Run powerful AI agents.
Contained and auditable.

Each agent runs inside an isolated enclosure with scoped permissions, network policies, and automatic kill-switches. Ship capable agents without betting the company on them.

See how the enclosure works How it works
ENCLOSURE PERIMETER NETWORK POLICY Allowlist only Egress blocked by default SCOPED PERMISSIONS read:db, write:queue No lateral movement AI AGENT sandboxed KILL-SWITCH Loop detection Auto-terminate on breach AUDIT LOG Every action recorded Tamper-evident trail
The problem

The blast radius of a misbehaving agent is enormous

Most teams either lock agents down so much they're useless, or give them real access and hope for the best. Neither works.

Risk: Prompt Injection

Malicious inputs hijack your agent

An attacker embeds instructions in data your agent reads. Without an enclosure, the agent executes those instructions with full privileges.

Risk: Runaway Loop

Infinite loops consume real resources

A buggy tool call or hallucinated plan can spin indefinitely — racking up API costs, writing garbage to databases, sending duplicate emails at scale.

Risk: Lateral Movement

One compromised agent reaches everything

If your billing agent and your admin agent share credentials, a single exploit owns both. Scoped enclosures make this impossible by design.

How it works

Define the perimeter. Ship the agent.

Three steps from agent code to production-safe deployment.

1

Define an enclosure manifest

Declare exactly what your agent is allowed to access — specific API endpoints, database tables, queue names. Everything else is denied by default.

2

Deploy inside the sandbox

Wrap your agent with the Enclosure SDK in minutes. We handle isolation, network enforcement, and permission injection at runtime — no infra changes needed.

3

Monitor, audit, and kill

Every action is logged to a tamper-evident trail. Set thresholds for auto-termination. Review full execution replay from the dashboard or API.

What's inside

Built for security teams, loved by engineers

🔒

Scoped permissions

Declare read/write access per resource. Agents cannot exceed their manifest. Permission escalation attempts are logged and blocked.

🌐

Network policy enforcement

Allowlist-only egress. Agents cannot exfiltrate data or call unrecognized endpoints, even if compromised by a prompt injection attack.

Automatic kill-switches

Set loop detection thresholds, cost budgets, and time limits. Runaway agents are terminated before they do real damage.

📋

Tamper-evident audit log

Every tool call, API request, and decision logged with cryptographic integrity. Replay any session. Export for compliance review.

🏥

HIPAA & SOC 2 ready

Built with regulated industries in mind. Data residency controls, BAA available on Enterprise, SOC 2 Type II report in progress.

🔌

Works with any agent framework

LangChain, AutoGen, CrewAI, custom agents — a thin SDK wrapper is all it takes. No lock-in to our orchestration layer.

Ready to ship agents you can trust?

Join security-conscious teams at fintech, healthtech, and enterprise SaaS already running agents in production.

Request early access
From the blog

AI agent security, explained

Security

Prompt injection attacks on AI agents: what they are and how to stop them

How untrusted data hijacks agent execution — and the architectural controls that prevent it.

Read article →
Architecture

Why agent permissions are the new IAM

Identity and access management was built for humans. AI agents need a new model entirely.

Read article →
Risk

The blast radius problem: how to deploy AI agents without betting your infra

Why every agent deployment needs a defined failure envelope — and how to design one.

Read article →
View all articles