Run AI agents in production without losing the audit trail.

Every agent runs under a scoped identity, is checked against policy in real time, and leaves a signed record of what it did.

AccessNo standing access
ControlHumans keep the final say
ProofEvery action, signed
app.tovel.io / agent-inventory live
Tovel Agent Inventory — every AI agent across the estate, with shadow agents flagged
Security posture
Security posture — 11 of 12 checks passing, findings triaged by AutoFix
How Tovel works

Discover what is running. Govern how it runs. Operate at scale.

One continuous path, from the agents already loose in your estate to a governed fleet doing real work, with evidence at every step.

01
Discover

See every agent in the estate.

Inventory every agent, MCP server and tool already running across your cloud accounts, sanctioned or shadow, then stand up new ones from hardened, pre-approved patterns.

  • Live inventory of agents and MCP servers
  • Provisioning from hardened, pre-approved patterns
  • A marketplace of governed blueprints
Explore the platform
02
Govern

Prove how every agent runs.

Score posture against the frameworks that matter, gate high-consequence actions to a human, and seal every decision into an evidence locker your risk committee can verify.

  • Framework packs scored against live posture
  • Rule-of-Two gating, HITL, read-only by default
  • A signed, hash-chained evidence locker
How governance works
03
Operate

Ship agents that earn their keep.

Give every application its own isolated enclave and a named agent fleet, then run continuous security work against it, prioritised by what is actually exploitable.

  • A dedicated enclave and named fleet per application
  • Findings ranked by real exploitability
  • Model-attributed scans you can compare side by side
See the enclave
The product

One console for the whole agent fleet.

From the estate-wide inventory down to a single enclave's live security posture, every view is scoped, signed and ready for audit.

app.tovel.io / enclaves / storefrontlive
Storefront enclave overview — agent runs, open findings, spend and posture for one application
Every application gets its own enclaveRuns, findings, spend and posture for one app, isolated and continuously scored.
app.tovel.io / enclaveslive
All enclaves — org rollup with value delivered, risk blocked and verifier pass rate
One rollup across the whole fleetValue delivered, capacity returned and risk blocked, summed across every enclave.
Architecture

Every application runs in its own isolated enclave.

You bring an application or agent; Tovel runs it inside a dedicated, isolated enclave. Two things cross the boundary: least-privilege scopes going in, signed evidence coming out.

Your stack
Your application
brought into the enclave
Agents in prod
any framework · any model
MCP & connectors
classified at the boundary
The enclave SEALED
Hardening harness
every turn · loop → verification
AWS Bedrock · AU
inference never leaves AU
Raw traces & payloads
stay inside · never exfiltrated
Governance
Signed evidence locker
verdicts & approvals · sealed
Maturity matrix
adoption × governance
Framework packs
policy in · scored out
↓ least-privilege scopes
least-privilege scopes · read-only default
↑ signed evidence only
01 · Boundary
Each application gets its own enclave.
Isolation is total: a compromise in one enclave cannot reach another, or your wider estate.
02 · Harness
Every turn is hardened before it runs.
Loop, model, tools, context, guardrails and an independent verifier, enforced at runtime, not at review time.
03 · Evidence
Only sealed records leave.
Verdicts and approvals are sealed into a hash-chained locker. Raw payloads never leave the enclave.
The harness

Enterprise controls, enforced on every agent action.

Every turn passes through the enclave's control layers before it acts: the plan is verified, tools and data are gated, high-consequence actions wait for a human, and the full trajectory is sealed to evidence.

Select a layer to see what it enforces
AU-resident
Data and inference stay in Australia on AWS Bedrock and AgentCore.
Signed evidence locker
Append-only, hash-chained, exportable for board and auditor review.
HITL by default
High-consequence actions route to a named human before they run.
Read-only by default
Agents receive least-privilege scopes; every write is gated and attributed.
Framework packs shipped
OWASP LLM Top 10OWASP Agentic ASI01–10NIST AI RMFISO 42001MITRE ATLASEU AI ActAU AI Safety

Posture is scored against these packs only. Tovel does not claim coverage of frameworks it has not shipped.

See every agent, action, and decision in one place.

A 30-minute walkthrough on your own architecture: the harness, the maturity matrix and the evidence a board can read.