Product
What happens when an agent calls a tool.
From interception to audit trail. Every step, every verdict, every rule.
Product
From interception to audit trail. Every step, every verdict, every rule.
AI agents don't just use MCP. They execute shell commands, read files, search code, call APIs. Oktsec monitors both channels simultaneously.
Once intercepted, every call hits the detection engine.
Every rule is a deterministic YAML pattern or a specialized analyzer. No probabilistic classification, no model drift, no prompt sensitivity. The pipeline runs in microseconds.
The pipeline returns one of four verdicts.
Every tool call gets exactly one verdict. The verdict determines what happens next.
No rules triggered. The call proceeds to the backend.
Low-severity match. The call proceeds but appears in the dashboard with a warning.
High-severity match. The call is held until a human approves or rejects it. HTTP 202.
Critical threat detected. The call never reaches the backend. The agent receives an error.
Every verdict is logged. Permanently.
Every tool call produces an immutable audit entry with SHA-256 hash chain and Ed25519 proxy signatures. Export to CSV, JSON, or SARIF.
Reconstruct the full sequence of agent actions across sessions. Identify exactly which tool call triggered which rule.
SHA-256 hash chain means any tampering breaks the chain. Ed25519 signatures prove provenance.
EU AI Act, NIST AI RMF increasingly require audit trails for AI systems. SARIF export integrates with existing GRC tooling.
When the rule engine flags something suspicious, the optional LLM layer goes deeper.
When the rule engine flags suspicious traffic, an optional LLM layer analyzes the context, confirms the threat, and generates new detection rules for human review.
Rules decide what happens. Access control decides who can try.
Every agent gets an Ed25519 keypair. No shared secrets, no bearer tokens, no trust-by-default. Fine-grained controls govern what each agent can do.
Per-agent cryptographic identity. Every request is signed and verified.
Define which tools each agent can access. Deny by default, allow explicitly.
Restrict agents to specific MCP tools. Block filesystem, network, or shell access per agent.
Per-agent and global budget caps for LLM threat intel. Prevents runaway API costs.
Per-agent request throttling. Prevents denial of service from compromised agents.
High-severity actions require human approval. Configurable per verdict level.
How do you know your deployment is secure?
The oktsec audit command evaluates your agent infrastructure against 41 deployment checks and returns a letter grade with actionable findings.
Performance benchmarks and deployment options for teams running agents at scale.
Messages processed per second through the full 10-stage pipeline
Audit log batch write throughput to SQLite
Ed25519 signature generation per audit entry
Ed25519 signature verification per entry
Dashboard queries at 1M+ rows in the audit database
Zero CGO, zero runtime dependencies, cross-platform Go binary
Oktsec adapts to your infrastructure. Run it as a turnkey solution, a gateway, a proxy, or integrate it into your existing MCP setup.
| Mode | Command | Description |
|---|---|---|
| Turnkey | oktsec run | Auto-discovers MCP servers, generates config, starts gateway + dashboard + hooks. Zero to full visibility in 30 seconds. |
| Gateway | oktsec gateway | Standalone MCP security proxy. Sits in front of any MCP server and intercepts all tool calls. |
| Proxy | oktsec serve | HTTP reverse proxy mode. Forward traffic through Oktsec for inspection and logging. |
| Stdio | oktsec proxy | Stdio transport proxy for MCP servers that use stdin/stdout communication. |
| MCP Server | oktsec mcp | Run Oktsec itself as an MCP server. Query the audit trail, check security posture, manage rules from any MCP client. |
| Audit | oktsec audit | Offline security posture assessment. 41 checks, letter grade, auto-remediation suggestions. |