Product preview · Solon has not yet been generally released.
Solon · Control Plane for Agentic Finance

Every spend.
Reviewed.

The layer between AI agents and money. A non-custodial control plane that decides what your agents can spend — before it's signed.

policy.evaluate( tx ) — sales-bot-03
TX#7F3E·2B41
Case № 01 of 4 · Auto-rotating
Four sample transactions, examined in code — See the engine demo ›
01 · The Gap

81% deploying.
14% governed.

Enterprises are racing to put AI agents to work — but most of them go live without the security and IT controls enterprise governance requires.

81%
Past planning
of organizations have moved AI agents past planning into testing or production
14%
Full approval
of organizations have all agents going live with full security/IT approval (14.4%)
88%
Incidents reported
confirmed or suspected an AI-agent security incident in the past year

The bottleneck of the agent economy is not the agents themselves.
It's everything around them — governance, audit, and authority over money.

Gravitee, State of AI Agent Security 2026 · n = 900+ executives & technical practitioners · published February 2026
02 · Five Gates

Five things stand
between agents and production.

None of them are solved by making agents smarter. All of them are solved by making agents behave within an enterprise control framework.

01

Permission granularity is too coarse. Binary control fails for agents

Traditional wallets assume a human manager holds full signing authority. That assumption breaks the moment an agent picks it up. Enterprises don't need "full control or none" — they need a finely tunable middle ground.

"Sales-bot may spend up to 1,000 USDC per day.
Single transactions over 100 USDC require human approval.
Whitelisted recipients only."
02

Audit trail is missing. Why this transaction happened — unknown

Who triggered it? Under which prompt? Which model version? What was the reasoning chain? The chain leaves only an immutable hash. The reasoning lived in the model's temporary context — and vanished the moment the transaction settled.

SOC 2 / ISO 27001 / SOX auditors can audit transactions —
but they cannot audit why they happened.
03

Multi-agent fund isolation. Each agent needs its own boundary

A company might run sales, procurement, support, and ops agents in parallel. Each one needs its own budget pool, its own permission boundary, its own kill switch — so that when one goes wrong, only one stops.

Industry projections suggest large enterprises
may run multiple agents in parallel over the coming years.
Without isolation, that becomes a single point of failure.
04

Error recovery is unbuilt. Hallucinations move money in seconds

When agents hallucinate or get prompt-injected, funds can be sent to the wrong address in seconds. On-chain transactions are irreversible — recovery after the fact is almost impossible. Enterprises need engineered prevention, not after-the-fact pursuit.

Enterprises need delayed execution pools + revocation windows + circuit breakers.
Today, these are missing from every wallet and payment product.
05

Disconnect from ERP & accounting. Last mile to finance is patched manually

Even a legitimate, compliant, fully-approved transaction still needs to reach SAP, Oracle, NetSuite, Xero, QuickBooks; conform to GAAP / IFRS; and be filed under AML and cross-border reporting requirements. Today, that last mile is patched by enterprises themselves.

Enterprises don't just want agents to spend safely —
they want spent money to "look like it came from finance".
Next: how Solon solves all five