For finance and payments teams
Human approval for agent-initiated payments and treasury
When an AI agent or automation can move money, the question is not whether the API call works. It is whether a named human authorized the exact transfer, and whether you can prove it later. Cosignet binds a passkey approval to the precise payload (amount, payee, reference) before the payment runs, and records it as verifiable evidence.
The incident math
One wrong transfer, a misdirected vendor payment, a treasury movement to the wrong address, an agent that misreads an invoice, can cost far more than the subscription that would have gated it. A Team plan is a fixed monthly cost. A single unauthorized or erroneous transfer is an open-ended one, plus the incident review, plus the audit questions. Cosignet puts a payload-bound human approval in the path of exactly those actions, and fails closed if no one approves.
How it works for a payment
- Your agent or backend calls Cosignet with the exact payment payload before executing.
- A named approver sees the transfer, re-hashed in their browser and confirmed against the signed fingerprint, and approves with a passkey (device user verification).
- The payment executes only on an explicit approved decision. No approval, no transfer.
- The approval is recorded in the transparency log, exportable as an evidence pack that verifies offline.
This applies the same design principle as PSD2 SCA dynamic linking, generalized outside the regulated SCA context. See dynamic linking for AI agent payments.
Evidence your finance and compliance teams can use
- DORA: ICT traceability and incident evidence for the authorization trail.
- PSD2 dynamic linking: the SCA pattern applied to agent actions.
- For auditors: verify a real approval end to end, offline.
Founding customers
We are working closely with a small number of founding customers in payments and treasury. You get direct founder access and your needs shape the roadmap, in exchange for candid feedback.
Informational, not legal advice. Cosignet secures the authorization and its evidence, not the payment rails, and is not a certified PSD2 or SCA solution. See the PSD2 page for the exact boundary.