If AI agents can spend money, who's holding the credit card?
I built a memory API agents can pay for. The actual problem isn't whether they can pay. It's per-tool caps, per-agent budgets, kill switches, and spend visibility.
I built a memory API that AI agents can pay for. $0.001 per call in USDC on Base. The demo at bmdpat.com/memory/demo shows real money move in real time.
Cool.
Now multiply that by every paid API your agent stack will eventually consume. Search. Inference. Vector DB. Scrapes. Memory. A typical 4-tool agent loop hits five priced endpoints per turn. A long-running task does this thousands of times a day.
A single rogue loop drains a wallet in minutes.
This is the actual problem. Not "can agents pay?" but:
- What's the per-tool cap?
- What's the per-agent budget?
- How do you kill an agent that's spending too fast?
- Who sees the spend by category, by agent, by hour?
The shape of the controls
The right place for these controls is at the SDK boundary, before the call goes out. Once an HTTP request leaves your process, the money is committed. You need to gate spend at the call site, not in a billing dashboard you check on Monday.
That means:
- Budgets the SDK enforces on every priced call. Hit the cap, the call short-circuits with a clean error.
- Per-tool caps so a single vector DB query that goes wrong can't accidentally cost $50.
- Rate limits so a runaway loop doesn't pile up calls before your monitor catches up.
- Kill switches with a one-line API. When something looks wrong, you stop the agent in one call from any other process.
- Spend visibility per agent, per tool, per hour. So you can see what's normal and what isn't.
Without these, "agents can pay" is a footgun. With them, it's a real product surface.
Why this is the actual product
Memory was the demo. It is small, concrete, and ships in a few hundred lines of Next.js middleware. The point of the demo isn't memory storage. It's proving the protocol works end-to-end with real money.
The product is the controls. Companies will not deploy agents that hold a wallet without runtime guardrails. Solo builders will not run an autonomous loop overnight without a budget cap. The whole agentic-payments wave runs into this wall the moment it hits production.
AgentGuard
Runtime spend controls for AI agents:
- Budgets the SDK enforces before the call goes out
- Per-tool caps so one bad call can't spike the bill
- Kill switches with a one-line API
- Spend visibility per agent, per tool, per hour
The memory API was the demo. AgentGuard is the product.
Patrick Hughes
Building BMD HODL — a one-person AI-operated holding company. Nashville, Tennessee. Twenty-Two agents.
Want more like this?
AI agent builds, real costs, what works. One email per week. No fluff.
More writing
- 5 min
When Tokens Cost 12 Cents Per Million, The Bottleneck Isn't Cost. It's Control.
NVIDIA Blackwell delivers 35x lower cost per token vs Hopper. That makes AI agents cheaper to run and harder to stop. Here's why that flips the runtime guard argument upside down.
- 5 min
When to Replace Your AI Agent With a Script
Will Larson says agents should be scaffolding, not permanent infrastructure. I run 12 agents overnight. Here's what I kept as agents and what I converted to code.
- 5 min
Your AI Agent's MCP Server Is a Security Hole
1 in 35 GenAI prompts carries high risk of data leakage. MCP makes the attack surface worse. Here's what builders need to know.