Autonomous agents on your endpoints — even when they're offline.
TL;DR. Signed, OS-native agents for Linux, Windows and macOS. They patch, repair configuration drift and respond to detections locally — continuing to work offline — and every action is signed, logged and revocable by a per-tenant kill-switch.
What this is about
Endpoints are where most operational work and most risk actually live. A central console that can only act when a device is online and reachable misses half the problem. Endpoint Agents run locally — signed and bounded — so remediation continues even when the device is offline, and reconciles when it reconnects. Power on the endpoint, control from the centre, audit everywhere.
How we run it
Agents are cryptographically signed and run native on each OS. They execute their remit — patching, drift repair, detection response — to policy, locally, and report through the Message Bus when connected. A per-tenant kill-switch can stop or quarantine the fleet instantly. Observability records every action; nothing an agent does is invisible. Consequential or out-of-corridor actions escalate to a human.
When it fits
Estates with field, remote or intermittently-connected devices. Organisations that need remediation to continue without a live connection. Regulated environments where endpoint actions must be signed and auditable.
What we don't do
We don't run unsigned code on your machines. We don't act invisibly — everything is logged. We don't leave you without a brake — the kill-switch is yours, per tenant.
What you can hand off
-
OS-native signed agents
Linux, Windows and macOS. Cryptographically signed; no unsigned code on your endpoints.
-
Offline remediation
Patching, drift repair and detection response continue locally without a live connection, reconciling on reconnect.
-
Per-tenant kill-switch
Stop or quarantine the fleet instantly. The brake is yours.
-
Full action log
Every endpoint action recorded through Observability — nothing invisible.
-
Escalation on anomaly
Out-of-corridor or consequential actions escalate to a human rather than proceeding.
Product facts
| Platforms | Linux, Windows, macOS · OS-native |
|---|---|
| Integrity | Cryptographically signed agents |
| Offline | Local remediation continues, reconciles on reconnect |
| Control | Per-tenant kill-switch · instant stop/quarantine |
| Audit | Every action logged via Observability |
| Deployment | EU cloud, on-premise or air-gapped control plane |
Asked before the briefing
-
Is this an EDR?
It does autonomous endpoint remediation and detection response, and integrates with AI Security Operations. It's the action layer on the endpoint, governed centrally. -
What if a device is offline?
The agent continues its policy-bound remit locally and reconciles state when it reconnects. You don't lose remediation to a dropped connection. -
How do we stop a misbehaving agent?
A per-tenant kill-switch stops or quarantines the fleet instantly. Every action is also logged, so you can see what happened. -
Will it run unsigned or unknown code?
No. Agents are cryptographically signed. That's a hard requirement, not a setting.
Control at the centre, power at the edge.
We deploy signed endpoint agents to a pilot group and show offline remediation, the audit log and the kill-switch in action.