Now in early access

Agent spending,
governed.

Arkin sits between your AI agents and their financial tools. Every payment is evaluated against your policy — and signed to a tamper-evident audit log — before it executes.

Start for free See how it works

arkin · audit log · live

Audit log Policies Approvals

1,284

Intercepted

↑ 12% this week

Blocked

3.7% block rate

Escalated

Pending review

procure-1

Staples $340 Allow

catering-2

DoorDash $2,100 Block

exec-admin

Uber $890 Allow

procure-1

WeWork $12,500 Escalate

data-eng

Snowflake $8,200 Allow

Works with the agent frameworks your team already uses

       LangChain
       CrewAI
       LlamaIndex
       OpenAI Agents
       Anthropic SDK
    

The problem

AI agents can spend real money.
Most have no guardrails.

As agents take on more autonomy, the blast radius of a mistake — or a prompt injection — grows with it.

No visibility

Agents make dozens of financial decisions autonomously. By the time a human notices, the money is already gone.

No policy enforcement

System prompts ask agents to be careful. They're not a contract — they're a suggestion the model can override or ignore.

No audit trail

When something goes wrong, there's no tamper-evident record of what the agent did, why, and what rule it violated.

How it works

The agent spending stack.

Six layers sit between an agent's intent and a dollar leaving the account. Arkin is the policy layer — the one place every action can be intercepted, evaluated, and recorded before it executes.

Application

Python · Node.js

Defines the agent, sets the goal

LLM API

Claude · GPT · Gemini

Reasons, decides which tools to call

Agent framework

LangChain · CrewAI · LlamaIndex

Parses tool calls, manages memory, routes to functions

Arkin

@arkin_tool decorator

Intercepts every tool call · evaluates against policy

Card-issuing APIs

Lithic · Stripe · Marqeta

Card-issuing APIs that execute the action — if Arkin allows it

Banking rails

ACH · SWIFT · Card networks

Money moves — irreversible

Policy intelligence

Enforce what you meant,
not just what you wrote.

Arkin reads the intent behind a policy, not just its wording. A transaction can satisfy every literal clause and still betray what the rule was written to protect. Arkin closes that gap.

Policy · written in plain English

“Only procure from American suppliers.”

As written

Reads the words

Country of registration is United States Delaware, US

Federal tax ID (EIN) on file 87-••••••

Billing address inside the US Wilmington, DE

Pass Every literal clause satisfied

As intended · Arkin

Reads the meaning

The rule exists to keep spend with genuinely US-owned businesses, so Arkin traces who really owns the vendor.

Meridian Supply Co

Wilmington, DE · US C-Corp

US-registered

100% owned by

Nordström Holding AB

Stockholm, Sweden · ultimate parent

⚑ Foreign owner

Escalate Passes the rule, fails its intent

Features

Everything compliance needs.
Nothing agents notice.

Built for the people who have to answer for what the agent did — not the people who built it.

● Live

Tamper-evident audit log

Every decision is appended to a SHA-256 signed chain. Any offline modification is detectable. Export to S3, Splunk, or your compliance vendor.

● Live

Policy engine

Approved vendors, spend limits, payment-method restrictions. Plain-language rules, first match wins. No code deploys to change a threshold.

● Live

Policy change history

Every update is diffed, signed, and attributed. Full rollback. Regulator-ready exports.

● Live

Framework agnostic

One decorator wraps any Python function. LangChain, CrewAI, LlamaIndex, OpenAI Agents SDK — supported on day one.

○ Coming soon

Approvals queue

Unusual transactions pause for human review. The agent waits. Compliance decides. Slack and email mirrors for off-console triage.

○ Coming soon

Policy that compounds

Every decision becomes a signal. Arkin surfaces where policy runs too loose or too strict — you approve each change, signed and attributed. Your controls get sharper with every cycle.

For developers

One decorator.
Every tool, governed.

Wrap any tool function with @arkin_tool and Arkin intercepts every call. No agent-side changes; no model retraining.

Define policy

Approved vendors, spend ceilings, wire caps, per-agent budgets — written once, applied to every agent.

Intercept the call

Every wrapped tool runs the policy engine before executing. Decision in <5ms.

Sign, log, route

Sign the decision, append it to the audit chain, and route escalations to Slack, email, or the in-app queue.

tools/payments.py

from arkin import arkin_tool

@arkin_tool
def pay_vendor(vendor: str, amount: float):
    # your existing tool — unchanged
    return stripe.transfers.create(
        amount=int(amount * 100),
        currency="usd",
        destination=vendor,
    )

Agent spending,governed.

AI agents can spend real money.Most have no guardrails.

The agent spending stack.

Enforce what you meant,not just what you wrote.

Everything compliance needs.Nothing agents notice.

One decorator.Every tool, governed.

Ready for your agentsto spend safely?

Agent spending,
governed.

AI agents can spend real money.
Most have no guardrails.

Enforce what you meant,
not just what you wrote.

Everything compliance needs.
Nothing agents notice.

One decorator.
Every tool, governed.

Ready for your agents
to spend safely?