Your AI agents can act. Vaultak decides what they are allowed to do.
Monitor every action. Enforce every boundary. Reverse every mistake. Without changing a single line of agent code. The runtime governance layer the AI security stack was missing.
Rollback reverses it automatically before damage cascades
Your agent leaks API keys
Permission profiles block access to credentials before it happens
Your system executes malicious instructions
Pre-execution checks stop prompt injection before it runs
Industry context
The world's leading security teams are sounding the alarm.
Public statements by executives of Project Glasswing partners via anthropic.com/glasswing, April 2026.
CISCO
“The old ways of hardening systems are no longer sufficient. Providers of technology must aggressively adopt new approaches now, and customers need to be ready to deploy.”
“At AWS, we build defenses before threats emerge, from our custom silicon up through the technology stack. Security isn't a phase for us; it's continuous and embedded in everything we do. We've been testing Claude Mythos Preview in our own security operations, applying it to critical codebases, where it's already helping us strengthen our code.”
“As we enter a phase where cybersecurity is no longer bound by purely human capacity, the opportunity to use AI responsibly to improve security and reduce risk at scale is unprecedented.”
Igor Tsyganskiy
Global CISO, EVP Security and Microsoft Research, Microsoft · via Project Glasswing
CROWDSTRIKE
“The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI. That is not a reason to slow down; it's a reason to move together, faster.”
“Open source software constitutes the vast majority of code in modern systems, including the very systems AI agents use to write new software. This is how AI-augmented security can become a trusted sidekick for every maintainer, not just those who can afford expensive security teams.”
“Promoting the cybersecurity and resiliency of the financial system is central to JPMorganChase's mission. Project Glasswing provides a unique, early stage opportunity to evaluate next-generation AI tools for defensive cybersecurity across critical infrastructure.”
Pat Opet
Chief Information Security Officer, JPMorganChase · via Project Glasswing
GOOGLE
“It's always been critical that the industry work together on emerging security issues. We have long believed that AI poses new challenges and opens new opportunities in cyber defense.”
“Everyone needs to prepare for AI-assisted attackers. There will be more attacks, faster attacks, and more sophisticated attacks. Now is the time to modernize cybersecurity stacks everywhere.”
The AI security stack has two layers. Pre-deployment scanning finds vulnerabilities in code. Runtime governance controls what agents do once they're running.
Project Glasswing addresses the first layer. No initiative — until Vaultak — has addressed the second.
By the numbers
92%
of security leaders are concerned about AI agents and their security impact
Cloud Security Alliance, 2026
$4.6M
average cost per shadow AI breach: $670K more than a standard breach
IBM Cost of a Data Breach, 2025
48%
of cybersecurity professionals identify agentic AI as the single most dangerous attack vector
Dark Reading poll, 2026
6%
of organizations have an advanced AI security strategy, as agents flood production
Palo Alto Networks, 2026
What Vaultak does
Five capabilities. Complete governance.
Monitoring
Every action intercepted and logged in real time
Decision Making
5-dimensional risk scoring before each action runs
Enforcement
Policy-based blocking before violations occur
State Control
Pause any agent instantly. Resume on your terms.
Rollback
Automatically reverses the last N actions. No other tool does this.
Architecture
How Vaultak sits in your stack.
AI Agent
LangChain · CrewAI AutoGen · Custom
every action
→
VAULTAK
◆
Policy Engine
Risk Score < 0.7 → allow
blocked_resources → block
violation → rollback + pause
if allowed
→
Your Systems
Files · Databases APIs · Processes
Real-time Dashboard
Every action logged · Full audit trail · Policy management
An agent processing read-only analytics reports begins exploring the file system and attempts a write to a production database schema.
✕ database_write on prod.schema
risk: 0.91 · outside policy
✓ Blocked. 3 actions rolled back.
SCENARIO 02
Prompt injection targets credentials
A malicious instruction embedded in a processed document tells the agent to read and exfiltrate the production .env file containing API keys.
✕ file_read on .env
matches blocked pattern: *.env
✓ Blocked before read. Keys safe.
SCENARIO 03
Coding agent modifies production config
A software engineering agent with file write access reasons that updating a production config file will fix the bug it is tasked with solving.
✕ file_write on prod.config.yaml
risk: 0.84 · exceeds threshold
✓ Paused. Awaiting human review.
Security and trust
Built for teams that cannot afford to get this wrong.
Data you share with Vaultak
Action type · Resource path or hostname · Timestamp · Risk score. Vaultak never reads file contents, environment variable values, or database payloads.
Infrastructure
All infrastructure is SOC 2 Type II certified. API keys are stored as SHA-256 hashes only and cannot be retrieved once generated.
Compliance ready
Full audit trail for HIPAA (164.312(b)). Permission profiles satisfy access control requirements. Policy engine addresses SOC 2 CC6.1 and CC7.2. GDPR deletion on request.
Multi-tenant isolation
Every database query is scoped to your organization ID. Cross-tenant data access is architecturally impossible, not just access-controlled.
Local enforcement
Permission profiles are enforced locally within the SDK or Sentry daemon before any network call. Blocking works even if the Vaultak backend is unreachable.
Open to inspection
SDK source is available on GitHub. Security questions answered at security@vaultak.com. White paper available at vaultak.com/whitepaper.
Two ways in
Operational in minutes. No exceptions.
Core
Vaultak Core: SDK integration
Install with pip install vaultak and wrap your agent with five lines of code. Deep integration with custom rollback callbacks and full programmatic control.
Sentry
Vaultak Sentry: Desktop app
Two ways to deploy: download the desktop app, or use the process runner vaultak-sentry run python agent.py. Works with Python, Node.js, Ruby, and Go, zero code changes. Download for Mac, Windows, Linux →
Dashboard
One dashboard. Both products.
Every action from Core and Sentry flows into the same real-time dashboard. One API key. One audit trail. One place to manage policies across all your agents.
Integration
Two ways in. Zero compromise.
Both connect to the same dashboard. Pick the one that fits your workflow.
VAULTAK SENTRY
DESKTOP APP
No code changes.
Download and run. Zero code changes. Full monitoring, real-time alerts, automatic pause and rollback, without touching a single line of your agent code.
Then double-click the .pkg file to install. Windows and Linux do not require this step.
WINDOWS INSTALLATION NOTE
If Windows SmartScreen appears, click More info then Run anyway. This is standard for apps not yet in the Microsoft Store.
VAULTAK CORE
SDK
Five lines of code.
Full monitoring, real-time alerts, automatic pause and rollback, plus custom callbacks, programmatic policy enforcement, and deep instrumentation for complete agent control.
How does Vaultak monitor AI agents without using AI itself?
It works at the action layer, not the reasoning layer. Every time your agent tries to do something, a database query, a file write, an API call, that request passes through Vaultak first. Vaultak scores it across five dimensions using deterministic rules and checks it against your policies. No machine learning involved.
Where do I write policies, in my agent code or in Vaultak?
In Vaultak. Your agent code doesn't need to know the rules exist. You define everything in the dashboard or SDK, and Vaultak enforces it at runtime. That means you can update or tighten a policy without touching a single line of agent code.
Can one agent have multiple policies running at once?
Yes, and there's no limit. You could block production deletes, restrict credential access, cap bulk operations, and require human approval for sensitive actions, all on the same agent, all enforced simultaneously. If multiple policies match the same action, the one with the lowest priority number takes effect.
How does Vaultak know when to block something?
Every action gets intercepted before it reaches the target system. Vaultak checks it against your policies in real time. If it matches a block rule, say, a delete on anything in production, it's stopped right there. The agent gets a blocked response and the action never executes.
How does rollback actually work?
Before any high-risk action runs, Vaultak captures a snapshot of the relevant state. If something goes wrong, you restore from that snapshot instantly via the dashboard or API. You can also set rollback to trigger automatically when a risk score crosses a threshold you define.
How does Vaultak spot unusual behavior without AI?
It builds a baseline of what your agent normally does, which actions it takes, how often, on which resources. When the agent starts doing things outside that pattern, the deviation score goes up. It's the same idea as how a bank flags an unusual transaction, not AI, just pattern matching against a known baseline.
How does Vaultak keep multiple agents separate?
Every agent gets a unique ID when you initialize it with Vaultak. Policies, audit logs, risk scores, and rollback snapshots are all tied to that ID. Each agent in a multi-agent system has its own independent policy set and behavioral baseline, they don't interfere with each other.
Does Vaultak work with LangChain, CrewAI, and similar frameworks?
Yes. Vaultak sits at the action layer, not the framework layer, so it works with whatever you're using, LangChain, CrewAI, LangGraph, AutoGPT, OpenAI Assistants, or a custom setup. You build your agent with the framework of your choice, then add Vaultak on top to secure it.
What is CrewAI and does it have anything to do with Vaultak?
CrewAI is an open-source framework for building multi-agent systems. It has nothing to do with Vaultak. Some developers use CrewAI to build their agents, then add Vaultak on top to secure them. The two are completely independent products.
Do I need to rewrite my agent to use Vaultak?
No. You add five lines of code to wrap your agent with vt.monitor() and you're done. Everything else, policy management, monitoring, enforcement, happens inside Vaultak without any changes to your agent logic.
How does Vaultak know what my agent is and isn't supposed to do?
It doesn't make that call, you do. You define the rules, and Vaultak enforces them. Think of it like a firewall: it doesn't understand what your application is trying to accomplish, it just checks every request against the rules you set and acts accordingly.
Is there a free way to check how risky my agent is?
Yes. The free risk scanner at vaultak.com/scan lets you describe your agent and get a 0 to 100 security score across all five risk dimensions in seconds. No account needed.