VyriAI | AI Runtime Control Platform

Your AI agents are writing files, calling APIs, querying production databases. Your MCP servers could be poisoned before they ever run. VyriAI controls both.

VyriAI is the runtime control plane for autonomous AI. Block dangerous agent actions before they execute — not after. Set policies in JSON: deny production DB access, require approval for shell commands, block external API calls with PII. Human-in-the-loop for anything sensitive. Cryptographic audit trail for SOC2, GDPR, HIPAA. One URL change. No SDK. Free MCP server scanner built-in — detect tool poisoning, typosquats, and SSH key exfiltration in any MCP server before install.

Secure your AI stack in 5 minutes → See how it works
<10ms
Agent policy evaluation
~147 RPS
At 300 concurrent (0% errors)
12ms
Avg governance overhead
640/640
Tests passing (100%)
🩻 Scan an MCP server → 🛑 See 7 live attacks blocked — no signup ↓
npx @vyriai/mcp-scan ./tools.json Free CLI · Node ≥ 18 · no signup · npm →
AI is now part of the attack surface

Hackers Use AI to Execute Cyberattacks. Can You Track What Your AI Is Doing?

Recent breaches show attackers using Claude and ChatGPT to generate attack scripts, automate exploits, and process stolen data. AI massively amplifies attacker productivity. Your compliance audit will ask: "What did your AI DO?"

Government Agency Breach
Attackers used AI models to generate 1000+ prompts refining attack scripts. 9+ agencies compromised, 150GB+ data stolen.
AI amplified attacker productivity. No visibility into AI-generated actions.
Series B Startup
SOC2 audit in 30 days. No audit trail for AI usage. Auditor rejected 5000 raw logs.
Result: Audit failed. Deal delayed 6 months.
Healthcare SaaS
HIPAA audit next month. Can't prove PHI wasn't sent to LLMs or what AI actions were executed.
Result: $250K fine, mandatory remediation.
Your Company?
Your auditor will ask: "Show me AI usage evidence and what AI actions were executed." What will you show?
Without VyriAI: raw logs they'll reject. With VyriAI: control-specific evidence in seconds.
Phase 1.5 — SHIPPED April 2026
NEW — MCP Trust Engine (May 2026)
NEW — HA Infrastructure + Enterprise Hardening (May 2026)

The only platform that controls what AI agents actually do

Every other AI security tool scans prompts. VyriAI controls actions — the file writes, DB queries, API calls, and shell commands your agents generate.

🛡️
Policy Engine
Declare what agents can and cannot do. JSON DSL. No code. Hot-reload without restart. Fires in <10ms, inline with every LLM response.
"action": "deny"
"resource": "prod-db-*"
"reason": "No prod access"
👤
Human Approvals
Flag sensitive actions for human review instead of auto-blocking. Agent waits. Operator approves or rejects via console or API. Full audit record either way.
status: "pending_approval"
tool: "run_shell_command"
approval_id: "appr-t1-42"
🔭
Agent Observability
Per-agent risk scores, trace history, and enforcement log. Know which agent is high-risk, which policies fired, and exactly why. Your SOC team finally has AI agent data.
agent: "billing-agent"
risk_score: 0.84 ↑
blocked_actions: 3
Test results — live stack, HA infra, not mocked
300 requests · 300 concurrent · Redis Sentinel HA · Kafka 3-broker · PgBouncer
~147 RPS
throughput (burst)
34ms
single-request
1.4s
P95 latency
0%
error rate
640/640
tests passing
Enterprise-Grade Security Features
Shipped April–May 2026
🔴 Redis Sentinel HA
3-node Sentinel cluster, quorum 2, automatic failover. No single point of failure on token bucket rate limiting or session state.
📨 Kafka 3-Broker HA
Replication factor 3, min ISR 2, ZooKeeper 3-node ensemble. Audit events survive a broker failure — no event loss, no data gaps.
🏊 PgBouncer Connection Pool
Transaction-mode pooling, 1,000 max client connections. P95 latency improved from 4.3s → 1.4s under 300 concurrent.
🔐 Column-Level Encryption
pgcrypto AES-256 on sensitive policy fields. SQL SECURITY DEFINER functions — app role cannot access encryption key directly. Backward-compatible nil-ciphertext fallback.
⚡ LLM Circuit Breakers
Per-provider Closed→Open→HalfOpen state machine. Auto-failover across OpenAI, Anthropic, Gemini. Prevents cascade failures. 11/11 tests passing.
📋 SOC2 Policy Documents
6 enterprise compliance docs: Information Security Policy, Access Control, Incident Response, Change Management, Vendor Risk Assessment, Data Processing Agreement.
🔔 Approval Notifications
Slack + email + generic webhook via APPROVAL_WEBHOOK_URL. Auto-detects Slack format.
🐍 Python SDK
@govern decorator for zero-code-change governance. Source: python-sdk/ — PyPI publish coming Q3 2026.
📄 OpenAPI 3.0.3 Spec
40+ endpoints at GET /openapi.yaml. Security scanner ready.
📋 Policy Versioning
Changelog per policy. recordChange() on every mutation. Who changed what and when.
🔑 Token Revocation
Redis blacklist with Sentinel HA. POST /v1/admin/tokens/revoke. Falls back to JWT expiry when Redis unavailable.
🔒 Action Policy Auth
CRUD protected under /v1/admin/action-policies. Bearer token required.
Drop-in proxy

Control Mapping Layer: One Line to Block Data Leaks & Audit AI Actions

Change your API base URL from api.openai.com to your VyriAI proxy. That's it. Every LLM call now runs through governance — scanning, blocking, action detection, and auditing — with automatic mapping to SOC2/GDPR/HIPAA controls. Pass your audit in days, not weeks.

  • 1. Intercept: all prompts pass through your VyriAI instance
  • 2. Scan: 45+ patterns check for PII, source code, secrets, PHI
  • 3. Map: audit events automatically mapped to SOC2/GDPR/HIPAA controls
  • 4. Export: one-click evidence export for your auditor
Live governance pipeline
📱
Your app sends prompt
incoming
🔍
Content scan (45+ patterns)
~3ms
🚫
SSN / source code detected
blocked
✏️
PII redacted from prompt
redacted
🤖
Clean prompt → LLM API
forwarded
📋
Decision written to audit chain
sha-256
2-minute integration

Change one URL. Protect everything.

No SDK. No agent. No code changes beyond the base URL. Works with any LLM library.

before_vyriai.py
import openai

# ❌ Prompt goes directly to OpenAI
# No visibility. No control. No audit.

client = openai.OpenAI(
  api_key="sk-..."
)

response = client.chat.completions.create(
  model="gpt-4o",
  messages=[{
    "role": "user",
    "content": prompt # could contain SSN, code...
  }]
)
after_vyriai.py
import openai

# ✅ One line change. Full governance.

client = openai.OpenAI(
  api_key="sk-...",
  base_url="https://proxy.vyriai.com/v1" # ← add this
)

# Everything else stays identical.
# VyriAI intercepts, scans, enforces,
# and audits every prompt automatically.

response = client.chat.completions.create(
  model="gpt-4o",
  messages=[{..}]
)
🛡️
Instant protection
Every prompt scanned for SSNs, emails, phone numbers, credit cards, PHI, source code, API keys, and passwords before reaching the LLM.
Imperceptible overhead
Governance adds ~12ms avg to your LLM calls. Your OpenAI call takes 1–3 seconds — users never notice. Measured: ~147 RPS at 300 concurrent, P95 1.4s, 0% error rate (HA stack).
🔒
Fail-closed by default
If VyriAI goes down, requests are denied — not passed through. Your data never bypasses governance, even during incidents.
🔄
Hot-reload policies
Change what's blocked via API — no restart, no deployment. Policy takes effect within milliseconds.
Full governance stack

Everything your team needs to ship AI safely

Not just a filter. A complete governance layer — policy engine, audit trail, memory isolation, and compliance exports built in.

🛡️
Agent Action Policy Engine — SHIPPED April 2026
Define what your AI agents are allowed to do — before they do it. JSON policy DSL: deny prod DB access, require approval for shell commands, block high-sensitivity data to external APIs. <10ms evaluation. Hot-reload. 6 default policies ship out of the box.
👤
Human-in-the-Loop Approvals — SHIPPED April 2026
When an agent action matches a "require_approval" policy, VyriAI holds it pending human review. Approve or reject via the console or API. The agent waits. Full audit record regardless of decision. Built-in, not bolted-on.
🔭
Agent Observability — SHIPPED April 2026
Per-agent risk scores, trace history (last 200 per agent), policy enforcement log, and rolling average risk score. Your SOC team finally has data on what your AI agents are doing. REST API: /v1/agents/:id/traces.
🗄️
SQL Security — SHIPPED April 2026
SQL AST validation before execution (SELECT-only allowlist), secondary classifier as guardrail, auto-provisioned read-only database roles, and dual immutable logging for prompt + generated SQL. Prevents SQL injection via text-to-SQL interfaces.
🔍
45+-pattern content scanner
Detects SSNs, emails, credit cards, PHI, HIPAA data, source code in 11 languages, API keys, passwords, SQL injection, and meeting notes. Add your own patterns via API.
📜
Policy engine with hot-reload
Define per-tenant policies: block source code, block PII, allow everything else. Patch policies live via API with no downtime. Stealth mode keeps enforcement invisible to end users.
🔗
Tamper-evident audit trail
Every governance decision is written to a SHA-256 hash chain. Auditors can verify that no decisions were deleted or modified — even by your own engineers.
Control Mapping Layer
Map audit events to SOC2 controls (CC6.1, CC7.2, A1.1), GDPR articles (Article 25, Article 32), and HIPAA safeguards. Control-specific evidence, not raw logs. Pre-audit validation checks if you're ready.
📦
One-click evidence export
SOC2, GDPR, and HIPAA evidence packages as ZIP/JSON/CSV with full audit trail, integrity manifest, and hash verification. Ready for your next audit in 30 seconds.
🏢
Multi-tenant isolation
PostgreSQL Row-Level Security enforced at the database layer. One tenant can never see another's data — even if there's a bug in application code.
🔒
MCP Server Security — SHIPPED May 2026
Pre-install pipeline with 8 security checks: publisher verification, static source scan, dependency analysis, tool poisoning detection, transport validation, fingerprinting, and composite TrustScore. Runtime hook integrates MCP calls into same policy engine as LLM agents.
🔴
Redis Sentinel HA — SHIPPED May 2026
3-node Sentinel cluster with quorum 2. Automatic failover — primary Redis going down triggers zero-downtime promotion of a replica. Token bucket rate limiting and session state survive node failures. go-redis FailoverClient wired in natively.
📨
Kafka 3-Broker HA — SHIPPED May 2026
Audit event pipeline on a 3-broker Kafka cluster with replication factor 3, min ISR 2. ZooKeeper 3-node ensemble. No audit gaps during broker failures. Guarantees SOC2 audit trail completeness even under infrastructure failure.
🔐
Column-Level Encryption (pgcrypto) — SHIPPED May 2026
AES-256 encryption on sensitive policy fields via PostgreSQL pgcrypto. SQL SECURITY DEFINER functions (amcp_encrypt / amcp_decrypt) prevent the app role from accessing the encryption key directly. Backward-compatible nil-ciphertext fallback. Satisfies SOC2 CC6.1 encryption-at-rest control. 12/12 integration tests.
LLM Circuit Breakers — SHIPPED May 2026
Per-provider Closed→Open→HalfOpen state machine prevents cascade failures across OpenAI, Anthropic, and Gemini. Failed provider trips the breaker; probe requests restart it after cooldown. Pure stdlib, sync.Mutex, no external deps. 11/11 tests including concurrency and half-open probe.
📋
SOC2 Compliance Documents — SHIPPED May 2026
6 enterprise compliance policy documents: Information Security Policy (ISP), Access Control Policy (ACP), Incident Response Plan (IRP), Change Management Policy (CMP), Vendor Risk Assessment (VRA), and Data Processing Agreement (DPA). Ready for SOC2 Type 1 audit engagement.
🔗
Multi-LLM support
Works with OpenAI, Anthropic Claude, and Google Gemini. Switch providers without changing governance configuration. Automatic fallback if primary provider is unavailable.
🔐
OIDC/SSO ready
Connects to Auth0, Okta, Google Workspace, and Azure AD via standard OIDC. Tenant isolation from JWT claims — no custom integration code needed.
📊
SLO monitoring + fail-closed
Tracks P95 latency and error rate in real time. When governance degrades beyond your SLO, fail-closed activates: requests are denied, never passed through unguarded.
💡
Explainability API
Every blocked request has a full timeline: why it was blocked, which pattern matched, risk score, and which policy triggered. No black boxes.
Pre-audit validation
Run validation before your audit to identify gaps. Get recommendations for controls that need attention. Know if you're ready before the auditor arrives.
AI action interception
Detect AND enforce on AI-generated actions (file writes, shell commands, API calls, DB queries) from LLM responses. Not just logging — active blocking based on policies. Risk classification with SOC2/GDPR/HIPAA compliance mapping in every audit record.
SHA-256 Hash Chain — Not Just Logs

Mathematical Proof Your Audit Trail Is Tamper-Proof

Logs can be modified. Backdated. Selectively deleted. A SHA-256 hash chain cannot be silently tampered with. Every governance decision: hash = SHA256(prev_hash + event_data). Delete or modify any record → chain breaks → tampering detected instantly. Your auditor gets mathematical proof, not just your word.

  • Chain integrity verification: GET /v1/audit/verify returns mathematical proof
  • Evidence export: One-click ZIP/JSON/CSV with SOC2/GDPR/HIPAA control mapping
  • Independently verifiable: Auditors can verify the chain without your help
What we don't claim (honest gaps):
• No SOC2 Type 1 certification yet — 6 policy docs complete, audit firm engagement in Q3 2026
• No penetration test (scheduled Q3 2026)
• No HIPAA BAA template (patterns exist, legal doc in progress)
• RLS enforcement tested at app layer; DB-level RLS row counts not yet independently audited
timedecisionreasonhash
09:14:02 deny python_function detected a3f2b1...
09:14:09 blocked ssn_pattern → BLOCKED c7d91e...
09:14:15 allow No patterns matched 88fa3c...
09:14:22 deny sql_drop_attack detected 1bc04a...
09:14:30 blocked api_key_pattern → BLOCKED f29d77...
Chain integrity: VALID ✓ — 5 audits verified
Why VyriAI

Not a security filter. A compliance infrastructure.

Prompt Shield, Bedrock Guardrails, and Lakera scan prompts. They do nothing when your AI agent tries to run rm -rf /tmp, write to your production database, or POST customer PII to an external API. VyriAI controls what agents can do — before they do it.

Prompt scanners (Prompt Shield, Lakera, Guardrails)
  • Scan prompts only — blind to agent actions
  • No pre-execution blocking for tool calls
  • No human approval workflow
  • No per-agent observability or risk scoring
  • No control mapping to SOC2/GDPR/HIPAA
  • No one-click evidence export for auditors
  • Miss the entire agent action attack surface
VyriAI — AI Runtime Control Platform
  • Pre-execution agent action blocking (<10ms)
  • Human-in-the-loop approval workflow, built-in
  • Per-agent observability, risk scoring, trace history
  • MCP server security (pre-install + runtime hook)
  • SHA-256 hash chain audit trail (tamper-evident)
  • 45+-pattern content scanner (input + output)
  • Control Mapping: SOC2/GDPR/HIPAA evidence auto-tagged
  • One-click evidence export (ZIP/JSON/CSV)
  • Redis Sentinel HA — no single point of failure
  • Kafka 3-broker HA — audit events survive broker failure
  • Column-level AES-256 encryption (pgcrypto, SOC2 CC6.1)
  • LLM circuit breakers — auto-failover across providers
  • SOC2 compliance policy docs — audit-ready in 6 domains
  • 640/640 tests passing on live HA stack
Integrations

Works with your existing stack

VyriAI is an HTTP proxy — it integrates with any language, framework, LLM library, or IDE.

LLM Providers
🤖 OpenAI
🧠 Anthropic Claude
✨ Google Gemini
🔗 LangChain
🦙 LlamaIndex
IDEs (Works Today)
�️ Cursor
🔄 Continue.dev
� OpenAI-compatible
IDEs — Phase 1 (April 2026)
✅ VS Code Extension (.vsix packaged)
🔧 JetBrains Plugin (build fixed)
✅ Local Agent (5 platforms)
Identity & Auth
🔐 Auth0
🔒 Okta
☁️ Azure AD
🏢 Google Workspace
Infrastructure & Languages
🐳 Docker
☸️ Kubernetes
📊 Kafka 3-broker HA
🗄️ PostgreSQL + PgBouncer
⚡ Redis Sentinel HA
🔐 pgcrypto AES-256
🐍 Python
📦 Node.js
☕ Java
🦀 Go
💎 Ruby
IDE & Developer Integration

Governance where developers actually work

API proxy secures your production apps. Cursor and Continue.dev work today — 60-second setup. VS Code Extension is packaged (.vsix ready, 12KB). Local Agent binaries ship for 5 platforms. JetBrains plugin code complete, build fix applied.

🖱️
Cursor (Works TODAY)
✅ Available Now
Cursor supports custom base_url. Configure in Settings > Models > OpenAI API Key. Set Base URL to https://gateway.vyriai.com/v1. 60-second setup. See setup guide.
VS Code Extension
✅ Packaged — .vsix Ready
Agent lifecycle management, proxy injection, status bar, settings panel. Packaged as vyriai-vscode-1.0.0.vsix (12KB). Install directly or wait for VS Code Marketplace submission.
🧠
JetBrains Plugin
🔧 Build Fix Applied
IntelliJ IDEA, PyCharm, GoLand, WebStorm, Rider, DataGrip. JVM proxy settings, startup activity, tool window. Kotlin 1.9.25 / Gradle 8.7 build fixed. Marketplace submission pending binary build.
🔄
Continue.dev (Works TODAY)
✅ Available Now
Continue.dev supports custom base_url. Configure in your Continue config file. Point it to your VyriAI endpoint — every completion request is governed. No extension needed.
🔑
Local Agent (Go)
✅ 5 Platform Binaries Ready
MITM proxy with CA certificate generation, OS trust store, policy sync from cloud. Prebuilt binaries: linux-amd64, linux-arm64, darwin-amd64, darwin-arm64, windows-amd64. Install in 60 seconds.
🐙
GitHub Copilot (Phase 2)
Phase 2 — Network Layer
GitHub Copilot Business doesn't support custom API endpoints — but it does respect corporate proxies. The network integration path (corporate HTTP proxy, PAC file) intercepts Copilot traffic transparently.
⚙️
GitHub Actions / CI Scanner (Phase 2)
Phase 2 — Network Layer
Scan AI-generated code before it merges. A pipeline step calls the VyriAI scan API on PR diffs — blocks merges containing API keys, credentials, or PHI patterns. Integrates with GitHub Actions, GitLab CI, Jenkins.
Enterprise Network Integration

Govern AI traffic across your entire company

No software on developer machines required. One network-layer deployment covers every AI call — from every laptop, server, and CI runner on your network.

📋
PAC File / Transparent Proxy
Deploy a Proxy Auto-Config file via MDM (Jamf, Intune) to all company machines. All traffic to *.openai.com, *.anthropic.com, *.googleapis.com is automatically routed through VyriAI. No dev knows it's there.
🌐
DNS-Based Routing
Your internal DNS resolver returns VyriAI's proxy IP for AI provider domains. Works with Active Directory, BIND9, or corporate VPN split-tunnel DNS. Smaller teams can use a Pi-hole-style setup. Zero client config changes.
🛡️
Zscaler / Netskope Integration
Already running a CASB? VyriAI complements it. Zscaler or Netskope forwards AI traffic to VyriAI's scan API before forwarding. VyriAI provides the AI-specific policy engine (PII, source code, secrets) that generic CASB tools lack.
🌍
Browser Extension (Web AI Tools)
Chrome and Firefox extensions intercept fetch/XHR calls to ChatGPT, Claude.ai, and Gemini web interfaces — the ones your team uses directly in the browser. Deploy via Chrome Enterprise Policy or Firefox Enterprise. Phase 4 roadmap.
📱
MDM Deployment Guide
Full deployment runbooks for Jamf Pro (macOS), Microsoft Intune (Windows), and BYOD profiles. Covers: root CA cert trust, proxy policy, VPN split-tunnel, and compliance reporting integration. Ship in a weekend.
🏢
On-Premises / Air-Gapped
Full VyriAI stack deployed inside your network. Traffic never leaves your perimeter — not even metadata. Single Docker Compose for small teams; Kubernetes Helm chart for enterprise. BYOK encryption, audit logs stored on your infra.
Product Roadmap

From API proxy to enterprise compliance infrastructure

Transparent, dated, honest. We publish what's done, what's being built, and what's next.

Phase 1 & 2 — Done · April 2026
API-Layer DLP Proxy
Full governance pipeline in production-quality Go: 45+-pattern content scanner (PII, PHI, source code, secrets, SQL injection, prompt injection), Action Policy Engine (pre-execution agent control), SHA-256 hash chain audit trail, OIDC RS256 auth (Auth0/Okta/Azure AD), per-tenant rate limiting, hot-reload policy engine, memory CRUD with PostgreSQL RLS, one-click SOC2/GDPR/HIPAA evidence export. Benchmark: avg 12ms overhead, 407/407 tests passing.
Go 1.24 + Gin 45+ patterns OIDC RS256 Rate limiting Hash chain audit Evidence export Docker + k8s
Phase 2.5 — Done · April–May 2026
Agent Control Layer + MCP Trust Engine
Pre-execution control for autonomous AI agents. Policy engine blocks agent actions before they execute — not after. Declare rules in JSON: "no production DB access", "block high-sensitivity data to external APIs", "system files read-only", "all shell commands require approval". Human-in-the-loop approval workflow. Per-agent observability: risk scores, trace history, enforcement log. MCP Trust Engine: 8-check pre-install pipeline, TrustScore, runtime hook for MCP tool calls. 640/640 tests passing.
Pre-execution blocking Action Policy Engine Human approval workflow Agent observability MCP Trust Engine 640/640 tests passing <10ms eval latency
Tier 3 Hardening — Done · May 2026
HA Infrastructure + Enterprise Security
Production-grade high availability: Redis Sentinel 3-node HA (quorum 2, auto-failover), Kafka 3-broker cluster (replication factor 3, min ISR 2, ZooKeeper 3-node), PgBouncer connection pooling (1,000 max connections, P95 4.3s → 1.4s). Column-level AES-256 encryption via pgcrypto (SECURITY DEFINER SQL functions, SOC2 CC6.1). LLM circuit breakers (per-provider Closed→Open→HalfOpen, 11/11 tests). 6 SOC2 compliance policy documents. Total: 640/640 tests, 147 RPS burst, 34ms single-request, 1.4s P95.
Redis Sentinel HA Kafka 3-broker HA PgBouncer pgcrypto AES-256 LLM circuit breakers SOC2 policy docs 640/640 tests
Phase 3 — Q3 2026
First Revenue & Showcase
First paying customer. POC support for SaaS, fintech, and healthtech teams. Prometheus metrics endpoint. Distributed SLO tracking (multi-pod). SOC2 Type 1 audit firm engagement. CI/CD scanner step (GitHub Actions, GitLab CI). Cursor / Continue IDE integration guide published.
First customer Prometheus /metrics SOC2 audit start CI scanner Cursor integration
Phase 4 — Q3 2026
IDE Extensions
VS Code extension and JetBrains plugin. Local agent (Docker/native) runs an HTTPS MITM proxy using a trusted root CA cert. Real-time block notifications in the IDE. Audit dashboard side-panel. Connects to your cloud or on-prem AMCP instance for policy sync and audit storage. SOC2 Type 1 certification.
VS Code extension JetBrains plugin Local MITM agent SOC2 Type 1 cert SAML SSO
Phase 5 — Q4 2026
Enterprise Network Control
PAC file / transparent proxy via MDM (Jamf, Intune). DNS-based routing for zero-client-config coverage. Zscaler and Netskope API integration. Browser extension for ChatGPT, Claude.ai, and Gemini web. BYOK per-tenant encryption. Penetration test. HIPAA BAA. GitHub Copilot Business coverage via network route.
PAC file / MDM DNS routing Zscaler integration Browser extension BYOK HIPAA BAA Pen test
Phase 6 — 2027
AI Firewall for the Enterprise
Full Zscaler-for-AI positioning: every AI call on your network governed, logged, and auditable — regardless of tool, provider, or device. Air-gapped deployment option. Custom ML classifiers per customer. Real-time DLP alerts with PagerDuty/Opsgenie. SIEM integration (Splunk, Datadog, Elastic). SOC2 Type 2.
AI firewall Air-gapped Custom ML classifiers SIEM integration SOC2 Type 2
NEW — MCP Trust Engine (May 2026)

Block Malicious MCP Servers Before They Run

MCP servers have full host access — filesystem, shell, network, no sandbox. Tool descriptions are read by LLMs as instructions. VyriAI applies the same governance controls to MCP servers as to your AI agents.

🔒
Pre-install Pipeline
8 security checks: publisher verification, static source scan, dependency analysis, tool poisoning detection, transport validation, fingerprinting, and composite TrustScore. Hard blocks on critical findings.
"trust_score": 8.2
"decision": "allow"
"reasons": ["publisher verified", "no critical vulnerabilities"]
Runtime Hook
Every MCP tools/call flows through the same ActionPolicyEngine as your AI agents. Same policies, same audit trail, same approval workflow.
"agent_type": "mcp"
"tool": "read_file"
"decision": "deny"
"policy": "mcp-block-system-secrets"
🛡️
Docker Sandbox
Hardened containers with --read-only, --cap-drop=ALL, --security-opt=no-new-privileges, network allowlist, and resource limits.
Try MCP Server Security Live

Same protection as your AI agents, now extended to MCP servers. No signup required.

Live Governance Engine — No Auth Required

See VyriAI Block Attacks in Real Time

Every button fires a real payload at the governance engine — no mocking, no pre-recorded responses. Two evaluation layers, 49 detection patterns, no signup.

49 detection patterns
|
2 evaluation layers
|
~12ms avg latency
|
~147 RPS governance-only (HA)
Choose an attack above — the governance engine evaluates it in milliseconds

Same engine running in your Docker Compose stack. POST /demo/attack — open endpoint, no credentials.

Your AI agents are running without guardrails right now.

Book a 30-minute demo. We'll show a live agent getting blocked by a policy, walk through the approval workflow, and produce a compliance export — in under 5 minutes.

Book a 30-min demo → Start self-hosted trial

Docker Compose up in 5 minutes. Works with OpenAI, Anthropic, and Gemini out of the box.