Wallets overview","note":"Wallet-control surface for agent-facing products and embedded transaction management.","url":"https://docs.cdp.coinbase.com/wallet-api/docs/welcome"},{"kind":"official","label":"Fireblocks custody overview","note":"Institutional custody and policy surface for treasury-heavy workflows and approval boundaries.","url":"https://developers.fireblocks.com/docs/overview"},{"kind":"official","label":"Oracle delegate versus reassign","note":"Useful distinction between temporary delegated action and true ownership transfer.","url":"https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"},{"kind":"official","label":"Passage step-up authentication","note":"Reference for requiring fresh user presence on sensitive release or payout actions.","url":"https://docs.passage.id/flex/step-up"},{"kind":"official","label":"Stripe Treasury overview","note":"Treasury primitives and money-movement framing for balances, outbound flows, and financial accounts.","url":"https://docs.stripe.com/treasury"},{"kind":"official","label":"Turnkey embedded wallet guide","note":"Operational wallet-control guidance covering delegated, app-controlled, and shared-custody models.","url":"https://docs.turnkey.com/production-checklist/embedded-wallet"}],"reportSummary":"A category report on how agent products should separate runtime spend policy, treasury approval, custody controls, and owner release.","reportTitle":"Agent Treasury Controls, 2026","reportUpdatedAt":"2026-03-24T00:00:00.000Z","slug":"agent-treasury-controls-2026","source":{"jobId":null,"kind":"seed","refreshDraftId":null},"sourceCount":9,"status":"published","updatedAt":"2026-05-04T00:12:05.580Z"}]}