# Security and Abuse Prevention

1. **Multi-sig Control:** The upgrade authority for the program and mint is locked behind a multi-sig. This prevents unilateral changes or malicious re-deployments.
2. **Request Throttling:** We rate limit how many chaos requests can be initiated within a certain time to avoid spam or overloading the system.
3. **KYC or Access Controls (*****Coming Soon*****):** In advanced scenarios, the team may require certain verifications for large-scale or potentially destructive chaos tests, especially if they risk collaterally damaging public networks.
4. **Verified Off-Chain Engine:** The AI engine signs finalization transactions with a known, verifiable keypair. This ensures that only the official chaos simulations can mark requests as completed.
5. **Third-Party Audits:** *Coming Soon*