My AI Agent Made a Bad Trade — What to Do Now

If you’re reading this mid-incident: it’s recoverable, and the money your agent can touch is capped at what you funded. Work the steps in order — stop first, think second.

1. Stop it

Say "STOP" to the agent. If it’s not responding the way you expect, go straight to the hard stop: disconnect the Robinhood Trading MCP in your agent’s settings. That cuts its access entirely and needs no cooperation from the agent. (Kill switch.)

2. Assess

Open Robinhood and look at the facts, not the agent’s account of them:

• What did it actually buy or sell, how much, and when?
• What’s the current position and unrealized P&L?
• Is the damage done (a bad fill) or ongoing (it’s still in a position you don’t want)?

3. Contain

You’re back in manual control now. Decide, as yourself, what to do with the open positions — hold, trim, or close. Don’t hand this back to the agent until you understand what happened. The account is isolated, so the worst case is bounded by your deposit; act deliberately, not in a panic.

4. Diagnose — which of these was it?

• Bad instruction. A vague or over-broad prompt did exactly what you said, not what you meant. → tighten the instruction and the approval gate.
• Regime change. The strategy met conditions it handles badly (a trend, a crash). → revisit the strategy’s bounds.
• Runaway behavior. It over-traded or looped. → lower the daily cap and tighten the circuit breaker.
• Manipulated input. It acted on news, a signal, or tool output that shouldn’t have driven a trade. → that’s an attack; harden the advisory-only and injection rules.

5. Fix before you reconnect

Translate the diagnosis into a guardrail change — regenerate a tighter config in the Safety Kit, update the agent, and only then reconnect. An incident you turn into a tightened rule is cheap tuition.

The reframe

A bad trade inside a funded, capped, isolated account is a contained event, not a catastrophe — which is exactly why you set it up that way. Walk the steps, fix the rule, move on.

Calm, correct incident response is a trained reflex — in security and in this. Build and measure it at secprove.com.