How do I prevent AI agent double-spend in financial systems?

AI agent double-spend occurs when an agent executes the same financial transaction twice — typically due to network retries, race conditions, or replay attacks — and standard retry logic in agent frameworks has no idempotency guarantees.

Double-spend happens through three attack vectors:

• Network retry: Agent sends a payment, gets a timeout, retries — payment executes twice
• Concurrent agents: Two agents process the same invoice simultaneously, both approve payment
• Replay attack: An attacker captures a valid execution token and replays it to re-execute the transaction

Exogram's Execution Idempotency invariant prevents all three:

1. Every approved action receives a unique execution token (JWT with one-time-use claim)
2. The token is bound to a specific SHA-256 state hash — if state changes between evaluate and commit, the token is invalidated
3. Tokens are consumed on first use — replay attempts return 409 Conflict
4. The Trust Ledger records every attempt, including rejected replays, for forensic analysis

Result: even if the network retries, even if two agents race, even if an attacker replays — the transaction commits exactly once.