The agent security platform

See what your agents do. Decide what they can.

Fendray is a policy enforcement gateway for AI agent tool calls. Real-time policy enforcement across LangChain, MCP, and raw provider APIs. Framework-agnostic.

Apply to be a design partner Read the one-pager →

The visibility gap

Enterprise AI agents are taking actions on behalf of your business: querying databases, calling APIs, moving money, sending email. Each of those actions is a tool call. Each tool call is a security event.

Most teams can see what their models say. Very few can see, govern, or audit what their agents do.

Per-provider guardrails don't help when you're running across LangChain, MCP, internal frameworks, and three model providers. Policy ends up scattered across SDKs, prompt templates, and tribal knowledge. There's no enforcement layer that knows what an agent is allowed to invoke, under what conditions, on whose behalf.

What Fendray does

Inspect every tool call

Fendray sits on-path between agents and tools. Every invocation passes through. Visible, logged, attributable.

Enforce policy in real time

Allow, block, redact, or escalate. Policy decisions in real time. Policy lives as code, not in prompts.

Detect what providers miss

Prompt injection, PII leakage, geographic compliance violations, anomalous behavior. Checked in parallel, across providers, in one place.

Human approval for high-risk actions

Route sensitive tool calls to a human reviewer before execution. Built for the actions that shouldn't be fully autonomous yet.

Drop-in, framework-agnostic

Fendray works as an MCP gateway and as an SDK shim for non-MCP frameworks. Point your agents at Fendray instead of directly at your tools and providers. No retraining, no prompt rewriting, no code changes to your agent logic.

  • MCP servers: proxy any MCP-compliant server through Fendray's gateway
  • Agent frameworks: LangChain, CrewAI, AutoGen, raw provider SDKs (Anthropic, OpenAI, Google)
  • Custom agents: direct integration via the Fendray SDK

AI agent governance, not just AI security

The first wave of AI security tooling focused on the model. Content filters, output classifiers, jailbreak detectors. Useful, but incomplete. The risk surface has moved.

When an agent reads an email, queries a database, calls a payment API, or sends a message on your behalf, the security question stops being "what did the model say?" and starts being "what is the agent allowed to do, on whose behalf, under what conditions?" That's governance, not filtering.

Fendray is built for that layer. Every tool call inspected. Every action attributable to an agent, an owner, and a policy. Every decision logged for audit. The runtime governance layer your existing security stack was never built to provide.

Who Fendray is for

Fendray is built for companies that have moved beyond AI pilots into production agent deployments, and need to govern what those agents can actually do.

Company profile

  • AI agents in production workflows, not just pilots
  • Operating in fintech, healthtech, SaaS, or other regulated or PII-handling environments
  • Multiple model providers or frameworks (Anthropic, OpenAI, Google, LangChain, MCP)
  • At least one agent connected to a real tool: email, database, payment system, CRM

Buyer profile

  • Head of Security, CISO, or VP of Platform
  • Head of Engineering or CTO with security in their remit
  • Compliance, privacy, or risk leader at a regulated company
  • Builder or architect leading agent infrastructure decisions

Pre-MVP note: Fendray is currently in design partner phase. We're recruiting five to eight teams from the profile above to shape the first commercial release. Apply to be a design partner →

For CISOs

Your existing security stack was not built for agents

Every AI agent you deploy is a new attack surface, but not the kind your existing controls were built for. Agents don't execute fixed code paths. They read external content (emails, documents, web pages, API responses) and use that content to decide what to do next. Attackers have learned to embed instructions inside that content. The agent reads them, treats them as legitimate, and acts on them.

Your firewall doesn't see it. Your DLP doesn't see it. Your SIEM doesn't see it. The traffic is authenticated HTTPS. No signature matches. No anomaly fires. The agent did exactly what it was technically allowed to do.

Fendray is the control point that sits between agents and the tools they call. Policy enforced before the action executes. Tool calls inspected, decisions logged, owners attributed. A live view of every agent operating in your environment, its policy compliance status, and its incident history.

When the board asks how you govern AI agents, or when an auditor asks for the record, you have an answer that doesn't depend on tribal knowledge or post-hoc log archaeology.

For CTOs and Heads of Engineering

Ship agents without shipping new blind spots

You've been asked to deploy agents fast and deploy them safely. Most security tooling forces a tradeoff between those two: slow integration projects, framework lock-in, latency budgets blown by sidecar inspection.

Fendray is designed around the constraints engineering leaders actually have. Drop-in integration via MCP gateway or SDK shim, with no rewriting agent logic, no retraining, no framework migration. Designed for in-path use, so the security layer doesn't degrade the user experience. Framework-agnostic and provider-agnostic, so you're not locked into one model vendor's guardrails when your stack inevitably diversifies.

Observation mode lets you watch what your agents are actually doing in production before you commit to a policy. Fendray proposes one based on observed behavior, you refine it. Policy lives as code, in your repo, reviewed in your pull request flow.

When a security incident happens, and it will, your team has the full record. Every tool call, every argument, every decision, attributable to an agent and an owner. Incident response becomes a query, not an archaeology project.

We're recruiting design partners

Fendray is in the final stretch before MVP. We're opening five to eight design partner slots for teams running AI agents in production or staging, who feel the visibility gap firsthand and want to shape the runtime security layer they wish existed.

Design partners get free access through 2026, a direct line to the founding team, real influence over what ships, and locked-in pricing when we commercialize. In return, we ask for a real workload running through Fendray within 60 days, biweekly feedback, and permission to reference you publicly once you're comfortable.

Apply to be a design partner

Or write to us at contact@auvionx.com