Every use case starts from the job you are trying to do, not a feature. Each one runs on the same governed runtime: read-only by default, gated to a human where it matters, and sealed to evidence.
The tension
Agents, copilots and MCP servers are already running in your accounts: scheduled scripts with standing credentials, tools nobody registered, owners nobody recorded.
How Tovel does it
Connect read-only, and the inventory surfaces every agent and MCP across your accounts, shadow first, each with its identity, reach and owner. Bind what stays to policy; replace what shouldn’t exist with hardened patterns from the catalog.
You walk away with
A live register of every agent you run, each one owned, scoped and scored.
See how discovery worksThe tension
Security backlogs are ranked by raw CVE counts, so teams burn effort on findings nobody can exploit while the reachable ones wait.
How Tovel does it
Put an enclave around the application; five scanner domains run continuously; findings are ranked by known exploitation and exploit likelihood; the security agent proposes fixes and opens a PR a human approves.
You walk away with
A posture that improves weekly, with every fix attributed and every decision sealed.
See the posture pipelineThe tension
A new model ships every quarter; regulated change management asks a question nobody can answer: what exactly changes if we upgrade?
How Tovel does it
Run the same scan or workload under the new model and compare runs side by side, finding by finding, attributed to the model that produced each result. Model change becomes an evidenced decision.
A capability competitors do not haveThe tension
AI code review is easy to adopt and hard to defend: who reviewed the reviewer, and what did it see?
How Tovel does it
A code-review agent operates on your repository under policy: role-scoped, read-only by default, every write gated to a human, every review sealed to evidence.
You walk away with
Review coverage you can staff a team’s worth of, with a record per decision.
See runtime governanceThe tension
Audit season means weeks of screenshots, exports and chasing. The evidence is stale the day it’s collected.
How Tovel does it
Agents collect evidence continuously from your environment; every artefact is signed, hash-chained and immutably retained; audit packs assemble on demand; a human reviews anything that leaves.
You walk away with
An audit you walk into with receipts, not assertions.
How Australia’s critical-infrastructure obligations become a continuous, cryptographically assured, always-audit-ready capability.
What brings you to the paper?
Where are you with AI agents?
Done — the paper’s on its way.
Open the paperThe tension
The riskiest “agents” in most estates predate the AI wave: cron jobs and scripts with production access, standing credentials and no owner.
How Tovel does it
Discovery flags them; the catalog stands up governed replacements (scoped identity, named owner, least privilege, evidence per action) inside an enclave.
Beyond the horizontal use cases above, the catalog is growing a set of industry workflow patterns. These are stated plainly, without detail pages or launch dates.
Bring one agent, one application or one audit. We will stand up an enclave around it and show you the evidence.