AgentProtect

Policy enforcement, audit evidence, and human approval for governed AI agents.

AgentProtect is the governance, audit, and control engine for agentic runtimes. Every consequential action is gated before execution: allow, block, or ask. Built-in deterministic rules run in under 1ms. Human approval lands in Slack, Teams, or ServiceNow. Every decision hash-chained with integrity verification. Works anywhere. No cloud dependency.

Book a demo → More info

Agent activity

AgentProtect Decision

...

Book a demo →

See it in action

Governance before the action, evidence after it.

An agent decides to take a consequential action. AgentProtect evaluates it against your policies, routes approval if required, and captures the evidence. The agent cannot skip, modify, or argue with the checkpoint.

Why AgentProtect

Everyone coordinates agents. Only AgentProtect governs them.

Agent platforms tell you what happened. Security monitors block the worst of it. AgentProtect is the only one that gates every consequential action: allow, block, or ask. Built-in deterministic rules, human approval in Slack, knowledge injection from conversation context, hash-chained audit trail with integrity verification. Works anywhere. No cloud dependency.

Security monitors

Agent platforms

AgentProtect

Agentic workflows

✗

✓

Observability and dashboards

✓

Block dangerous actions

✓

✗

✓

Allow, block, or ask before execution

◆

✗

✓

Built-in deterministic rules

✗

✓

Human approval in Slack, Teams, ServiceNow

✗

✓

Knowledge injection from conversation context

✗

✓

Intent and goal alignment

✗

✓

Session-scoped approval grants

✗

✓

Audit trail with integrity verification

◆

✗

✓

Works on-prem, VPC, air-gap

◆

✗

✓

✓ Has it ✗ Does not ◆ Partial

What it does

One product. Three core capabilities.

AgentProtect sits on the HookBus event layer and gates every consequential action before execution. All features are included under one commercial licence. No module pick-and-mix.

Policy enforcement

Two-layer gate: deterministic + semantic

L1 rules run in under 1ms, no LLM, no API call. L2 uses your approved model for probabilistic intent reasoning when L1 needs escalation. Returns allow, block, or ask on every tool call. The AI cannot bypass it.

Audit & evidence

Hash-chained, tamper-evident, exportable

Every lifecycle event, policy decision, and approval is SHA-256 chained into a tamper-evident log. CSV export per date range. Built to satisfy SOC 2 Type II, ISO/IEC 42001, and EU AI Act record-keeping obligations.

Approval workflows

Human-in-the-loop, one click

Route approval requests to Slack, Teams, or ServiceNow. Reviewer gets a link, approves or denies. Escalation, delegation, and two-person verification available for high-risk lanes. Every decision recorded.

Regulatory coverage

Every article AgentProtect covers.

GPAI obligations (Articles 51-55) in force since August 2025. Transparency rules (Article 50) enforce 2 August 2026. High-risk obligations (Annex III) enforce 2 December 2027 (Digital Omnibus provisional agreement; planning baseline, pending formal adoption). AgentProtect generates evidence for every article listed below.

Regulation

Obligation

Coverage

EU AI Act Art 12

Automatic record-keeping over system lifetime

Supports Audit trail

Art 14(1)-(3)

Human oversight design

Supports Policy + approval

Art 14(4)(d)

Decide not to use, disregard, override AI output

Supports Ask + override before execute

Art 14(4)(e)

Intervene or interrupt

Supports Policy enforce + interrupt

Art 14(5)

Biometric ID two-person verification

Supports Two-person verification

Art 19

Provider keeps logs ≥ 6 months

Supports Audit trail + retention

Art 20(2)

Duty to inform authorities of corrective action

Supports Incident notifications

Art 26(5)

Deployer monitors operation, suspends if risk

Supports Policy enforce + dashboard

Art 26(6)

Deployer keeps logs ≥ 6 months

Supports Audit trail

Art 50

Transparency obligations

Supports Labelling integration

Art 72

Provider operates post-market monitoring

Supports Monitoring integration

Art 73

Serious incident reporting (15 days, 2 days fatal)

Supports Incident notifications

Art 79

Procedure for AI presenting a risk

Supports Incident notifications

DORA Art 19

ICT incident reporting (financial services, 4h)

Supports Incident notifications

NIS2 Art 23

Significant incident notification (24-hour)

Supports Incident notifications

Works with your agents

Govern your existing agents. No rip-and-replace.

AgentProtect integrates with the agent runtimes you already use through publisher shims. Claude Code, Cursor, Amp, GitHub Copilot, Hermes, OpenClaw, Codex, Anthropic Agent SDK, OpenAI Agents SDK - if it exposes hooks, AgentProtect can govern it. HookBus Agent is the fallback only for agents that cannot be shimmed.

Keep your stack

Your existing agents keep running. AgentProtect attaches governance at the hook layer, not by replacing your runtime.

Publisher shims

Pre-built integrations for Claude Code, Amp, Hermes, OpenClaw, Codex, Anthropic Agent SDK, and OpenAI Agents SDK. Open source, inspectable, expandable.

HookBus Agent when needed

For agents that cannot expose hooks, HookBus Agent provides a governed runtime that surfaces the full lifecycle from day one.

Who buys this

Built for the people responsible for agents in production.

Every buyer role has a different problem. AgentProtect gives them one runtime evidence layer instead of five disconnected control projects.

CISO

Know every consequential action every agent takes, and stop actions before they execute when policy requires it.

DPO

Keep regulated data inside the approved boundary and prove what context was used in each decision.

Head of AI Governance

Write policy once and apply it across models, agents, coding assistants, and internal tools.

Internal Audit

Export decision trails, approvals, overrides, and evidence packs on demand.

Compliance

Translate regulatory obligations into runtime controls that generate evidence automatically.

Engineering

Keep teams moving with governed execution instead of waiting for every use case to become a bespoke approval project.

How to start

Built on HookBus, our Apache 2.0 event bus. AgentProtect is the commercial governance layer.

HookBus is ours. Apache 2.0, open source, inspectable, self-hosted - no vendor lock-in, no cloud dependency. AgentProtect is the commercial governance layer that sits above it: policy engine, audit chain, approval routing, enterprise dashboard. One licence, one SLA, one escalation path. Everything under one roof, built by Agentic Thinking.

Validation Sprint — £5,000 fixed, 3 days

Before a full pilot, prove governed execution in our environment with synthetic data. We deploy AgentProtect against your policy rules, demonstrate allow, block, and ask flows, and deliver evidence playback, audit trail export, and a compliance readout. Credited in full against a paid pilot signed within 30 days. No client data. No production access. Full sprint details →

More info →