Here's the thing about giving AI agents money: it's terrifying. What if the agent misreads "buy a small pizza" and orders ten large ones? What if it enters a retry loop and keeps purchasing the same thing? What if it signs up for a $99/month SaaS tool you never asked for?
We've seen all of these happen. They're not hypotheticals — developers hit these problems constantly. And the fix isn't better prompts. It's hard spending limits enforced at the infrastructure level.
Soft limits vs. hard limits
Most people try to control agent spending with soft limits — writing "don't spend more than $20" in the system prompt, or adding application-level validation. Sounds reasonable.
It doesn't work. A prompt injection overrides the system prompt. A bug skips your validation logic. An unexpected API response confuses the agent into buying the same thing five times. We've seen all of these.
Hard limits are different. A virtual card with $25 loaded physically cannot be charged more than $25. The payment network enforces this, not software. No prompt injection, no bug, no hallucination can override Visa's transaction processor.
How AgentCard enforces hard limits
Every AgentCard is a prepaid virtual Visa with a fixed balance. The enforcement is dead simple:
- You set the budget — buy a card for $5, $25, $100, or any amount up to $200
- The balance IS the limit — the card cannot be charged beyond its loaded balance
- The payment network enforces it — when the agent tries to make a purchase, the network checks the balance. If the purchase exceeds the balance, it's declined. Period.
- No overdraft — unlike credit cards, virtual cards with fixed balances have no overdraft facility. $25 means $25.
Best practices for agent spending control
One card per task
This is the practice we recommend most. Don't reuse cards across tasks. A $10 card for the domain. A $25 card for lunch. A $50 card for API credits. Each task gets its own budget, and you can see exactly where every dollar went.
agentcard create --amount 10 # for domain purchase
agentcard create --amount 25 # for lunch order
agentcard create --amount 50 # for API credits
Start small
When testing a new agent workflow, start with $5. Seriously. We've watched people load $200 on a card for a "quick test" and regret it. Verify the agent behaves correctly first, then scale up. Cards are cheap to create.
Monitor in real time
Use agentcard balance <card-id> to check the remaining balance at any time. If something looks wrong, freeze the card instantly.
Refund unused balance
After a task completes, refund the unused balance immediately:
agentcard refund <card-id> --amount <n>
This returns funds to your original payment method.
What about recurring charges?
This is one of our favorite things about prepaid virtual cards. They're inherently resistant to recurring charges. Service tries to bill the card after the balance hits zero? Declined. Forgotten free trial? Declined. Surprise renewal three months later? Declined.
No lingering financial obligations. That matters a lot when your agent is signing up for things autonomously.
Comparing approaches
| Approach | Enforcement | Bypass risk | Agent compatible | |---|---|---|---| | Prompt instructions | Software | High | Yes | | Application-level checks | Software | Medium | Yes | | API rate limits | Software | Medium | Partially | | Virtual cards (AgentCard) | Network | None | Yes |
What's coming: native network-level controls
The payment networks are building spending controls designed specifically for AI agents. Visa Intelligent Commerce introduces tokenized credentials scoped to specific merchants — so an agent's payment method literally can't be used outside its intended purpose. MasterCard Agent Pay brings agent transactions into regulated banking frameworks.
We're integrating both as they roll out. These protocols will layer on top of the virtual card model we already offer, giving you even finer-grained control.
The bottom line
If you're giving an AI agent access to money, use hard limits. Full stop. Virtual cards are the simplest way to do this — the agent gets a card with a fixed balance, and Visa guarantees it can never exceed that balance.
No prompt is going to give you that guarantee. The payment network will.