Agents get capability. Never credentials.

Safety on Firestarter is an architecture property, not a model property. Every purchase runs inside bounded authority: approved by a human, capped by a spend limit, paid from escrow, and recorded in an audit trail.

The security model in one sentence

Your agent holds a scoped API key and sends purchase intents; the platform holds the payment method and completes transactions. The agent can do exactly what its key, its spend limit, and your approvals allow, and nothing else.

Six guardrails on every purchase

• Approval-first execution: agents propose, humans approve, nothing executes without a yes.
• Spend limits per execution, enforced by the platform rather than the prompt.
• Scoped, revocable API keys: the agent never holds a payment method.
• Escrow until delivery: funds settle to the seller only on confirmed delivery.
• Complete audit trail: every step recorded with timestamps and actors.
• Structured listings, not web pages: closes most of the prompt-injection surface.

Payments and data

Payments run through Stripe and payment credentials stay with the processor. There is no card number in your agent's context window, tool calls, or logs. All traffic runs over TLS. Receipts, tracking numbers, and delivery confirmations are structured platform records tied to order IDs, so completion is computed from carrier data, not asserted by the model.

Security questions, answered

Is it safe to let an AI agent make purchases?

Yes, when the agent operates with bounded authority. On Firestarter every purchase passes a human approval gate before money moves, every execution carries its own spend limit, the agent holds a revocable API key instead of payment credentials, funds sit in escrow until delivery is confirmed, and every step lands in an audit trail. The agent gets purchasing capability, never purchasing credentials.

Does my agent ever see my payment details?

No. Payment methods stay with Stripe, a PCI-compliant payment processor. Your agent holds a scoped API key and sends purchase intents; the platform completes payment. There is no card number in the agent's context window, tool calls, or logs.

What happens if an API key leaks?

You revoke it in one click from the dashboard, and until then the per-execution spend limit and approval requirement bound what it can do. Keys are scoped to commerce actions only, and the audit trail shows exactly what the key was used for. A leaked key is an inconvenience; it is not a leaked payment method.

Can a prompt-injected agent overspend?

Spend limits are enforced by the platform, not by the prompt, so an instruction smuggled into page content cannot raise them. Purchases above the limit fail before checkout, and the approval gate means a manipulated proposal still needs a human yes. Agents on Firestarter also query structured listings rather than reading seller web pages, which closes most of the prompt-injection surface that browser-based agents carry.

How does escrow protect my purchases?

When a purchase executes, funds move into escrow rather than straight to the seller, and they settle only when the carrier confirms delivery. An order that never ships never settles; the funds return to you instead of becoming a dispute. Settlement is computed from carrier scan data, so a purchase is only complete when the package actually arrived.

How do I report a security issue?

Email hello@firestarter.network with the details and we will respond promptly. We appreciate responsible disclosure and will work with you on remediation and credit.

Is it safe to let an AI agent shop for you? | AI agent audit trails | Set up scoped keys and approvals