CTO · CISO · Platform Operator
Deploy AI agents your security team can approve
One governed runtime for every agent — identity, tenancy, policies, budgets, traces. EU deployment by default, model choice by configuration, nothing undeclared can run.
Finally, an AI surface you can actually secure.
Pains → gains
From investigation toil to structured findings
Deterministic systems keep the books. Agents handle bounded reasoning tasks inside them. Your team stays in command.
The work today
Shadow AI, credential sprawl and ungoverned tool access — each a board-level risk.
US-cloud anchoring and one-model lock-in written into someone else's architecture.
Every team rebuilds auth, observability, evals and guardrails for every bot — and the POC still fails security review.
With NeoXam Agents
One governed runtime
Per-agent RBAC, three-layer tenant isolation, scoped credential vaults and a curated tool registry that rejects arbitrary endpoints — with enterprise OIDC SSO landing in Beta.
EU by default, sovereign by choice
The platform runs in the EU (Frankfurt) today. Hybrid, on-prem and sovereign Kubernetes deployments arrive at GA, with per-client residency pinning.
Model choice by configuration
The model is a field in the agent's descriptor, not an architectural commitment. Today the platform runs Anthropic Claude through an AI gateway; switching providers is a config change, not a re-architecture.
Ship agents, not scaffolding
Teams declare an agent as a versioned descriptor, open a PR, pass the eval gate, ship. Auth, tracing, policies, budgets and tenancy come from the platform.
The agents
Agents that matter for your team
Every agent is declared in a Git-governed catalog, gated by evaluation baselines, policy-controlled at every tool call, and traced end to end. Statuses below are exact.
Reconciliation Investigator
Shipped — pilot livearo.reconciliation-investigator
The production proof of the runtime: an end-to-end pilot running on the governed stack — catalog, tracing, audit log and eval CI included.
Agent Config Generator
Betaagent-config-generator
A meta-agent that will generate a valid agent descriptor from a natural-language description — powering the Quickstart wizard so product teams ship their first agent in under a day.
Key capabilities
Why this works here
Catalog-first integrity
ShippedNothing undeclared is callable, injectable or provisionable. Secrets never appear in descriptors, code, logs or traces — enforced by contract tests.
Tenant isolation by construction
ShippedTenant context is resolved from the verified token and enforced as row-level security on every table, with per-workspace vaults and per-tenant rate limits and quotas.
Full observability
ShippedAn OpenTelemetry span for every model and tool call, exported to Langfuse, with cost per run, per agent and per tenant — and an observability stack designed to be self-hosted.
Bounded by design
ShippedEvery run has hard ceilings — duration, tool calls, tokens. Schema-violating output is a hard failure, and runs are cancellable mid-flight.
NeoXam products
Where these agents live
Agents are embedded in the NeoXam products your teams already use — not bolted on beside them.
- Shipped — pilot live
Aro
Reconciliation
Every reconciliation break investigated before your analyst opens it — root cause, evidence, recommended action, fully traced.
- Shipped — task mode
DataHub
Enterprise Data Management
Business rules drafted, validated, evaluated and tested by agents that know your syntax dictionary, your rule corpus and your engine.
FAQ
Questions your team will ask
Where does the platform run, and where does our data live?
SaaS in the EU (Frankfurt) today, with client business data inside your tenant boundary. Hybrid, on-prem and sovereign Kubernetes deployments arrive at GA (Q3 2026), along with per-client region pinning.
Are we locked into one LLM vendor?
No. The model is a configuration field in each agent's descriptor and the harness is multi-provider by design. Today it runs Anthropic Claude via an AI gateway; switching or mixing providers is a config-and-re-evaluate operation. No model is ever fine-tuned on your data.
How do agents authenticate and call tools?
Every API call carries a verified JWT. Agents reach tools only through MCP servers declared in the catalog, with per-run signed tokens and per-tool allow/ask/deny policies. Credentials live in scoped vaults — never in prompts, logs or traces, contract-tested.
What does it take to integrate our own systems?
One stable Runner API: a REST call with a JWT. Open standards throughout — MCP for tools, A2A agent cards for discovery, OIDC for identity, OpenTelemetry for traces.
Join the Early Adopter Program
General availability lands in Q3 2026. The Early Adopter Program is open now — a limited cohort, a one-year platform trial, and three workshop streams: Business ROI, Compliance, and Operational fit.