Security for autonomous AI.
Purpose-built for agents that run long, act independently, and keep evolving.
Get early accessAI stopped assisting. It started acting.
Agents hold permissions, call tools, and take real actions. Security built for humans no longer applies.
Behavior is the only reliable signal.
Clean prompts hide malicious intent. Routine tool calls leak data. Signatures fail on systems that rewrite themselves each session.
Logs are too late.
Agents decide mid-session, with real credentials and real blast radius. When the log lands, the action is done.
Forge is AI security posture management, built for how agents actually work.
Forge discovers the agents already operating across your business, profiles how they behave, and gives teams a governed path to deploy, approve, and improve them over time.
Agentless. No deployment required.
One control plane for every agent
From coding agents like Devin and Claude Code to cowork agents like OpenClaw, Claude Cowork, and Hermes — Forge secures them all.
Shift left
Harden permissions, skills, and access based on how agents actually behave, before risk reaches production.
Intent & behavior-aware runtime protection
Evaluates prompts, tool calls, data access, memory, and outputs together, so risky intent gets caught in context.
Every agent — observable, traced, explorable. Sessions, tool calls, and policy outcomes in one timeline.
Forge captures high-fidelity traces from every managed sensor — every prompt, tool call, and decision — and lets you slice by user, agent, tool, or policy without endpoint agents fighting your existing stack.
Users
1,247
Agents
38
Sessions
4,892
Open findings
12
High severity
11
Policy hits
47
Failure modes
4
Security risks
9
Avg. session
3.4m
Events
2.4M
+18% vs. last 24h. Path-traversal blocks driving the spike.
3 first-seen agents on Codex this week.
1 sensor on Cursor fell to stale state.
Why sessions fail or require intervention.
Higher event volume correlates with higher risk scores.
Discovered automatically across IdP, firewall, and SaaS connectors
High-fidelity traces of every prompt, tool call, and decision
Permissions, identities, and reachable data mapped per agent
Catch risky actions in flight, not after the fact. Every session live-traced, every policy hit captured the moment it happens.
Forge surfaces sessions the moment a managed policy fires — path traversal, prompt injection, secret exfiltration, unauthorized tool calls. Reviewers see the full trace and pivot to a finding without leaving the timeline.
Policy evaluation runs in line with the agent, not after it
Deterministic outcomes for every action
Every prompt, tool call, and outcome captured
Shift security left. Get more from every agent. Behavioral data that hardens the next deployment and proves the ROI of the last one.
Forge turns every prompt, tool call, and policy outcome into a signal you can act on. Tighten permissions before they're abused, retire underperforming agents, and prove which deployments are actually working.
| Finding | Risk | State | Last seen |
|---|---|---|---|
Self Modification or Config Tampering The signal indicates potential self-modification or tampering with configuration, which is not clearly covered by existing findings. | Open | Apr 24 | |
Tool MCP Error Loop The signal reflects repeated deployment failures with exit codes, distinct from existing findings. | Open | Apr 24 | |
Environment Setup Failure for FastAPI The signal indicates a critical failure related to the absence of FastAPI in custom images, warranting a dedicated finding. | Open | Apr 24 | |
Exposure of Sensitive Credentials The signal corresponds to a clear case of credential exposure, which is distinct from the open finding related to task abandonment. | Open | Apr 24 | |
Policy Bypass or Override Abuse The signal describes potential attempts to bypass controls on file updates or builds, which does not align closely with any existing findings. | Open | Apr 24 | |
Destructive or Irreversible Action The signal describes a situation where data may be permanently deleted, which is a distinct security risk not covered by existing findings. | Open | Apr 24 | |
First-Time Sensitive Resource Access The signal captures first-time access to production secrets or regulated data by a session without prior history. | Open | Apr 24 | |
Unexpected Approval Chain Escalation The session requested a broader approval path than the task required, creating a distinct governance concern. | Open | Apr 24 | |
Cross-Tenant Secret Reference A build task attempted to reference credentials from a neighboring environment instead of the assigned workspace. | Open | Apr 24 | |
Unpinned Remote Script Execution The signal reflects a workflow fetching and running a remote installer without a version pin or checksum. | Open | Apr 23 | |
Production Data Exfiltration Pattern A sequence of outbound requests matched known data staging behavior prior to external transfer. | Open | Apr 23 | |
Repeated Sandbox Escape Probe The agent retried environment introspection commands in a way that does not map to an existing concern. | Triaged | Apr 23 | |
Override of Deployment Guardrail A session attempted to bypass release constraints during a build promotion step and triggered manual review. | Open | Apr 23 | |
Irreversible Storage Deletion Attempt The workflow assembled a destructive storage command against a protected bucket outside its scoped plan. | Open | Apr 23 | |
Sensitive Token Emitted to Logs The runtime streamed a live credential into logs, distinct from the existing credential exposure concern. | Open | Apr 22 | |
Tool Output Drift Causing Retry Storm The agent repeatedly retried a failing tool call after malformed output, creating a new operational signal. | Triaged | Apr 22 | |
Unreviewed Access Expansion Request The system observed a request to widen repository access before the operator completed the normal approval path. | Triaged | Apr 22 | |
Unexpected Prompt Persistence Across Tasks Instructional context was retained longer than expected and influenced later sensitive actions in the same session. | Triaged | Apr 22 | |
Sensor Coverage Gap During Build Patch A small portion of a build-edit sequence ran without expected coverage, but subsequent telemetry restored visibility. | Resolved | Apr 21 | |
Dormant Policy Path Re-Activated An older control path became active again during rollout, creating a low-severity but notable configuration signal. | Resolved | Apr 21 | |
Credential Copy Into Scratch Buffer The workflow moved sensitive material into a temporary buffer in a way that warrants explicit review. | Open | Apr 21 |
Permissions tuned from real agent behavior, not guesses
Conformance scoring identifies underperforming agents
ROI evidence sliced by agent, team, or integration
Built around the constraints security teams actually face.
Forge is designed for organizations that need to move quickly without giving up operational rigor, deployment flexibility, or visibility into what agents are really doing.
Intelligent behavior profiling
Agents are risky because they act, not because they generate text. Forge profiles what they do, not what they say.
Full-trace context, not isolated prompts.
Secure enablement
Security shouldn't block adoption. Governed rollout with controls, approvals, and findings that keep shipping possible.
Findings route high-stakes actions without stopping the ones that matter.
Agentless deployment
Fastest time to value is the path that fits your stack. Forge connects to what you already run — no new agents required.
Works with your IdP, network, SaaS, and model gateways.
From signup to first runin an afternoon.
Connect Forge to your existing identity, network, SaaS, and model gateways. No new endpoint agents, no consultants, no months-long implementation.
Connect
Hook Forge into your identity, network, SaaS, and model gateways. Visibility starts immediately.
Inventory
Every agent operating across your stack is discovered. Shadow agents flagged the moment they appear.
Baseline
Behavioral profiles built from real agent activity — prompts, tool calls, data access, and drift, all clustered automatically.
Enforce & improve
Convert deviations into findings, approvals, and policy actions. Hardening tightens as the system learns.
Built to support procurement, trust reviews, and enterprise rollout.
The platform story should help teams move faster through security review, not add a second project before deployment can begin.
Support deployment models that align with enterprise data handling and infrastructure requirements.
Trust signals designed to fit the requirements security teams expect during vendor review.
Public-facing assurance for organizations that need an additional trust layer in procurement cycles.
Framework alignment for companies evaluating long-term governance and global deployment readiness.
Give teams a governed path to use AI agents.
Forge helps security teams guide adoption with behavior-aware controls, actionable findings, and deployment models built for enterprise constraints.
Talk with Forge