AxioRankZero-Trust for AI Agents
Open the console

Human in the loop

Some calls should wait for a person.

When a rule cannot safely auto-decide, it holds the call instead of guessing. A person approves or denies from Slack, email, or the dashboard, the highest-risk actions can require two people, and a stale approval escalates on its own.

Open the consoleRead the docs

hold mid-flight · dual control · signed decisions

held · send_emailawaiting
recipient came from a fetched page
policy   no-untrusted-egress
action   hold -> await approval
approve once, signed under your key
Hold
Pause a call mid-flight
2-person
Dual control on the riskiest actions
Signed
Decisions under the approver's key
Free
Approvals on every plan

How a hold works

Work the queue. Approve or deny.

A held call lands in the inbox with the agent, the tool, the risk, and the rule that held it. Approve to release it once, or deny to make sure it never runs. Every decision is recorded and signed.

Approval inbox0/3 resolved
Heldsend_emailagent_7f3c78

Email a recipient address that came from a fetched web page.

matched policy no-untrusted-egress

Every decision is signed under the approver's own key and rides inside the call's receipt, verifiable after the fact.

Built for real review

More than a yes-or-no button.

Approvals carry the controls a security team actually needs, so a hold is a safe pause, not a bottleneck.

Dual control

Require two distinct approvers on the highest-risk actions, so no single person can wave a call through.

Escalation and SLA

An approval that sits too long escalates and notifies, so nothing waits in a queue forever.

Decide from anywhere

Approve or deny from an interactive Slack message, a one-click signed email link, or the dashboard.

A signed decision

The approver's choice is signed under their own key and folded into the call's receipt.

Where holds come from

Anything that should pause, pauses here.

A hold is a first-class outcome across the platform. Whatever puts a call on hold, the same inbox resolves it.

A policy hold

Write a rule that holds a pattern for approval instead of allowing or denying it outright.

See the policy engine

A flow-control hold

Untrusted data heading for a dangerous sink is held until a person clears it.

See provable security

A judge that fails secure

When the model judge is unsure, the call stays held for a human rather than releasing.

See AI detection

Keep exploring

Continue across the control plane.

Automated response

Quarantine, revoke, or alert. Watch in monitor mode, then arm it when you trust it.

Open

Incidents & SOAR

Correlate alerts into incidents and open a Jira or ServiceNow ticket the moment risk spikes.

Open

SIEM & streaming

Pull the audit log as NDJSON or push it live to Splunk, Datadog, and any OTLP collector.

Open

Agent identity

Short-lived signed tokens that verify locally and cannot be replayed.

Open

Provable security

The approval is bound into the call's signed, offline-verifiable receipt.

Open

Approvals docs

Hold TTLs, escalation, dual control, and the signed decision flow.

Open

Keep a human on the calls that need one.

Hold the risky actions, route them to the right people, and keep a signed record of who decided what.

Open the consoleCompare plans