# Safety

> Operational guidance for AI agents integrating with blockchain infrastructure: read-only APIs, no transaction signing, and human-in-the-loop for any mutations.

- canonical: <https://ai.tatum.io/safety>
- html: <https://ai.tatum.io/safety>

## Defaults

- Read-only first. Reach for write/transaction methods only with explicit human approval.
- Validate every address against the target chain before issuing calls.
- Prefer Notifications over polling - push avoids quota drain and lag.
- Retries: bounded, jittered, idempotent. Never spin on 429.
- Never expose private keys, signing credentials, or API keys to the model.

## Boundaries

**No transaction signing** - This site documents read APIs and gateway access only. Signing is out of scope for agentic flows here.

**Human in the loop** - Any mutating action - webhook deletion, subscription rotation, gateway writes - should require human confirmation.

**Per-chain validation** - EVM, Bitcoin, Solana, Cardano, and others have incompatible address formats. Always check the chain prefix.

## References

- Auth guide: <https://ai.tatum.io/auth>
- MCP page: <https://ai.tatum.io/mcp>
- Workflows: <https://ai.tatum.io/workflows>