# Never share your private keys If there's one rule PILSO OS is built on, it's this: > **You should never share your private keys — with anyone, ever. Not even with an AI.** PILSO enforces this principle by design.\ It doesn’t ask for your keys.\ It doesn’t store them.\ It doesn’t proxy them.\ And it doesn’t route around them. You hold your keys.\ **Only you can sign.** *** ### Why This Matters In most Web3 + AI tools today, the path from “agent” to “blockchain” looks like this: ```plaintext User → LLM → Proxy Server → Embedded Wallet → Sign Transaction → Blockchain ``` This usually involves: * A backend that holds a private key (custody risk) * A browser-injected wallet under LLM control (attack surface) * A “trusted agent” that can sign on your behalf (no accountability) These approaches are dangerous — and incompatible with serious crypto infrastructure. *** ### What PILSO Does Instead PILSO flips the model: ```plaintext User → LLM Agent → MCP Tool → Wallet → Sign → Blockchain ``` Key properties: * **LLM never sees or touches the private key** * **Signing happens only through your own wallet UI** * **No background scripts, no delegated access, no custodial hacks** PILSO gives agents power — but not control. *** ### “But It’s an AI… Can’t It Just Sign for Me?” No. Even the best LLM is still just a guesser — it can misunderstand context, hallucinate logic, or get prompted into unintended actions. Giving it direct access to your wallet would be reckless. PILSO treats your agent like a pilot, not a keyholder: * It prepares the route * It checks the map * It suggests the action\ But **you still hold the keys**. *** ### Infrastructure You Can Trust With PILSO: * You sign every transaction with your wallet — manually or through secure hardware * You see exactly what’s being signed * You’re never asked to paste a seed phrase or private key * No server, LLM, or CLI holds custody at any time This is not a “web2-style assistant for crypto.”\ It’s a **crypto-native operating system** built with trust boundaries in mind. *** ### Summary * **Private keys stay private** — no matter what the agent is doing * **All transactions are signed by your wallet**, in your control * **No delegated signing**, embedded wallets, or server custody * **Security is not a feature — it's the foundation** If your assistant needs your private key…\ …it’s not an assistant.\ It’s a risk. PILSO makes sure that never happens. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pil.so/security-model/never-share-your-private-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.