Your AI agents trigger payments, access databases, and execute workflows, all with system-level permissions. No identity. No scope. No one deciding what they're allowed to do.
Xybern is the authorisation layer that decides.
Okta controls what your employees can access. Xybern controls what your AI agents can do.
Any model. Any agent. Any framework. Authorised before execution.
Backed by Leading Programs
NVIDIA Inception
NVIDIA Inception
Our Partners
Your AI agents operate today without identity, without permissions, without any authorisation layer deciding what they're allowed to do. They initiate transfers, query databases, and export records, all running with the same permissions as the system that hosts them.
Employees need credentials to access systems.
Your AI agents should too.
The authorisation pipeline
Every AI agent action passes through all 5 authorisation stages. Identity is verified. Permissions are checked against policy. The decision is recorded cryptographically. Framework-agnostic. Model-agnostic.
Not authorised? Doesn't run.
The control plane
Not an observability dashboard. The authorisation control plane. Every entry is a decision, which agent requested what action, which policy governed it, whether it was authorised or denied, and the cryptographic proof behind every verdict.
Every authorisation decision, which agent, which action, which policy, authorised or denied, is anchored in a SHA-256 cryptographic hash chain with HMAC-SHA256 signatures. The Vault is the immutable audit trail of every decision Xybern made, with Merkle proof verification and exportable evidence.
When a regulator asks who authorised an AI action, and under the EU AI Act, the SEC's evolving guidance, and enterprise audit requirements they will, the Provenance Vault is your answer. Every authorisation decision. Cryptographically provable. Tamper-evident.
Developer experience
Authorisation policies are code, versioned in git, tested in CI, deployed through the control plane. Define what each agent can do, set limits, and Xybern enforces them deterministically at runtime.
agent:
name: finance-agent-v1
identity: required
permissions:
allow:
- payments.read
- payments.execute
deny:
- admin.*
- db.export
limits:
max_transfer: 50000
require_human_above: 100000
on_deny:
action: escalate
to: compliance-teamimport requests
# Grant 30-minute access for a specific workflow
window = requests.post(
f"{BASE}/enforce/temporal-windows",
headers=HEADERS,
json={
"agent_id": "agent_finance_01",
"scopes": ["payments.read", "db:read"],
"duration_minutes": 30,
"reason": "Processing order #4821",
"workflow_id": "wf_order_4821",
"max_uses": 10
}
)
# → window auto-expires in 30 minutes
# → every use logged in Provenance Vault
# → revoke instantly if neededJust-In-Time access
Grant time-bounded permissions to AI agents that auto-revoke when the window closes. Like AWS STS temporary credentials, but for AI agent authorization. No standing access. No forgotten permissions. No exposure.
Emergency Override
When a blocked action must proceed, operators trigger a breakglass override — a time-limited bypass with mandatory justification, immutable vault recording, and post-incident review. Like PagerDuty meets compliance, built for AI agents.
import requests
# Agent is blocked — trigger emergency override
override = requests.post(
f"{BASE}/enforce/breakglass",
headers=HEADERS,
json={
"agent_id": "agent_deploy_01",
"action_type": "deploy:production",
"justification": "Critical hotfix for payment outage",
"triggered_by": "oncall_engineer_42",
"severity": "critical",
"duration_minutes": 15
}
)
# → override active for 15 minutes
# → every action logged in Provenance Vault
# → auto-expires, requires post-incident reviewfrom xybern import Xybern, PolicyPack, Policy
client = Xybern(api_key="xb_your_key")
# Define policies in code — version-controlled, auditable
pack = PolicyPack("finance-controls", version="2.0.0")
pack.add(Policy("Block Large Trades")
.on("execute_trade")
.when_threshold(trust_below=50)
.block("Low-trust agents cannot trade"))
pack.add(Policy("No Deploys on Weekends")
.on("deploy:*")
.when_time(blocked_days=[6, 7])
.escalate())
result = client.policies.deploy(pack)
# → {created: 2, updated: 0, deleted: 0}Policy-as-Code SDK
Stop clicking through dashboards. Define authorization policies as Python code, version them in Git, and deploy atomically via the SDK. Redeploy a pack and Xybern diffs, updates, and removes policies automatically — with full Provenance Vault tracking.
Federated Agent Identity
When your AI agent needs to call a partner's API — or their agent needs data from yours — Xybern's federation layer handles the trust. Propose a link, set guardrails, issue short-lived tokens. Every cross-org action is policy-controlled and Vault-audited.
from xybern import Xybern
client = Xybern(api_key="xb_your_key")
# Propose a federation link to a partner
link = client.federation.propose(
target_workspace_id="partner_ws_id",
source_org_name="Acme Corp",
target_org_name="Partner Inc",
allowed_action_types=["data:read"],
max_trust_level=40,
)
# Issue a short-lived cross-org token
token = client.federation.issue_token(
link_id=link["link_id"],
agent_id="research-agent-01",
ttl_seconds=300,
)
# → 5-min token, max 10 uses, trust capped at 40Same authorisation pipeline. Same agent identity. Different integration pattern.
Xybern integrates directly into your AI product stack. It sits between your agents and the actions they attempt to perform.
Xybern becomes the authorisation and identity layer within your AI platform.
Xybern deploys as the authorisation layer above all your AI systems. It does not replace models. It controls what they're allowed to do.
Deploys above your existing AI stack. Nothing ripped out. No model replacements. One endpoint. Every agent authorised.
No AI agent operates without authorisation.
Same authorisation pipeline. Policy rules pre-configured for your regulatory context.
Trading decisions, wire transfers, client communications. Every agent action authorised against regulatory policy before execution.
Document execution, contract actions, client data. Every agent authorised against privilege boundaries and supervision rules.
Threat assessments, access decisions, incident response. Every autonomous security action authorised against defined boundaries.
Intelligence processing, classification, operational decisions. Every agent action authorised against clearance scope before execution.
Patient records, clinical workflows, diagnostic data. Every agent action authorised against patient data boundaries before execution.
Claims processing, underwriting decisions, policy actions. Every agent decision authorised against conduct rules before execution.
your AI agents?
We work directly with your team to deploy Xybern into one agent workflow in under a week. No lengthy procurement. No infrastructure rebuild. One endpoint. Every agent authorised.
Try the Xybern authorisation pipeline, see agent identity, policy evaluation, and decision audit.
We sent a 6-digit code to
You've already used your one-time demo for this email. To get full access to the Xybern authorisation API, request an Enterprise Pilot.
Request Enterprise Pilot