Behavioral anomaly detection.
Turn an agent's drift from normal into a guard decision you can act on.
// policy
risk_signal(high) → require approval
In a regulated context an explainable rule beats a black-box anomaly score, so deterministic policy carries the bulk of the coverage. Real drift detection needs a behavioral baseline and serious ML that's never finished — the control plane's job is to act on the signal in the path, not reinvent it.
“Anomaly” isn't one thing. Most of what matters in a tool call is caught deterministically — by policy, in the path — which is also what's explainable to an auditor. Statistical, sequence, and intent-mismatch detection layer on top: connect your own detector, SIEM, or UEBA and HiveKey enforces on the verdict it returns.
Intercept
The agent attempts an action. HiveKey catches it in the path — nothing reaches the tool yet.
Evaluate
A connected detector emits a risk signal and HiveKey takes it as a guard input — raising approval, stepping the agent down, or blocking — alongside the deterministic rules that already run on every call.
Enforce & log
The verdict is enforced — allow, block, or route for approval — and written to the audit trail, attributable to the agent's owner.
Agent
attempts an action
HiveKey
scope · guard · log
Tool / MCP
only allowed actions
Built for security and platform teams.
Deterministic policy catches most of it — explainable and auditable
Layer your own statistical, sequence, or intent detectors on top
HiveKey enforces on every signal in the path, not its own detection
Behavioral anomaly detection is one expression of Guard.
Every capability rides the same spine — Scope what an agent can do, Guard each action in the path, Log all of it on one trail.
Enforce every action your agents take.
Scope, guard, and log every action — and enforce it in the path, before anything happens.