Hardware-Hybrid Custody stores one MPC key share on physical hardware and distributes remaining shares across the MPC network, preventing cloud-based attacks from moving funds.
Hardware-Hybrid Custody stores one MPC key share on physical hardware and distributes remaining shares across the MPC network, preventing cloud-based attacks from moving funds.
DeAgenticAI’s Agentic Control Plane enforces cryptographic policy over AI agent authority — separating what an agent can do from what it is authorized to do — in Web3 and enterprise financial environments. Hardware-Hybrid Custody is the institutional security layer within that stack that closes a specific residual risk in cloud-native MPC deployments: the scenario in which an attacker compromises enough cloud-hosted signing nodes to reach a signing threshold without ever breaching a physical perimeter.
Hardware-Hybrid Custody closes the residual risk that remains in fully cloud-hosted MPC systems: if enough cloud nodes are compromised to reach threshold, funds can be moved without any physical breach. By requiring one key share from a physically held hardware device, DeAgenticAI adds a second trust domain that cloud compromise alone cannot satisfy.
For institutions managing tokenised real-world assets and on-chain treasury operations, this changes custody from “secure if the cloud perimeter holds” to “secure even if cloud infrastructure is breached.” A valid signature requires both the MPC quorum and the hardware-held share, so attackers must achieve cloud-scale compromise and physical access at the same time.
Hardware-Hybrid Custody also preserves automation for governed AI-agent execution. It is not a manual approval model for every transaction; it is a cryptographic boundary at the key layer. Policy-governed autonomous workflows can continue, while the physical share enforces a hard stop against cloud-only key exfiltration and unilateral signing.
Inside the Agentic Control Plane, this layer works with upstream controls like Intent Sanitization and Policy DSL, and with downstream signing enforcement in Intent-Evaluated MPC. Together they provide defense in depth: identity and intent checks, policy verification, and physical-key participation in the final signature ceremony.
Hardware-Hybrid Custody is DeAgenticAI's institutional security model in which one MPC key share is stored on a physical hardware device — Ledger, YubiKey, or HSM — while remaining shares are distributed across the MPC signing node network. A valid signature requires both the cloud MPC quorum and the hardware-held share. No cloud-based attack can produce a valid signature without also achieving a physical breach of the hardware device.
In standard cloud MPC, all key shares reside on network-accessible nodes. An attacker who compromises enough nodes to meet the signing threshold can produce a valid signature entirely from cloud infrastructure — no physical breach required. Hardware-Hybrid Custody removes this possibility by placing one share on a physical device outside the cloud perimeter. Complete compromise of every MPC node in the network is not sufficient to sign without the hardware share.
Yes. Hardware-Hybrid Custody is designed for agent-compatible automated signing. The hardware device participates in the multi-party signing ceremony as part of the automated execution flow — institutions do not manually approve each individual agent transaction. The physical custody requirement enforces a security boundary at the key layer, not a manual approval gate at the transaction layer.
The two layers operate as a dual-verification architecture within the ACP. Intent-Evaluated MPC at Layer 7 requires signing nodes to verify the policy authorization hash before contributing partial signatures. Hardware-Hybrid Custody at Layer 6 requires the physical key share to participate in the threshold signature ceremony. An agent proposal must satisfy both: policy compliance verified by IEMPC, and physical key contribution by Hardware-Hybrid Custody.
Our early access is invite-only. Join the design partner waitlist to track DeAgenticAI's progress and shape governed autonomous execution with our team. No marketing fluff-just infrastructure updates.
By joining, you agree to receive updates about our platform. No spam, ever.