In-process security for agentic AI

See everything your AI agents do. Stop what they shouldn't.

Nyx is an in-process firewall and SIEM for AI agents. It watches every model call, tool use, and side effect from inside the agent — so you can enforce policy, detect threats, and never break the agent.

Zero code changeFail-open by designMetadata, not contentSelf-host / BYOC
agent container
# drop Nyx into any Python agent — no code change
$ pip install nyx-monitor

# turn it on with env vars
NYX_ENABLED=1 NYX_ENDPOINT=https://nyx/api/ingest python agent.py
✓ nyx installed  boundaries=[model_client, tool_dispatch, mcp, effect]

The problem

Agents are a new attack surface

An AI agent reasons, calls tools, reaches the network, and runs code — an autonomous loop your existing security stack can't see inside. One poisoned input can turn a helpful agent into an exfiltration tool.

Prompt injection → exfil

Untrusted content the agent fetches carries instructions it then acts on — reaching out to send your data somewhere it shouldn't.

Confused deputy

The agent wields real credentials and tools on behalf of an attacker who never had them.

Shadow credentials

Keys used at runtime that no inventory or scan ever saw — invisible to static posture.

Unbounded effects

Outbound HTTP, subprocesses, MCP tools — real-world side effects fired from a model's decision.

How it works

A monitor inside the agent

Nyx installs in-process — injected at interpreter startup with zero code change (a pip install and an env var). It wraps the four boundaries where an agent meets the world, captures intent and ground truth, and ships metadata to your control plane.

01 · model_client

Intent

The system prompt, messages, tools offered, and the tool_calls the model chose — across OpenAI, Anthropic, Bedrock & Vertex.

02 · tool_dispatch

Action

Which agent ran which tool, with what input — LangChain, LlamaIndex, CrewAI & AutoGen.

03 · mcp

Protocol

Model Context Protocol calls, both client and server side — tool, arguments, transport, result.

04 · effect

Ground truth

The real side effects — outbound HTTP, subprocesses, egress — nested under the decision that caused them.

Capabilities

Observe, govern, and defend every agent action

From a passive tap to an enforcing firewall to a full agentic SIEM — one monitor, promoted at your pace.

🛡

Agentic firewall

Start in shadow, promote per rule to enforce. Block, redact, or hold an action before the effect happens — fail-open, never breaking the agent.

blockredactholdper-rule

Agentic SIEM

Data-driven correlation rules join multi-event patterns — untrusted ingress then exfil on a critical agent — into durable, deduplicated alerts. Nyx is the system of record.

correlationalertsATLAS/OWASP

Behavioral intelligence

Per-agent baselines flag novel behavior. Taint tracking traces untrusted input to sensitive sinks. Entity analytics risk-score every agent.

baselinestaintAEBA

Smart policy

Nyx proposes allowlists from observed behavior — and withholds anything it already flagged — so you promote a vetted policy in one click instead of writing rules blind.

allowlistsobserve→enforce

Broad coverage

Model providers, agent frameworks, and MCP — instrumented out of the box. New SDK? The adapter pattern extends in a day.

OpenAIAnthropicBedrockVertexMCP

Own your data

Run the control plane in your own cloud — multi-tenant SaaS, single-tenant, or fully self-hosted in your VPC. Your telemetry never leaves your boundary.

self-hostBYOCmulti-tenant

Security & trust

A security tool that does no harm

Nyx is built on one principle: a monitor must never break, slow, or expose the system it protects.

Do no harm

Fail-open by design. If Nyx errors, the agent runs exactly as it would have. ~20µs of overhead per call.

Metadata, not content

Payloads are hashed at the source by default. Full-content capture is per-agent opt-in — never the default.

Secrets fingerprinted

Credentials are detected and fingerprinted for reconciliation — the secret itself is never recorded.

Your infrastructure

Deploy in your own AWS with row-level tenant isolation. BYOC and air-gapped self-hosting supported.

Get started

Instrument your first agent in minutes

One pip install, one env var. Watch every action light up — then promote from shadow to enforce when you're ready.

quickstart
$ pip install nyx-monitor
NYX_ENABLED=1 python your_agent.py