Xybern

Authorisation for AI agents. Every action. Authorised or denied.

Your AI agents trigger payments, access databases, and execute workflows, all with system-level permissions. No identity. No scope. No one deciding what they're allowed to do.

Xybern is the authorisation layer that decides.

Okta controls what your employees can access. Xybern controls what your AI agents can do.

Any model. Any agent. Any framework. Authorised before execution.

Request a pilot See how it works
Unauthorised Agent Actions
0 Reached Production

Backed by Leading Programs

NVIDIA NVIDIA Inception
AWS for Startups
NVIDIA NVIDIA Inception
AWS for Startups

Our Partners

NVIDIA
Member of NVIDIA Inception
Part of AWS for Startups

Not monitoring. Not guardrails. Authorisation.

Your AI agents operate today without identity, without permissions, without any authorisation layer deciding what they're allowed to do. They initiate transfers, query databases, and export records, all running with the same permissions as the system that hosts them.

Without Xybern
  • Agent triggers wire transfer runs with system permissions no one checked if it was authorised
  • Agent queries production database exports 50,000 records no permission boundary defined
  • Regulator asks who authorised an AI action no identity, no policy, no record exposure
  • Agent A delegates to Agent B Agent B inherits full system access no scope control
With Xybern
  • Agent triggers action identity verified, permissions checked authorised or denied
  • Agent queries database scoped to its permission boundary read allowed, bulk export denied
  • Every authorisation decision recorded with agent identity, policy, and cryptographic proof audit-ready
  • Agent A delegates to Agent B only delegated permissions transfer scoped authority chain

Employees need credentials to access systems.
Your AI agents should too.

The authorisation pipeline

5 stages. Every agent action. No bypass.

Every AI agent action passes through all 5 authorisation stages. Identity is verified. Permissions are checked against policy. The decision is recorded cryptographically. Framework-agnostic. Model-agnostic.

Not authorised? Doesn't run.

Authorisation pipeline · every agent action · no exceptions
Your AI systems
LLMs
AI Agents
Copilots
Workflows
every action
Xybern · Agent Authorisation Pipeline
01
Intercept
Agent action captured before execution
Required
02
Identify
Agent identity cryptographically verified
Required
03
Authorise
Permissions checked against policy engine
Required
04
Decide
Allow or deny, deterministic, no ambiguity
Required
05
Record
Decision anchored in cryptographic audit trail
Required
All 5 stages · every agent · no bypass
if authorised
Authorised actions
Fund Transfers
Transactions
DB Updates
Workflows
Unauthorised actions → Denied · Logged · Immutable record created

The control plane

Every authorisation decision. Every agent. On record.

Not an observability dashboard. The authorisation control plane. Every entry is a decision, which agent requested what action, which policy governed it, whether it was authorised or denied, and the cryptographic proof behind every verdict.

  • Real-time authorisation feed
  • Agent identity & policy outcomes
  • Cryptographic audit exports
Xybern authorisation control plane
Core Technology

The Provenance Vault

Every authorisation decision, which agent, which action, which policy, authorised or denied, is anchored in a SHA-256 cryptographic hash chain with HMAC-SHA256 signatures. The Vault is the immutable audit trail of every decision Xybern made, with Merkle proof verification and exportable evidence.

When a regulator asks who authorised an AI action, and under the EU AI Act, the SEC's evolving guidance, and enterprise audit requirements they will, the Provenance Vault is your answer. Every authorisation decision. Cryptographically provable. Tamper-evident.

SHA-256 Hash Chains HMAC Signatures Merkle Proofs
View the Ledger
Immutable Evidence
Agent authorisation provenance vault
Immutable · tamper-evident
Authorisation ID
Action · Agent
Scope
Decision
az_a7f3c2e1
Database query, customer records
crm-agent-v2 · db:read scope
read
Authorised
az_b2e14a9f
Bulk data export, 50K records
crm-agent-v2 · exceeds boundary
export
Denied
az_c9d4f18b
Outbound email, client notification
comms-agent-v1 · comms:send scope
send
Authorised
az_e4f93d7a
Wire transfer, $250,000
finance-agent-v1 · exceeds $50K limit
transfer
Denied
a7f3c2e1...
b2e14a9f...
c9d4f18b...
e4f93d7a...
···
SHA-256 · HMAC · Merkle

Developer experience

Define agent permissions in code. Deploy through Xybern.

Authorisation policies are code, versioned in git, tested in CI, deployed through the control plane. Define what each agent can do, set limits, and Xybern enforces them deterministically at runtime.

  • Version-controlled policies, audit who changed what and when
  • Test policies before deployment, shadow mode evaluates without enforcing
  • Pre-built templates for EU AI Act, FCA, SEC, HIPAA, SOC 2
policy.yaml 
agent:
  name: finance-agent-v1
  identity: required

permissions:
  allow:
    - payments.read
    - payments.execute
  deny:
    - admin.*
    - db.export

limits:
  max_transfer: 50000
  require_human_above: 100000

on_deny:
  action: escalate
  to: compliance-team

Two ways to deploy. One authorisation standard.

Same authorisation pipeline. Same agent identity. Different integration pattern.

Embedded

For Platform Providers

Xybern integrates directly into your AI product stack. It sits between your agents and the actions they attempt to perform.

  • Every agent gets a cryptographic identity
  • Every action checked against permission boundaries
  • Authorisation decisions are deterministic
  • Policy engine evaluates scope in real time
  • Every decision anchored in immutable audit trail

Xybern becomes the authorisation and identity layer within your AI platform.

Centralised

For Enterprises

Xybern deploys as the authorisation layer above all your AI systems. It does not replace models. It controls what they're allowed to do.

Deploys above your existing AI stack. Nothing ripped out. No model replacements. One endpoint. Every agent authorised.

Authorises
  • Internal LLMs
  • Employee AI copilots
  • Multi-agent workflows
  • Customer-facing AI
Controls
  • Agent permission boundaries
  • Action scope & limits
  • Regulatory policy rules
  • Delegation chains

No AI agent operates without authorisation.

Built for regulated environments.

Same authorisation pipeline. Policy rules pre-configured for your regulatory context.

Financial Services

Trading decisions, wire transfers, client communications. Every agent action authorised against regulatory policy before execution.

Legal Services

Document execution, contract actions, client data. Every agent authorised against privilege boundaries and supervision rules.

Cybersecurity

Threat assessments, access decisions, incident response. Every autonomous security action authorised against defined boundaries.

Defence

Intelligence processing, classification, operational decisions. Every agent action authorised against clearance scope before execution.

Healthcare

Patient records, clinical workflows, diagnostic data. Every agent action authorised against patient data boundaries before execution.

Insurance

Claims processing, underwriting decisions, policy actions. Every agent decision authorised against conduct rules before execution.

Ready to authorise

your AI agents?

We work directly with your team to deploy Xybern into one agent workflow in under a week. No lengthy procurement. No infrastructure rebuild. One endpoint. Every agent authorised.

Request a pilot