Agents now pay for APIs, data and compute on their own — hundreds of tiny stablecoin payments a minute, with no human clicking "confirm." Your bank flags a weird charge in seconds. Nobody does that for an agent that just got compromised. Burnwatch learns each agent's normal spend and alerts the instant the money starts leaving.
The big platforms will sell you per-transaction limits — but only if your agent lives entirely inside their walled garden, and only if the attacker spends in obvious round numbers. A compromised agent doesn't. It bleeds you in thousands of "normal-looking" micro-payments.
No custody migration. No new wallet. It rides alongside the agent you already run.
A thin SDK shim around your agent's x402 / payment client — pip install burnwatch. Outbound-only, fail-open, never in the money path.
A short warm-up of real payments teaches it each agent's typical spend rate, counterparties, destinations and hours.
Anomaly fires → you get a push / webhook / email with the agent, the suspicious payments and the evidence. Observe-only.
An agent that normally spends cents a minute suddenly burning dollars a second — the classic hijacked-agent drain.
Payments to a recipient or endpoint this agent has never paid before, appearing out of nowhere.
Spend on a service category outside the agent's normal mix — a research bot suddenly buying compute it never touches.
A rapid burst of escalating payments right after a tool call — the signature of an agent that's been talked into spending.
Burnwatch watches payment metadata — amount, recipient, frequency — and alerts. It never holds your money, never holds your private keys, never sits in the payment path. Think smoke detector, not a vault. That's the whole design, and the reason you can drop it in without trusting us with anything that matters.
Burnwatch is in early access. Drop your email to claim a founding spot — and tell us what your agents are running so we build for your stack first.