The securitylayer/* protection */for AI agents inregulated_environments[v0.1]
AI agents are being granted privileged, non-human identities inside systems that move money, dose patients, and operate plants. We produce signed, hash-chained, tamper-evident records of every action they take. So your control owners can prove what executed, who authorized it, and against which policy.
> capture: agent.action.exec target : scada://plant-04/valve-17 actor : agent://ops-copilot-v3 on-behalf : human:s.dir@operator.eu controls : NIST 800-53 AC-2, IEC 62443 signed : ed25519:e7..a1 anchored : merkle #21,409,773 verdict : EVIDENCE_SEALED ✓ > guardrail: prompt_injection :: BLOCKED > handed to SOC in 0.42s
Autonomous agents now hold privileged write-access
to systems with consequence.
Healthcare & pharma
Agents accessing PHI, drafting prescriptions, triaging clinical decisions. HIPAA, MHRA, GDPR Art. 9.
Energy & utilities
Agents interacting with SCADA, OT telemetry, plant control loops. IEC 62443, NIS2, NERC CIP.
Defense & public sector
Agents inside classified workflows, procurement, intel triage. FedRAMP High, ITAR, NATO-aligned controls.
Finance & market infra
Agents executing trades, opening accounts, moving capital. SOX, DORA, MiFID II oversight.
Capture → seal → audit-ready evidence.
Capture
Drop-in SDK and sidecar collectors instrument every agent invocation, tool call, prompt, retrieval, and human handoff at the protocol boundary.
Seal
Each action becomes a structured evidence record. Ed25519-signed, hash-chained, anchored. The record is tamper-evident — vendor included.
Attest
One click maps to NIST 800-53, ISO 27001, NIS2, DORA, HIPAA, IEC 62443. Replay any agent decision in under a second. PDF for auditors, JSON for the SOC, CSV for the board.
Defensible by construction
- Hash-chained, write-once evidence store
- Per-actor and per-action cryptographic signatures
- Prompt, context, tool-call, and output captured at the protocol boundary
- Prompt-injection and jailbreak attempts flagged inline in the record
- Sub-second replay of any agent decision
- Self-hosted, air-gapped, or sovereign EU deployment options
{
"id": "evd_01J9X7QK...",
"agent": "triage-copilot-v2",
"on_behalf": "human:nurse@hospital.io",
"action": "draft_prescription",
"subject": "patient://0x441f",
"input": { "prompt_hash": "ab12...", ... },
"tools": [ "lookup_drug", "check_allergy" ],
"output": { "drug": "amox", "dose": 500 },
"controls": [ "HIPAA", "ISO-27001", "MHRA" ],
"guardrails": [ "prompt_injection: none" ],
"signed_by": "ed25519:e7..a1",
"anchored": "0x21409773"
}Why now.
Regulators have moved.
NIS2 is enforced. DORA is live. The EU AI Act applies to high-risk systems. NIST AI RMF is the US public-sector reference. Every CISO in critical infrastructure now carries agentic-AI risk on their register — and no existing tool produces the evidence those frameworks will demand.
SIEM and LLM traces are not evidence.
Observability gives you spans. SIEM gives you alerts. Neither produces a signed, immutable, non-repudiable record of which non-human actor performed which action on whose authority, against which control. That is the gap we close — and the only thing we build.
Get evidence under your agent population before the next audit cycle.
Design partners
CISOs, Heads of Security Architecture, and Heads of AI Risk in regulated environments piloting agents in production.
Non-dilutive support
Grants, accelerators, and advisors with delivery history in critical-infrastructure security.
Infrastructure credits
AWS, GCP, Azure. EU-sovereign and air-gap-capable workloads preferred.