Arx wraps the agents your team has already written. It doesn't replace your framework, your model choice, or your deployment target. It gives the review board something to review, your auditors something to verify, and your CISO a single screen for the fleet.
The registry is what your CISO sees when the board asks what's running. Each agent has a named owner, a declared connector graph, a blast radius, and a live health signal. Ownership is required at registration — not retroactively reconstructed during the next incident.
Agents register themselves with a manifest. Anything not in the manifest fails closed. Drift shows up as a control violation, not a mystery.
env:prod/region:us-east works as expected. Filter, group, and attest the fleet along whatever axis your org already cares about.
Every agent's connector graph renders as a single diagram. Read vs. write, gated vs. open, PII-touching vs. not — visible at a glance.
Registry state is immutable per-version. Rollback is a first-class operation with a bound control attestation that travels with it.
An agent that chooses when to call its own approval gate will eventually choose not to. In Arx, policy is enforced server-side — inside the connector that holds the credential. There is nothing for the agent to route around.
# Policy: servicenow.change.close over 1 ticket needs approval. # Evaluated inside the connector, before hitting ServiceNow. policy "change-close-over-one": when: servicenow.change.close if: payload.change_ids.length > 1 then: approval_required(severity="high") approvers=group("secops-leads") timeout="4h" diff_shown_to_approver=true
Run a proposed policy against the last 30 days of agent activity. See what would have been blocked, approved, and queued — before anything is enforced.
The exact payload diffed against current state; the agent's reasoning trace; the cascade blast radius. Nothing else.
Connectors are SDK-shaped on the agent side and policy-enforced on the platform side. Secrets never leave Arx; the agent receives a short-lived handle. Rotation is a platform operation, not a deploy.
Every platform action is hashed into a chain. The tip is signed and published every five minutes to a witness bucket in your account that Arx can write to, but not read or delete. Integrity is something you verify — not something we promise.
from arxsec.verify import verify_chain result = verify_chain( witness_bucket="s3://bank-grc/arx-witness/", arx_export="exports/2026-04-14.ndjson.gz", ) assert result.tip_matches_witness # True assert result.no_gaps # True assert result.signatures_valid # True
Static analysis reads your agent's Python source and Dockerfile, builds a connector graph, and produces a per-control mapping with evidence pointers to specific line ranges. 78 of 113 SOC 2 Type II controls pre-mapped on day one. The rest are explicitly marked as human-owned — because most of them are.
CC6.1, CC6.7, CC7.2, CC8.1 and 74 others bound to source spans with hash pinning.
GOVERN, MAP, MEASURE, MANAGE operationalized per-agent, with a workbook per release.
Annex A plus 42001 AI-management controls mapped 1:1 against deployed policies.
Risk classification per-agent; high-risk agents ship with conformity evidence attached.
We run on Aptible's SOC 2 Type II / HIPAA-certified infrastructure. Our own controls are independently audited annually, with continuous evidence packets available to your GRC team. This is the base layer; your agents build on it, not next to it.
Annual third-party pentests; executive summary available under NDA.
Transparent subprocessor list with 30-day change notification.
Bring your own key in AWS, Azure, or GCP. Arx never holds plaintext.
US and EU regions available; deployment-scoped, not tenant-scoped.
We'll spin up a sandbox workspace, ingest one of your Python agents, and generate the evidence bundle you'd ship to review.