Skip to content
AI agent governance · cross-vendor, at the endpoint

See every AI agent. Govern every call.

Your engineers are rolling out Claude Code, Cursor, and Codex faster than security can see them. Alyria makes every agent, tool, and MCP connection visible across the fleet in 30 minutes, and governs every call with a tamper-evident audit trail.

Free. Read-only deploy. 30 minutes to first report. No kernel driver. The assessment intercepts nothing.

30 min

Read-only deploy to a board-ready Agent Exposure Report.

Every call

On the record: tamper-evident MCP audit. Monitor first, enforce when you’re ready.

alyria · fleet
Monitor mode
312
Agents discovered
47
MCP servers
9
Unsanctioned
23
Policy violations · 7d
lyra/policy.rego
deny[msg] {
  server := input.mcp.server
  not server.pinned
  msg := "unpinned MCP server"
}
beacon-eu-14 flagged unapproved MCP server on dev-laptop-112
MCP

Built on open standards, no vendor lock-in

  • OAuth 2.1
  • OpenTelemetry
  • MCP
  • OWASP ASI
  • NIST AI RMF
  • ISO/IEC 42001
The first 30 minutes

The Agent Exposure Report: find out what your fleet is actually running.

Deploy Beacon read-only: a signed, user-space agent with no kernel driver and nothing to break. The assessment intercepts nothing. Thirty minutes later you have a board-ready report of your real AI surface.

Every AI agent and CLI

Claude Code, Cursor, Codex, Copilot, and the ones nobody told you about, with versions and update status.

Every MCP server configuration

Including the ones added by hand to an editor on a laptop, invisible to any gateway.

Hygiene and exposure flags

Down-level tools, unpinned or unverified MCP servers, plaintext credentials in agent configs, agents running outside sanctioned accounts.

A policy baseline

What your current usage looks like against a sensible default policy: the violations you would have caught this week if governance had been on.

One artifact, two audiences: the engineer-readable inventory your platform team acts on, and the board-ready summary your CISO takes upstairs. It is how every Alyria engagement starts, because you can’t govern what you can’t see.

Get your free Agent Exposure Report

Free. Read-only. Encrypted by default. Remove it with one command.

The three jobs

See it, govern it, keep it under your keys.

Visibility first, policy at your pace, and a trust claim you can verify in your own logs.

SEE

Know what's actually running.

Every AI agent, CLI, version, and MCP server on every endpoint, inventoried continuously.

  • Beacon inventories the AI layer of every endpoint.
  • Which tools, which versions, which MCP servers they're wired to.
  • Continuously, not surveyed once a year.
GOVERN

Policy over every MCP call.

Allow, deny, or watch every tool invocation, with a tamper-evident record of each decision.

  • One policy across Claude Code, Cursor, and Codex, no per-vendor console sprawl.
  • Start in monitor mode, then enforce when the data says you're ready.
  • Every decision lands in a hash-chained, signed audit log.
UNDER YOUR KEYS

Encrypted by default. Nothing to configure.

Fleet data is encrypted under an envelope key we delete on account termination or request, a permanent crypto-shred.

  • Default: an envelope key we hold and delete on request, nothing to set up.
  • Enterprises can bring their own KMS key (BYOK) and revoke it themselves.
  • Stored blobs are opaque to us at rest.
Where Alyria fits

Your stack sees everything except the agent layer.

Your EDR sees the process but not the tool call. Your scanner sees the package but not the MCP config. Your gateway sees routed traffic but not the local agent. Your IdP sees the token but not what the agent invoked with it. Each does its job, and each stops one layer short of where AI agents actually operate.

EDR
Endpoint detection & response
Sees

Processes, binaries, known-bad behavior.

Blind to

That a node process is an MCP server handing your repo to an agent. The tool call has no meaning at the process layer.

With Alyria

Agent-layer semantics beside your EDR: which agent, which tool, which MCP server, allowed or denied. No kernel driver, no sensor conflict.

Vulnerability scanners
Packages, CVEs, patches
Sees

Installed packages, CVEs, missing patches.

Blind to

An MCP server config hand-added to an editor yesterday. It is a JSON file, not a package. There is no CPE for an unpinned MCP server with filesystem scope.

With Alyria

Inventory of the AI-tool and MCP layer with hygiene and advisory flags, the exposure class scanners were never built to model.

AI / network gateways
Routed model traffic
Sees

Model and API traffic that agrees to route through them.

Blind to

Local agents, local models, and agent-to-tool MCP calls that happen on the endpoint and never touch the network path.

With Alyria

Governance at the endpoint, where the call originates, including everything that never dials a gateway. Keep the gateway; close its blind side.

Model-vendor controls
One vendor's admin console
Sees

Usage and policy inside that one vendor's stack.

Blind to

The other vendors your engineers also run, and any cross-vendor policy, inventory, or unified audit trail.

With Alyria

One inventory, one policy language, one audit chain across Claude Code, Cursor, Codex, and whatever ships next quarter.

Identity providers
Authentication & tokens
Sees

Who authenticated, which token was issued.

Blind to

What the agent did with the session: the invocations, the tools, the data touched after the token was granted.

With Alyria

The invocation layer recorded under the identity your IdP established. SSO in, tamper-evident activity record out.

Nothing to rip out. Alyria deploys beside all five, read-only on day one, and fills the one layer none of them were built to see.

How it’s built

Beacons form a Constellation, watched from the Observatory.

Governed by Lyra, with Umbra keeping fleet data under your keys, and Spectra carrying the signal out. Six modules, one signed audit chain.

  1. 01

    Beacon

    A signed, user-space daemon on every machine inventories AI tooling and MCP servers, and evaluates policy where agents run.

  2. 02

    Constellation

    Beacons form a mesh, sharing org memory over MCP, scoped by IdP division and role.

  3. 03

    Lyra

    One policy language governs which tools, models, data, and MCP calls each agent may make.

  4. 04

    Umbra

    Secrets and fleet data are encrypted under your keys, on a roadmap toward keys we never hold.

  5. 05

    Spectra

    OpenTelemetry streams to the cloud or straight into your Elastic/Kibana SIEM.

  6. 06

    Observatory

    You watch the whole fleet from one console: inventory, hygiene, policy decisions, MCP activity.

Standards anchor

OWASP ASI for what attackers do. NIST and ISO for how you govern it.

One signed audit chain covers both: legible to the compliance buyer and stronger for the adversarial one.

See OWASP ASI coverage →
ASI02
Tool misuse
ASI03
Identity & privilege
ASI04
Supply chain
ASI05
Code execution
ASI07
Inter-agent comms
KEYS
Under your keys

Find out what your fleet is running. This week.

A 30-minute read-only deploy. A board-ready report of every agent, tool, and MCP connection. Encrypted by default from day one.

Free. Read-only deploy. No kernel driver. Remove it with one command.