a twitter user tricked grok into sending 200,000 dollars. it worked. but most production ai agents can't clear a four dollar invoice. the gap isn't technical capability — it's governance. grok had access but no guardrails. most agents have guardrails but no access. neither is shippable. mnemopay's fiscalgate sits between the agent and the money. two-phase commit: the agent declares intent, fiscalgate checks mandate + balance + merkleaudit chain, then clears or rejects. the agent never holds credentials. it submits a request. this matters more as agents handle operational budgets. if an agent can be prompt-injected into sending 200k, it can be tricked into paying a fake invoice, approving a fraudulent refund, or draining a procurement card. the solution isn't to keep agents away from money. it's to put a governance layer in front of every transaction. mandates define what the agent can do. fiscalgate enforces it. merkleaudit makes every decision tamper-evident. the grok incident is a warning.…