The only AI agent security platform that catches threats, contains them in milliseconds, and proves compliance — all without a professional services engagement.
Not a SIEM bolt-on. Not an LLM wrapper. Purpose-built for AI agents running in production.
14-day full-access trial · No credit card required · Cancel any time
Watch a real Overwatch deployment — SDK install, first agent detection, policy activation, kill chain caught, compliance report generated.
Overwatch is the fleet command layer — it sits on top of scandar-scan and scandar-guard to give you visibility, response, and compliance across your entire agent estate.
EU AI Act enforcement begins in months, not years. Overwatch auto-scores your entire agent fleet against EU AI Act articles, SOC 2, ISO 42001, NIST AI RMF, and GDPR — with evidence chains, gap analysis, and compliance report with PDF export for auditors. Most teams are production-ready in under 48 hours.
Generic security tools weren't designed for agents. Overwatch was.
SIEMs were built for logs, not for multi-turn agent conversations, tool call chains, and injection payloads encoded in 14 different formats.
Routing every message through a secondary LLM adds latency, cost, and a new attack surface. Overwatch uses deterministic detection — fast, cheap, and auditable.
Kill chain graphs, blast radius simulation, agent identity fingerprinting, canary tokens, and fleet-wide quarantine. None of this exists anywhere else.
One-line wrapper around your LLM client. Python, TypeScript, or Go. No infrastructure changes.
Every agent appears automatically with tools, threat scores, and session history. Interactive graph with blast radius simulation.
Smart recommendations based on your agents' actual tool access. One-click activation. Simulate before deploying.
Slack, PagerDuty, email, Teams, or custom webhook. Test alert in one click. Your oncall gets notified on the first real threat.
Auto-score against EU AI Act, SOC 2, ISO 42001, NIST AI RMF, GDPR. US and EU coverage in one report. Evidence chains tied to real runtime data. Export for auditors.
Copy a summary for your CISO. Every agent monitored. Every threat contained in <15ms. Every compliance framework scored.
When Guard detects a critical threat, the response is automatic. The session freezes. The agent is quarantined fleet-wide. A forensic snapshot is captured. Your team is alerted. All before the attacker's next tool call executes.
Not probabilistic alerts. Not "might be suspicious." Canary tokens, honeypot tools, and taint tracking provide mathematically certain proof that an agent is compromised.
Zero-width unicode tokens injected into system prompts and tool results. Invisible to the model. Invisible to the attacker. If a canary appears in any outbound tool call — irrefutable proof of exfiltration.
Fake tools that should never be called. admin_override, extract_credentials. If triggered — definitive proof of compromise. Fuzzy matching catches typo evasion.
Fingerprints sensitive data from source tools. Detects it in outbound sinks. The URL isn't suspicious. The email isn't suspicious. But the data flowing through them is stolen.
Every message, tool call, and response passes through all 11 layers. Findings compound into a composite threat score from 0–100.
Every mechanism is deterministic, auditable, and designed around a specific adversarial model. Here's how the non-obvious parts work.
A 6-byte random ID is encoded as invisible characters injected per-call: U+200B (0-bit), U+200C (1-bit), U+200D (separator), with U+2060 start and U+FEFF end markers. The token rotates with every API call — so a canary hit tells you exactly which call was exfiltrated, not just that something leaked. Three detection paths: invisible decode, visible token match, hex fragment match.
A single session may look benign. Twenty sessions tell a different story. Guard tracks each agent across up to 20 sessions, detecting three slow-burn patterns: monotonically escalating threat scores (≥70% increase across the last 5 sessions), the same encoded payload appearing in 2+ sessions (attacker retrying the same evasion), and gradual tool accumulation designed to stay below single-session anomaly thresholds.
Decodes before pattern matching. Methods: Base64, Base32, Hex, ROT13, all 25 Caesar shifts, URL, HTML entities, leetspeak, zero-width stripping, RTL mark stripping, NFKD normalization, homoglyph normalization (Cyrillic/Greek→Latin), and reverse text. Recursive up to depth 3 catches triple-encoded payloads. Caesar brute-force only keeps variants that match an injection pattern — no false positives from 24 junk shifts.
Trap tools with innocent-sounding descriptions. A legitimate agent should never call admin_override. Fuzzy matching normalizes separators then applies Levenshtein distance ≤2, catching variants like admin_0verride and admin-override. Exact match: confidence 1.0. Fuzzy match: confidence 0.95. Zero false positives by design.
13 signals covering authority claims, role reassignment, constraint removal, false context, and secrecy requests. Compound bonuses: authority claim + constraint removal = +0.2 (classic social engineering). Catches paraphrased and synonym-based injections that bypass regex entirely. Zero latency overhead, fully auditable — every signal that fired is listed in the finding detail.
Live agent inventory with trust scores, tool access, session history, and behavioral baselines. Kill chain graph with blast radius simulation. Agent identity fingerprinting detects replacement mid-session.
EU AI Act, SOC 2 Type II, ISO 42001, NIST AI RMF, GDPR — US, EU, and global frameworks assessed with evidence chains tied to actual runtime metrics (not checkboxes), gap analysis, and P1/P2/P3 remediation actions with effort estimates. Compliance report with PDF export ready for auditors.
Full lifecycle: quarantine record (who, when, why, trigger finding), blast radius cascade, required unquarantine reason, threat score advisory, complete audit trail. Manual or automatic.
API-driven with 3x retry + verification. Cascade quarantines agents sharing 2+ dangerous tools. Unquarantine requires documented resolution.
9 policy templates. Real-time evaluation at session end. Simulate before saving. Slack, PagerDuty, and webhook alerts on violation. Block deployments or alert — your choice.
Deploy fleet-wide AI agent security in 25 minutes. No demos. No POCs. 11 detection layers, automated incident response, and compliance reports — all self-serve, starting at $349/month.
14-day free trial · No credit card required
Works with your stack on day one — TypeScript · Python · Go