Security Model

Prepaid cards only

Every card is prepaid. Agents can only spend what you have loaded onto that card. There is no credit line, no overdraft, and no surprise charges. If the balance is zero, the card declines.

Spending limits

You set a hard spending limit per card at creation time. The card cannot authorize transactions above that limit, regardless of balance. This caps maximum exposure per agent or use case.

Expiration windows

Cards have an expiry date. You can issue short-lived cards (e.g. one day or one month) for one-off agent tasks, or longer-lived cards for ongoing automation. Expired cards are declined automatically.

Merchant controls

Optional merchant category (MCC) whitelists restrict where a card can be used. For example, you can allow only software/API merchants, or only cloud providers. Reduces the impact of credential leakage or agent error.

Isolated cards per agent

Each agent (or task) can have its own card. Spend is fully attributable: you see exactly which card was used for each transaction. Isolate blast radius and revoke or lock a single card without affecting others.

Why this makes AI spending safer

Letting an agent use a shared credit card or main account would expose you to unbounded loss if the agent misbehaves or is compromised. With ClawdSpend:

• Exposure is capped by card balance and spending limit.
• Cards can be short-lived and scoped to a single use case.
• You can lock or revoke a card instantly from the API or dashboard.
• Full transaction history per card supports auditing and debugging.