Block risky agent actions before they run.
Connect one workstation and get policy verdicts for commands, file reads, package installs, and MCP calls.
Free for one workstation. No credit card. Create a workspace, paste /agentkeeper:connect, see the first verdict.
Credential exfiltration pattern stopped before the shell executed.
The shift
The risk moved from chat to action.
Commands before they run
Shell, file, git, package manager, and network actions are evaluated before execution.
MCP and SaaS tool calls
Cowork and MCP Gateway events carry server, tool, arguments, user, and verdict in one timeline.
Prompt and session evidence
Prompts, tool inputs, outputs, models, costs, and repositories stay attached to the same investigation.
Secrets and sensitive paths
Credential exfiltration, production env files, PHI, PII, and risky destinations are detected in context.
Control loop
Discover, decide, enforce, investigate.
Discover
See every connected agent, workstation, MCP server, repo, and high-risk tool.
Decide
Apply org policy, group overrides, warn-only rules, blocked tools, and sensitive path controls.
Enforce
Block dangerous actions before they execute, or collect audit-only evidence while teams adopt.
Investigate
Replay a session from prompt to command to output with model, token, cost, and user attribution.
Built for PLG rollout
Start with one developer. Keep the evidence when the whole team follows.
Install hooks locally, roll them out with MDM, or put MCP Gateway in front of productivity agents. Agent Keeper keeps the same policy model across each path.
Local hooks
Claude Code, Cursor, Windsurf, and Copilot events appear in minutes.
Fleet rollout
JAMF, Kandji, and GitHub repo hooks keep workstations attached to org policy.
Enterprise controls
RBAC, policy audit logs, identity groups, SSO-ready data model, and webhook alerts.
Pricing
Free to try. Serious enough for the security review.
Free
For one developer validating local agent controls.
- 1 workstation with Agent Keeper hooks
- Local Runtime Shield
- 1 repository, 1 API key
- Latest 25 activity events visible
- 7-day investigation history
Pro
For developers securing several agents and repos.
- 3 workstations, 3 repositories
- 3 API keys
- Unlimited activity event visibility
- 90-day investigation history
- MCP Gateway and Claude Cowork coverage
- AI insights and email alerts
- Usage and cost telemetry
Team
For teams that need shared ownership and policy control.
- Everything in Pro
- Unlimited workstations and repositories
- RBAC and team invitations
- Org and group policy controls
- MCP access policies
- Webhook alerts and audit logs
- Unlimited investigation history
Enterprise
For org-wide rollout, procurement, and compliance.
- Everything in Team
- SSO / SAML integration
- Custom retention and data controls
- OTLP forwarding
- Dedicated support and SLA
- NET-30 invoicing
- Custom security review support
Questions
Practical answers for teams moving fast.
What makes Agent Keeper different from prompt scanning?+
It watches runtime actions. Prompts matter, but the security decision happens where an agent reads files, runs commands, calls MCP tools, drafts emails, or touches repos.
Can teams start in audit mode?+
Yes. Run audit-only while you map agent behavior, then turn on enforcement by policy area, group, or integration.
Which agents are first-class?+
Claude Code, Codex, Gemini CLI, Cursor, Windsurf, GitHub Copilot, Claude Cowork, and MCP Gateway are the focus of this release.
Does this replace EDR?+
No. EDR sees endpoint behavior. Agent Keeper adds the missing agent context: prompt, tool, arguments, policy, verdict, repository, user, and session.
Put a policy checkpoint in front of agent action.
Install locally, connect a team, and see what your agents are already doing.