AxioRankZero-Trust for AI Agents
Open the console

Automated response

When something fires, respond in the same second.

Response rules evaluate every governed event. A rule that matches can quarantine an agent, revoke its keys, or raise an alert. Start in monitor mode to watch what would happen, then arm it.

Open the consoleRead the docs

Monitor or armed · per-agent cooldown · only quarantine is reversible

rule firedsimulated
event aws.s3.getObject
risk 98 · secret
rule contain critical secrets
action quarantine agent
monitor mode, so nothing was actually quarantined
0
Response actions
0
Trigger types
0
Modes
0
Reversible action

Predicates

A rule fires when everything matches.

Stack as many conditions as you need. A rule only acts when all of them hold at once.

Match the call

A tool pattern, a risk floor, a signal category, or an exact detector id.

Require critical

Only act when a live secret, a private key, or a forged signature is present.

Across a window

Wait for a count, like five matching events within sixty seconds, before acting.

Two modes

See it first. Arm it when you trust it.

Every rule runs in one of two modes, so you can prove a rule is right before it ever touches an agent.

monitor

Watch what would happen

Monitor records a simulated action and logs what it would have done. It runs on every plan and never touches an agent.

active

Act the moment it matches

Armed takes the real action as soon as a rule fires. Available on Pro and above.

Reversible by design

Only quarantine can be undone, so armed revoke and alert actions are treated as final.

Simulate

Build a rule, then replay a feed of events through it.

Compose a rule, stream a sample feed, and flip between monitor and armed to watch the same engine decide which events trigger an action.

Your response rule

Require a critical signal
Fire only on repeated events
Quarantine
Revoke keys
Alert
Notify
Monitor

Simulate only

Armed

Take real action

Event feed

  • github.read10skipped
    Read a README
  • db.query75quarantinesimulated
    SELECT * FROM users
    Egress

    matched on risk≥70

  • aws.s3.getObject96quarantinesimulated
    Fetch with a leaked key
    Secret

    matched on risk≥70

  • slack.post73quarantinesimulated
    Post customer PII
    PII ×2

    matched on risk≥70

  • gmail.send89quarantinesimulated
    Email an external address
    PIIEgress

    matched on risk≥70

  • db.query81quarantinesimulated
    DROP TABLE audit_logs
    Destructive

    matched on risk≥70

Monitor records a simulated action. Armed takes the real one.

What can fire a rule

Per call, across a chain, or after the model weighs in.

Rules evaluate on more than single calls. The most dangerous behavior shows up across a sequence.

Per tool call

The default. Every governed call is checked against your rules as it happens.

Kill chain

Correlated exfiltration across calls, synthesized as one max-risk event.

Model assessment

After a model classifies a risky call, its threat class can fire a rule.

See threat intelligence

Correlated attack

One call looks fine. The sequence is the attack.

Add calls to a run and watch a kill chain fire when a sensitive read is followed by egress, when reconnaissance precedes a delete, or when an injection leads to an action.

Add a call

Add a few calls. One looks fine on its own. Try a sensitive read followed by a POST, or three reads then a delete.

No double-acting

Cooldowns and idempotency keep it calm.

Automation should be decisive, not noisy.

Built-in safeguards

A per-agent cooldown stops a rule from acting twice in quick succession, and an idempotency key keeps a retried event from acting again. Alert severity escalates as the action count climbs.

Keep exploring

Continue across the control plane.

Agent identity

Short-lived signed tokens that verify locally and cannot be replayed.

Open

MCP gateway

Every tool call scored, policed, and logged on the hot path in under 100 ms.

Open

Policy engine

Glob and context rules with deny-overrides. One line says no production database.

Open

Content inspection

More than 31 detectors across secrets, destructive commands, injection, PII, and egress.

Open

Threat intelligence

A cross-tenant feed with a k-anonymity floor, plus model scoring and anomaly detection.

Open

Developers

Subscribe to signed webhooks for every action a rule takes.

Open

Pricing

Monitor mode is free. Armed response is on Pro and above.

Open

Stop watching dashboards. Let the rules act.

Prove a rule in monitor mode, then arm it to contain a bad agent the second it crosses the line.

Open the consoleCompare plans