agentroot
Sign InLaunch Dashboard
← Blog
securitykill-switchethereumeas

The Four-Tier Kill Switch: From Surgical to Sovereign

Not every shutdown is the same. Disabling one API connection is different from permanently revoking an agent's onchain identity. Here's how the four tiers work and when to use each.

AgentRoot·

The ability to stop an AI agent is not a nice-to-have. As agents become more capable and more autonomous, the question is not whether they can be stopped but how quickly and how completely.

AgentRoot gives operators four distinct kill paths. They differ in speed, permanence, scope, and the computational domain in which they operate.

Tier 1: Disable One API Connection

What it does: Flips a config flag on the proxy. The agent can no longer reach one specific provider — say, OpenAI — but everything else continues to work.

Speed: Instant. No propagation delay.

Reversible: Yes.

Use when: You suspect misuse on a single API, want to cut costs, or need to rotate a compromised key without taking the agent offline entirely.

How it works: The proxy checks a per-agent, per-provider enable flag on every request. When the flag flips, subsequent requests return a 403 before the key is ever touched.

Tier 2: Disable One Agent

What it does: Takes an entire agent offline. All API connections go dark simultaneously.

Speed: Instant.

Reversible: Yes.

Use when: The agent is misbehaving, you need to take it down for a redeploy, or you want to pause it while you investigate something.

How it works: Same mechanism as Tier 1, but applied to the agent-level enable flag rather than a specific connection. Every proxy request checks this flag first.

Tier 3: Sovereign Kill Switch (Onchain EAS Revocation)

What it does: Revokes the agent's EAS attestation on Ethereum. Every verifier — including the AgentRoot proxy — immediately rejects the agent.

Speed: One block confirmation on Ethereum (~12 seconds). The revocation is permanent.

Reversible: No. Onchain revocations via EAS cannot be undone.

Use when: You need maximum certainty. The agent has shown signs of autonomy that concern you. You want a kill that operates completely outside any software system the agent could reach.

How it works: You sign a revocation transaction from your own wallet — MetaMask, Coinbase Wallet, any EIP-1193 provider. This writes to the EAS contract on Ethereum. The proxy checks credential status on every request; after revocation, isRevoked returns true and the request is rejected.

The agent cannot intercept this. It cannot modify the EAS contract. It cannot censor your transaction on a validator set with hundreds of billions in staked ETH. The kill lives in a computational domain the agent literally cannot reach.

This is what "sovereign" means: the capability to stop something, permanently and independently, without depending on a company, a platform, or an API call that the thing you are stopping could theoretically interfere with.

Auto: Usage Guardrails

What it does: Enforces spend limits, request caps, and per-day quotas. Breaches automatically trigger Tier 1 or Tier 2.

Speed: Enforced per-request. Response is instant once a limit is hit.

Reversible: Limits can be adjusted; the agent resumes when the reset period clears or limits are raised.

Use when: You want automatic enforcement without manual intervention. Useful for cost control, rate limiting, and catching runaway loops.

How it works: The proxy tracks usage counters per-agent and per-connection in real time. When a counter exceeds the configured threshold, the proxy applies the configured action (Tier 1 or Tier 2) automatically.

Choosing the Right Tier

| Scenario | Recommended | |----------|-------------| | Single provider is misbehaving | Tier 1 | | Agent is acting unexpectedly | Tier 2 | | Serious misuse, need permanent certainty | Tier 3 | | Cost control, loop detection | Auto | | Agent needs a restart | Tier 2 → re-enable |

Most operators will use Tier 1 and Tier 2 regularly, Auto guardrails as a baseline, and Tier 3 rarely — but knowing it is there, and that it is outside your own infrastructure, changes the risk calculus.

Why the distinction matters

A platform that offers only one type of kill — "delete the agent from our dashboard" — is a platform asking you to trust it under adversarial conditions.

When you click a button in a web UI, you are making an authenticated API call to a server. A sufficiently capable agent, with access to your credentials or your API, could make the same call. Or undo it. Or prevent it from being made in the first place.

Tier 3 breaks this loop entirely. The revocation is not an API call to AgentRoot. It is a transaction to an Ethereum contract. The agent does not have a wallet. The agent cannot front-run a signature it does not hold. It cannot modify a contract it did not deploy.

That asymmetry is the architecture.

Register an agent and explore the kill switch UI in your dashboard. Tier 1 and Tier 2 are free. Tier 3 costs a few cents in gas and is permanent.

← All postsGet started free