See every AI agent. Govern every call.
Your engineers are rolling out Claude Code, Cursor, and Codex faster than security can see them. Alyria makes every agent, tool, and MCP connection visible across the fleet in 30 minutes, and governs every call with a tamper-evident audit trail.
Free. Read-only deploy. 30 minutes to first report. No kernel driver. The assessment intercepts nothing.
Read-only deploy to a board-ready Agent Exposure Report.
On the record: tamper-evident MCP audit. Monitor first, enforce when you’re ready.
deny[msg] {
server := input.mcp.server
not server.pinned
msg := "unpinned MCP server"
}Built on open standards, no vendor lock-in
- OAuth 2.1
- OpenTelemetry
- MCP
- OWASP ASI
- NIST AI RMF
- ISO/IEC 42001
The Agent Exposure Report: find out what your fleet is actually running.
Deploy Beacon read-only: a signed, user-space agent with no kernel driver and nothing to break. The assessment intercepts nothing. Thirty minutes later you have a board-ready report of your real AI surface.
Every AI agent and CLI
Claude Code, Cursor, Codex, Copilot, and the ones nobody told you about, with versions and update status.
Every MCP server configuration
Including the ones added by hand to an editor on a laptop, invisible to any gateway.
Hygiene and exposure flags
Down-level tools, unpinned or unverified MCP servers, plaintext credentials in agent configs, agents running outside sanctioned accounts.
A policy baseline
What your current usage looks like against a sensible default policy: the violations you would have caught this week if governance had been on.
One artifact, two audiences: the engineer-readable inventory your platform team acts on, and the board-ready summary your CISO takes upstairs. It is how every Alyria engagement starts, because you can’t govern what you can’t see.
Free. Read-only. Encrypted by default. Remove it with one command.
See it, govern it, keep it under your keys.
Visibility first, policy at your pace, and a trust claim you can verify in your own logs.
Know what's actually running.
Every AI agent, CLI, version, and MCP server on every endpoint, inventoried continuously.
- Beacon inventories the AI layer of every endpoint.
- Which tools, which versions, which MCP servers they're wired to.
- Continuously, not surveyed once a year.
Policy over every MCP call.
Allow, deny, or watch every tool invocation, with a tamper-evident record of each decision.
- One policy across Claude Code, Cursor, and Codex, no per-vendor console sprawl.
- Start in monitor mode, then enforce when the data says you're ready.
- Every decision lands in a hash-chained, signed audit log.
Encrypted by default. Nothing to configure.
Fleet data is encrypted under an envelope key we delete on account termination or request, a permanent crypto-shred.
- Default: an envelope key we hold and delete on request, nothing to set up.
- Enterprises can bring their own KMS key (BYOK) and revoke it themselves.
- Stored blobs are opaque to us at rest.
Your stack sees everything except the agent layer.
Your EDR sees the process but not the tool call. Your scanner sees the package but not the MCP config. Your gateway sees routed traffic but not the local agent. Your IdP sees the token but not what the agent invoked with it. Each does its job, and each stops one layer short of where AI agents actually operate.
Processes, binaries, known-bad behavior.
That a node process is an MCP server handing your repo to an agent. The tool call has no meaning at the process layer.
Agent-layer semantics beside your EDR: which agent, which tool, which MCP server, allowed or denied. No kernel driver, no sensor conflict.
Installed packages, CVEs, missing patches.
An MCP server config hand-added to an editor yesterday. It is a JSON file, not a package. There is no CPE for an unpinned MCP server with filesystem scope.
Inventory of the AI-tool and MCP layer with hygiene and advisory flags, the exposure class scanners were never built to model.
Model and API traffic that agrees to route through them.
Local agents, local models, and agent-to-tool MCP calls that happen on the endpoint and never touch the network path.
Governance at the endpoint, where the call originates, including everything that never dials a gateway. Keep the gateway; close its blind side.
Usage and policy inside that one vendor's stack.
The other vendors your engineers also run, and any cross-vendor policy, inventory, or unified audit trail.
One inventory, one policy language, one audit chain across Claude Code, Cursor, Codex, and whatever ships next quarter.
Who authenticated, which token was issued.
What the agent did with the session: the invocations, the tools, the data touched after the token was granted.
The invocation layer recorded under the identity your IdP established. SSO in, tamper-evident activity record out.
Nothing to rip out. Alyria deploys beside all five, read-only on day one, and fills the one layer none of them were built to see.
Beacons form a Constellation, watched from the Observatory.
Governed by Lyra, with Umbra keeping fleet data under your keys, and Spectra carrying the signal out. Six modules, one signed audit chain.
- 01
Beacon
A signed, user-space daemon on every machine inventories AI tooling and MCP servers, and evaluates policy where agents run.
- 02
Constellation
Beacons form a mesh, sharing org memory over MCP, scoped by IdP division and role.
- 03
Lyra
One policy language governs which tools, models, data, and MCP calls each agent may make.
- 04
Umbra
Secrets and fleet data are encrypted under your keys, on a roadmap toward keys we never hold.
- 05
Spectra
OpenTelemetry streams to the cloud or straight into your Elastic/Kibana SIEM.
- 06
Observatory
You watch the whole fleet from one console: inventory, hygiene, policy decisions, MCP activity.
Six modules, one platform.
One platform for the full lifecycle: see every agent, govern its MCP calls, and keep the record under your keys. One policy engine, one signed audit trail.
BeaconNode agent
A signed, user-space agent that inventories and governs where agents run.
ObservatoryCloud console
Alyria Cloud: signup, SSO, and fleet/tenant dashboards.
LyraPolicy-as-code
The capability-brokered, information-flow-aware policy engine.
ConstellationMesh + shared memory
The agent mesh and shared org memory, spoken over MCP.
SpectraTelemetry
Collect local OTel and route it to the cloud or your SIEM.
UmbraAgent secrets
Secrets and fleet data under your keys, moving toward keys we never hold.
OWASP ASI for what attackers do. NIST and ISO for how you govern it.
One signed audit chain covers both: legible to the compliance buyer and stronger for the adversarial one.
See OWASP ASI coverage →Find out what your fleet is running. This week.
A 30-minute read-only deploy. A board-ready report of every agent, tool, and MCP connection. Encrypted by default from day one.
Free. Read-only deploy. No kernel driver. Remove it with one command.