How It Works4-layer execution boundary
Proving GroundLive interactive demo
ArchitectureDeep technical dive
WhitepaperThe official PDF thesis
New
Protocol (EAAP)Open protocol spec
IntegrationsMCP, ChatGPT, REST API
Code AnalyzerCheck your code risk
New
Use CasesFinTech, Healthcare, SaaS, Legal
SOC 2 Audit TrailsAI Agent Compliance
Stop AI SQL InjectionDatabase Governance
Compare ToolsExogram vs 18 alternatives
vs Guardrails AIAction Filtering vs Execution
vs LangChainOrchestration vs Control
Trust CenterCompliance & Security
API ReferenceREST API endpoints
CLI ReferenceTerminal commands
New
MCP SetupClaude Desktop integration
Docs HubAll documentation
Glossary52 AI governance terms
52
Learning HubGuides & deep-dives
BlogLatest posts & insights
Failure CasesReal AI agent failures
RFC-0001Full protocol spec
PricingGetting Started
Log inGet Started Free →
Enterprise AI Architecture

Preventing AI Agent Double-Spends

How Exogram uses Cryptographic Execution Idempotency to mathematically guarantee agents never execute the same payload twice during network retries.

01. The Architectural Threat

  • AI agents interact with production systems over unreliable networks. Network timeouts happen.
  • When a timeout occurs, agents often retry the exact same execution token, assuming the first attempt failed.
  • If the downstream API is not perfectly idempotent, the agent might charge a credit card twice, send duplicate emails, or provision duplicate resources.
  • Relying on LLMs to self-correct during a retry loop is completely probabilistic and actively dangerous.

02. The Exogram Resolution

  • Exogram implements a hard, infrastructure-level idempotency lock on every execution path.
  • Every tool call payload is hashed and bound to a unique evaluation token.
  • The database strictly tracks `EVALUATED` versus `EXECUTED` state.
  • If an agent retries an execution that is already sealed, Exogram instantly returns an HTTP 409 Conflict, mathematically halting the double-spend before it reaches the external API.

Technical Implementation Blueprint

// The Exogram execution lock process:

1. Agent proposes an action.
2. Exogram evaluates it, generating an evaluation_id and an idempotency_key.
3. Exogram locks the transaction in Supabase as EVALUATED.
4. If the agent retries the same idempotency_key, Exogram hits the DB unique constraint and halts.
5. Once the action executes downstream, the commit endpoint flips the status to EXECUTED.
6. The state is cryptographically sealed. Replay attacks are neutralized.

Frequently Asked Questions

Why not just make the downstream API idempotent?

You should. But 90% of legacy APIs are not idempotent. Exogram provides an idempotency boundary so you don't have to rewrite your entire backend.

Can the agent bypass the idempotency key?

No. The idempotency key is deterministically generated by Exogram based on the payload hash and session context. The LLM does not generate it.

Explore Other Blueprints

Solving LLM Hallucinations in Production

How Exogram uses Layer 2 Semantic Conflict Resolution to cross-examine and block hallucinated actions against established graph constraints.

Eliminating Phantom Knowledge Graph Edges

How Exogram synchronizes Graph Node tombstones with Supabase ledger events to prevent agents from retrieving deprecated facts.

Fixing Microsoft AutoGen Infinite Loops

How to use Exogram Circular Graph Prevention to mathematically stop AutoGen multi-agent architectures from entering recursive death spirals.

LangChain AgentExecutor Timeout Protection

How to safeguard LangChain `AgentExecutor` deployments against timeout-induced double-spends using Exogram Execution Idempotency.

Test This in the Proving GroundIntegrate Exogram in 2 Minutes