Operant AI
AARM ExtendedRuntime application protection for AI agents, MCP, and agentic workloads
operant.ai ↗Overview
Operant AI provides runtime protection for AI agents, MCP servers, and agentic applications. The platform centers on two enforcement components: the Operant Endpoint Protector, which intercepts MCP tool calls, prompts, and shell executions before execution, and the Operant Agent Protector, which extends real-time enforcement across LangGraph, CrewAI, n8n, and the ChatGPT Agents SDK. The gateway emits signed AARM receipts for every decision class across all five authorization outcomes.
Classification
- Coverage surface
- MCPEndpointSaaSCloudData/DBAPINetwork
- Stage
- Launched
- Type
- Commercial
- Target audience
- Enterprise
- Deployment
- Self-hostedSaaSHybrid
Technical profile
Spec-grounded axes, verified by the TWG.
- Interception architecture (R1)
- Protocol GatewaySDK Instrumentation
- Policy model (R3)
- Hybrid
- Authorization decisions (R4)
- ALLOWDENYMODIFYSTEP_UPDEFER
- Conformance level
- Extended (R1–R9)
Conformance review
R1 | Pre-execution interception | ✅ |
R2 | Context accumulation | ✅ |
R3 | Policy evaluation with intent alignment | ✅ |
R4 | Five authorization decisions | ✅ |
R5 | Tamper-evident receipts | ✅ |
R6 | Identity binding | ✅ |
R7 | Semantic distance tracking | ✅ |
R8 | Telemetry export | ✅ |
R9 | Least privilege enforcement | ✅ |
Platform capabilities
- Pre-execution MCP gateway intercepting tool calls inline before execution
- All five AARM authorization decisions with traceable receipts
- Identity binding via Okta and Google OAuth with deny-on-missing-identity
- Signed Ed25519 receipts with hash-chained context fields for tamper detection
- Inline PII detection and redaction (emails, SSNs, and other entity classes)
- AI Agent Scope Guard with per-agent natural-language scope definitions
- Semantic distance tracking across extended agent sessions (R7)
- Telemetry export to Splunk with documented JSON schema (R8)
- JIT credential issuance integrating HashiCorp Vault, CyberArk, AWS IAM (R9)
Architecture
Operant enforces AARM requirements at the MCP Gateway, a pre-execution interception point between the agent client and downstream MCP servers. Every tool call routes through the gateway, where the request is parsed at the protocol level, sensitive-entity scanners classify parameters, accumulated session context is loaded, the applicable policy is evaluated, and a decision is returned inline before the tool executes. Session context is captured and chained across the full agent loop — a single request ID links the original user prompt, every subsequent tool call, every detection event, and the final agent response. Every decision produces an AARM receipt containing action descriptors, requester context, policy decision, execution outcome, and an Ed25519 signature with key identifier.
Key facts
| Headquarters | San Francisco |
| Compliance | SOC 2 Type II |
Maintained by the Operant AI team. Conformance verified by the AARM working group.