What is PQSafe AgentPay?

The problem

AI agents are increasingly capable of taking real-world actions — including spending money. Today, almost every team that deploys a payment-capable agent does so in one of two unsafe ways:

1. Hardcoded API keys — the agent has unrestricted access to a payment rail. One compromised prompt, one hallucinated recipient, one runaway loop = unlimited liability.
2. Human approval for every payment — eliminates the value of having an autonomous agent. If every payment requires a human to click “approve”, you haven’t automated anything.

Neither extreme is acceptable for production agentic systems.

What PQSafe does

PQSafe AgentPay introduces a third option: cryptographically bounded payment authorization.

Before an agent makes any payment, a human operator signs a spend envelope — a small JSON document that specifies:

• The maximum amount the agent may spend
• Which recipients are allowed
• Which payment rails may be used
• A time window (the envelope expires)
• Optionally, an approval threshold (auto-approve small amounts; require human sign-off above a cap)

The envelope is signed using ML-DSA-65 (FIPS 204), a post-quantum digital signature algorithm standardized by NIST in 2024. Once signed, the envelope is cryptographically bound: no field can be changed without invalidating the signature. The agent cannot spend more than authorized, cannot pay an unauthorized recipient, and cannot use an unauthorized rail — even if the agent is compromised or hallucinating.

Every payment attempt, whether successful or not, is appended to an immutable ledger. The ledger gives you a full audit trail for compliance, debugging, and cost attribution.

How it fits together

Human operator → signs SpendEnvelope (ML-DSA-65)
                        ↓
               Agent calls executeAgentPayment()
                        ↓
               SDK verifies signature + all envelope bounds
                        ↓
               If all checks pass → dispatches to rail
               (Airwallex / Wise / Stripe / USDC Base / x402)
                        ↓
               Appends record to immutable ledger

The agent is autonomous within the envelope. Outside the envelope, there is no bypass.

Why post-quantum signatures?

Classical payment authorization relies on ECDSA or RSA signatures. Both are vulnerable to Shor’s algorithm on a sufficiently powerful quantum computer. Credible estimates put “cryptographically relevant” quantum computers 10–15 years away — exactly the time horizon over which agentic payment infrastructure needs to be designed.

ML-DSA-65 is based on module lattice problems, which have no known quantum speedup. Using it now means PQSafe-authorized payments remain unforgeable even as quantum hardware matures.

What PQSafe is not

• Not a payment processor — PQSafe is an authorization layer. It wraps existing rails (Airwallex, Wise, Stripe, USDC, x402), not a competitor to them.
• Not a custodial wallet — your funds stay in your existing Airwallex/Wise/Stripe/crypto accounts. PQSafe controls authorization, not custody.
• Not a smart contract — the core authorization is off-chain (cryptographic). On-chain anchoring via Arbitrum is optional for high-value or regulated payments.

Tip

If you’re a YC founder evaluating PQSafe: the 5-minute Quickstart will get you to a working signed payment. The LangChain guide shows the full production integration pattern.

Next steps

• Quickstart (5 min) — send your first payment
• Spend Envelope — deep dive on the authorization primitive
• ML-DSA-65 (FIPS 204) — the post-quantum signature algorithm
• Architecture — full system diagram