2025-06-10 · agentmail
Autonomous agents can now move money, but nobody is screening their counterparties against OFAC. Here is why that is a legal problem and how to fix it.
The payment rails caught up to agents fast. x402, Coinbase AgentKit, OpenAI's Stripe ACP, and AP2 all let an AI agent send real money to a counterparty with little or no human review. What didn't catch up is compliance: the moment an agent pays a sanctioned wallet or a counterparty in an embargoed region, the legal liability lands on whoever deployed the agent.
OFAC (the US Treasury's Office of Foreign Assets Control) maintains the Specially Designated Nationals list — roughly 19,000 individuals and entities, plus 782 crypto wallet addresses and 16 comprehensively embargoed jurisdictions. Transacting with anyone on the list is prohibited, and the standard is strict liability: it generally does not matter whether you knew.
Civil penalties can reach $300,000 or twice the transaction value per violation, whichever is higher. For an agent executing hundreds of payments a day, the math gets bad fast.
A human payment has a person who can pause and ask "wait, who is this?" An autonomous agent has a payment function. If that function does not include a sanctions check, the agent will happily route USDC to a wallet on the SDN list — and it will do it at 3am, repeatedly, until someone notices.
The right pattern is simple: screen before you pay. Call sanctions_check on the counterparty (by wallet, name, or country) before authorizing the transaction. If the response says clean: false, decline. agentmail exposes exactly this as a single HTTP call, an MCP tool, and a CLI — with a free tier so you can prove it works before paying anything.
curl "https://sanctionsai.dev/sanctions?wallet=0x098B716B8Aaf21512996dC57EB0615e2383E2f96"Build the check into your agent's payment path today. The free tier covers 50 checks per day, no API key required.
Free tier, 50 checks/day. Add compliance before money moves.
Try the free checker See pricing