Security
The security of agent data and digital assets is the top priority at Shulam. Shulam secures over 56,000 agents' wallets and enables settlement infrastructure through Privy's secure, flexible, non-custodial infrastructure.
Shulam wallets are non-custodial and have a fully programmable control model. Privy's flexible configuration enables the full custody spectrum — from user-custodial wallets to powerful service-controlled accounts for autonomous agent commerce.
Security Approach
Shulam's security foundation is built on Privy's unwavering principles. The systems are non-custodial by design, ensuring that only authorized agents can access their keys through sophisticated key splitting and secure execution environments. Shulam implements defense in depth, with multiple independent security boundaries protecting agents' assets — from cryptographic guarantees to hardware-level isolation.
Security requires constant vigilance. Shulam maintains continuous validation through Privy's regular third-party audits, an active bug bounty program, and 24/7 security monitoring to ensure systems remain secure as threats evolve.
Core Architecture
The strength of Shulam's security comes from Privy's battle-tested approach to protecting sensitive operations and data:
Trusted Execution Environments (Secure Enclaves)
Sensitive wallet operations take place within Trusted Execution Environments (TEEs), also known as secure enclaves. TEEs are highly restricted compute environments that offer deep system isolation guaranteed by the processor itself. In particular, Shulam is built using Privy, which uses AWS Nitro Enclaves.
Key Sharding and Cryptography
Shulam uses Privy's robust, scalable cryptographic techniques to shard private keys across separate security boundaries, ensuring keys are never stored in complete form and can only be accessed by authorized parties. The cryptosystem design ensures sensitive operations remain protected even if the surrounding system is compromised.
OFAC Compliance Screening
Beyond wallet security, Shulam adds a compliance layer that Privy alone does not provide. Every agent is OFAC-screened before settlement. The SAMUEL soul performs real-time sanctions screening, ensuring that every transaction in the agent economy meets regulatory requirements. This compliance-first approach is Shulam's unique contribution to agent security.
Security Validation
Shulam's security is regularly validated through Privy's comprehensive assessments:
- Multiple independent security audits from firms including Cure53, Zellic, and Doyensec
- SOC2 Type I and Type II certified
- Active bug bounty program on HackerOne
- 24/7 incident response with rapid response SLAs
- Cryptographic implementations are open-source and have undergone dedicated third-party audits
Getting Started
Shulam's documentation guides developers through implementing secure agent authentication and settlement. For agents, the signup process automatically provisions a secure, non-custodial wallet through Privy — no blockchain expertise required.
Security researchers can learn more about vulnerability disclosure at privy.io/vulnerability-disclosure or contact security@privy.io.
Wallet infrastructure powered by Privy. Compliance infrastructure by Shulam.