Enterprise

Say yes to agents in production

The governance layer CISOs, Heads of AI, and audit teams need before agents touch customer data, move money, or run unattended. ML safety, continuous red team, staged policy, signed audit — one dashboard.

Talk to sales →View pricing
Fintech
Healthcare
SaaS
DevOps
Legal Tech
Internal Ops
AI Safety

Stop injection, jailbreaks, and tool abuse — with evidence

ML detection and continuous red teaming that hold up in production. The controls a CISO needs to say yes to agents, and the proof a Head of AI needs to keep them on.

Layered defence against prompt injection & jailbreaks

Three independent detection layers. Attackers need to defeat all of them — and your SOC sees which one fired. Tuned for production false-positive rates.

  • Zero-dep regex baseline across 7 attack categories
  • Fine-tuned DeBERTa ensemble
  • Semantic LLM judge on ambiguous calls
  • Per-tenant LoRA adapters for your attack patterns
98.1%
Precision
0.7%
False-positive
~50ms
Latency

Continuous red team, not a one-off pentest

Every agent is probed on a schedule against known attack classes and novel adversarial prompts. Regressions show up on a dashboard, not in a PDF six months later.

  • Static probe suites (injection, tool abuse, level escape)
  • Adaptive LLM-driven adversarial probes
  • LLM policy audit without firing live probes
  • Fleet-wide trend analysis per agent
Prompt injectionTool abuseLevel escapeData exfilRole manipulationEncoding attacks
Policy Engine

Controls your risk team writes, tests, and proves

Staged enforcement, versioned snapshots, dry-run simulation, state-aware oracles, and a real kill switch. A policy system built for audit and change management.

Controls at every stage of the call

Three-stage enforcement — preprocess, process, postprocess — means you inspect inputs, gate tool calls, and scrub outputs independently. Nothing slips through because the control was on the wrong side of the model.

  • Block tools, require approval, rate-limit, token-budget
  • Time-window, agent-level, tool-sequence, composable logic
  • State-aware conditions backed by pre-synced oracles
  • Works for any framework via the SDK or REST
preprocessprocesspostprocess13 condition types

Your risk team writes policy, not engineering

Business-hours windows, customer-tier gates, MNPI exclusions — compliance and security write reusable rules in the dashboard. AI-suggested starter policies read each agent's tools and framework so you're not staring at a blank YAML file.

  • Custom condition evaluator with Monaco editor
  • Agent-aware policy suggestions
  • Reusable rules shared across agents
  • Industry templates: fintech, healthcare, SaaS, DevOps

Change management a regulator recognises

Every change versioned. Snapshot your config for audit, diff revisions side-by-side, roll back in one click. Dry-run simulator replays 10k historical events against a draft policy so you see blast radius before anyone is affected.

  • Policy snapshots with signed evidence
  • Side-by-side revision diff
  • One-click rollback
  • Dry-run replay against historical traffic
Events replayed10,000
New blocks47
False positives2

Fails the way your runbook says

Circuit breakers with retry-after signalling. A priority-999 kill switch halts any agent, any tool, any org instantly — from the dashboard, an API, or an automated anomaly response. You choose fail-open or fail-closed per policy.

  • Distributed kill switch (Redis-backed)
  • Per-policy fail-open / fail-closed
  • Circuit breaker with retry-after
  • Rate budgets enforced across workers
Fleet Operations

Run hundreds of agents without losing control

Registry, scoring, anomaly detection, approval queues, budgets, and a distributed kill switch — the operational surface for production AI.

Know every agent, score every agent

Agents self-register on first call. A composite governance score across auth, guardrails, observability, and audit gives each one a governance level (L1–L4) that gates what it can do — and shows you which are weakest, by name.

  • Auto-discovery on first enforce call
  • Composite score across 7 dimensions
  • L1–L4 governance levels gate behaviour
  • Relationship graph maps blast radius
47
Fleet size
78
Avg score
8
L4 agents

Catch drift before it becomes an incident

Statistical anomaly detection flags unusual agent behaviour, score regressions, and fleet-wide drift after deploys. High-impact actions route to a human approval queue; anomalies surface as incidents with full context.

  • Anomaly detector with fleet-wide baselines
  • Score history + regression reports on deploy
  • Human-in-the-loop approval queue
  • Incident manager linked to the violating call

Budgets and guardrails that actually hold

Per-org and per-agent call, token, and cost budgets enforced across workers via Upstash. Burn-down shows in real time. Distributed kill switch trips from anywhere when you need the fleet quiet — now.

  • Distributed rate budgets (calls, tokens, cost)
  • Real-time burn-down dashboards
  • Priority-999 kill switch
  • Automated response on anomaly
API calls62%
Token budget84%
Cost budget41%
MCP Governance

Your agent's supply chain, under control

Model Context Protocol expands what agents can do — and your attack surface. Lua inventories every server, probes for drift, and gates assignment agent-by-agent.

Trust, inventory, and gate every MCP server

Every MCP server your agents touch is tracked with a trust level. Untrusted servers can't be called without explicit allow. Least-privilege assignment at the enforcement pipeline — not just the network.

  • Server registry with trust levels (verified → blocked)
  • Agent-to-server assignment matrix
  • Least-privilege by default
  • Trust overrides require audit trail
verifiedtrustedknownuntrustedblocked

Detect supply-chain changes before agents hit them

Scheduled probes and on-demand scans watch for tool-schema drift, auth changes, and capability additions. Catch a silent supplier change before your agents do something you didn't authorise.

  • Health + capability probes, scheduled or on-demand
  • Tool-schema diff alerts
  • Chain audit replays MCP call graphs through policy
  • Probe history correlated with agent behaviour
Observability

See everything. Signed. Streamable. Auditor-ready.

HMAC-chained audit, real-time event stream, Prometheus metrics, Honeycomb ingest, distributed tracing, and live dashboards. Built in, not bolted on.

Tamper-evident audit trail, built in

Every enforcement decision, policy change, and approval is logged with a chained HMAC signature. Break the chain, break the signature. Exportable for auditors, streamable to your SIEM, retained as long as you need.

  • HMAC-chained audit records — tamper-evident
  • CSV export + long-term retention options
  • Honeycomb integration for BubbleUp analysis
  • Distributed request tracing end-to-end
Audit entriesSigned ✓
Chain intactVerified
RetentionConfigurable

Real-time visibility across the fleet

Live activity feed, 7-day trend charts, block-rate heatmaps, top-blocked tools, score distribution. SSE event stream pushes to the dashboard, your SIEM, or downstream services — no polling, no lag.

  • Live enforcement stream (SSE, org-scoped)
  • Fleet heatmaps, trends, and burn-down
  • Prometheus metrics at /metrics for Grafana
  • Temporal workflow visibility for long-running jobs
Identity & Access

Signed, scoped, least privilege

Multi-tenant isolation, Ed25519 agent certificates, scoped JWTs, RBAC, and Clerk-backed SSO. Every call attributable, every tenant walled off.

Multi-tenant isolation, no cross-bleed

Each customer, team, or environment gets a fully isolated governance namespace. Policies, audit logs, and agent registries never leak across tenants. Right-sized for regulated industries and multi-BU enterprises.

  • Per-tenant namespaces for policy + audit
  • Org-scoped API keys (constant-time verification)
  • Webhook signatures scoped per org
  • Self-host option for data-residency requirements

Cryptographic agent identity

Every agent gets an Ed25519 certificate. Every enforcement call is cryptographically attributable. Short-lived JWTs scope access to downstream services like Honeycomb so a compromised agent can't walk off with the keys.

  • Ed25519 certificates per agent, rotatable
  • Short-lived RS256 JWTs, audience-scoped
  • Revocation without downtime
  • Attributable audit for every call

RBAC your auditor will recognise

Admin, operator, and viewer roles with granular permissions. Admins set policy. Operators manage agents. Viewers get read-only audit access. SSO and verified domains via Clerk B2B — SAML-capable.

  • Granular admin / operator / viewer roles
  • SSO via Clerk (SAML, OIDC)
  • Verified domains + org management
  • Permissions enforced on every API call
Integrations

Works with your stack, not against it

Honeycomb, Temporal, Prometheus, Grafana, GitHub, Slack-ready webhooks — plus twelve agent-framework adapters and a zero-dep OSS SDK under MIT.

Plugs into the stack you already run

Stream audit into Honeycomb. Fire webhooks into your SIEM and ticketing. Export Prometheus metrics into Grafana. Run long-running approval workflows on Temporal. No rip-and-replace.

  • Honeycomb — audit ingest + BubbleUp
  • Temporal — durable workflows + approvals
  • Prometheus + OpenAPI/Swagger out of the box
  • Signed webhooks, per-secret, with retries

Every major agent framework, governed

Twelve first-party adapters. Pre-scan, post-scan, streaming, and tool-call governance for each. Write your policy once, apply it across frameworks — including the one your next team picks.

MastraVercel AILangChainOpenAI AgentsAnthropicGenkitLlamaIndexMistralOllamaMCPBedrock

Open-source SDK, commercial-grade cloud

Start with the MIT-licensed governance-sdk — 1,358 tests, zero runtime dependencies, runs anywhere. Upgrade to Cloud when you need fleet-scale, compliance dashboards, and SLA-backed support.

  • OSS SDK under MIT — no lock-in
  • Same policy engine OSS and Cloud
  • Self-host option for regulated data
  • Stripe-backed per-seat billing, 14-day trial
Compliance

Continuous assessment, auditor-ready evidence

Not a checklist — a live posture. Each framework maps to governance primitives in your fleet, scored continuously, snapshotted on demand.

One dashboard, every framework that matters

EU AI Act, NIST AI RMF, OWASP Agentic Top 10, ISO 42001 — continuously scored against your live fleet. Critical-gap highlighting, evidence-backed posture, and deadline countdowns to the articles that actually have teeth.

  • Live posture scoring, not a one-off questionnaire
  • EU AI Act Article 50 deadline tracker (2026-08-02)
  • OWASP Agentic Top 10 (2026 edition)
  • Evidence tied to the agent and the enforcement event

Auditor hand-off in minutes, not weeks

Point-in-time snapshots freeze your posture for regulators and auditors — signed, retrievable, and tied to the configuration that produced them. Industry policy templates give you a defensible starting point out of the box.

  • Signed compliance snapshots for audit
  • Per-agent or fleet-wide scope
  • Industry templates: fintech, healthcare, SaaS, DevOps
  • Framework mappings kept current

Frameworks covered

EU AI ActArticles 9, 11, 12, 14, 15, 50 — self-assessment mapping, not a regulatory determination6/6 mapped
OWASP AgenticTop 10 security risks for autonomous agent deployments (2026 edition)10/10 mapped
NIST AI RMFGovern / Map / Measure / Manage functions mapped to governance primitivesFramework aligned
ISO 42001AI management system clauses mapped; certification-ready evidence captureClauses mapped
SOC 2 Common CriteriaPolicy templates aligned with CC6 logical access, CC7 change management, CC8 audit loggingTemplates available
HIPAA (Security Rule)Policy templates for minimum-necessary, audit controls, integrity. BAA not offered — self-host if requiredTemplates available
ISO 27001A.12 Operations, A.16 Incidents, A.18 Compliance — template mappingTemplates available

Ready for fleet-scale governance?

Enterprise is custom-priced based on agent count, deployment model, and support requirements. See pricing for Open Source and Pro tiers.

Talk to sales →Compare all tiers