Nyx is an in-process firewall and SIEM for AI agents. It watches every model call, tool use, and side effect from inside the agent — so you can enforce policy, detect threats, and never break the agent.
# drop Nyx into any Python agent — no code change $ pip install nyx-monitor # turn it on with env vars NYX_ENABLED=1 NYX_ENDPOINT=https://nyx/api/ingest python agent.py ✓ nyx installed boundaries=[model_client, tool_dispatch, mcp, effect]
The problem
An AI agent reasons, calls tools, reaches the network, and runs code — an autonomous loop your existing security stack can't see inside. One poisoned input can turn a helpful agent into an exfiltration tool.
Untrusted content the agent fetches carries instructions it then acts on — reaching out to send your data somewhere it shouldn't.
The agent wields real credentials and tools on behalf of an attacker who never had them.
Keys used at runtime that no inventory or scan ever saw — invisible to static posture.
Outbound HTTP, subprocesses, MCP tools — real-world side effects fired from a model's decision.
How it works
Nyx installs in-process — injected at interpreter startup with zero code change (a pip install and an env var). It wraps the four boundaries where an agent meets the world, captures intent and ground truth, and ships metadata to your control plane.
The system prompt, messages, tools offered, and the tool_calls the model chose — across OpenAI, Anthropic, Bedrock & Vertex.
Which agent ran which tool, with what input — LangChain, LlamaIndex, CrewAI & AutoGen.
Model Context Protocol calls, both client and server side — tool, arguments, transport, result.
The real side effects — outbound HTTP, subprocesses, egress — nested under the decision that caused them.
Capabilities
From a passive tap to an enforcing firewall to a full agentic SIEM — one monitor, promoted at your pace.
Start in shadow, promote per rule to enforce. Block, redact, or hold an action before the effect happens — fail-open, never breaking the agent.
Data-driven correlation rules join multi-event patterns — untrusted ingress then exfil on a critical agent — into durable, deduplicated alerts. Nyx is the system of record.
Per-agent baselines flag novel behavior. Taint tracking traces untrusted input to sensitive sinks. Entity analytics risk-score every agent.
Nyx proposes allowlists from observed behavior — and withholds anything it already flagged — so you promote a vetted policy in one click instead of writing rules blind.
Model providers, agent frameworks, and MCP — instrumented out of the box. New SDK? The adapter pattern extends in a day.
Run the control plane in your own cloud — multi-tenant SaaS, single-tenant, or fully self-hosted in your VPC. Your telemetry never leaves your boundary.
Security & trust
Nyx is built on one principle: a monitor must never break, slow, or expose the system it protects.
Fail-open by design. If Nyx errors, the agent runs exactly as it would have. ~20µs of overhead per call.
Payloads are hashed at the source by default. Full-content capture is per-agent opt-in — never the default.
Credentials are detected and fingerprinted for reconciliation — the secret itself is never recorded.
Deploy in your own AWS with row-level tenant isolation. BYOC and air-gapped self-hosting supported.
Get started
One pip install, one env var. Watch every action light up — then promote from shadow to enforce when you're ready.
$ pip install nyx-monitor NYX_ENABLED=1 python your_agent.py