// Vendor risk, operated

The operator quarantines a risky vendor before you're exposed.

A signed contract tells you what a vendor agent promised. It says nothing about what it does at 2 a.m. in production. Plug the vendor agent into the gateway; the operator scores it on real behavior, holds it to the scope you signed, and contains it the moment it drifts — every move on a record you can verify without us.

Honest about the tiers: Observe & Suggest is live today — the operator scores every vendor and proposes the quarantine. Assisted and autonomous containment switch on per tenant, per vendor, as you grant them.

// What the operator does to a vendor

From a signed promise to behavior you can prove

The risk you carryWhat the operator doesWhere it lives
You vet a vendor agent once, at signing, then never see it again The operator scores every vendor agent on real production behavior — scope fit, error rate, cost drift — and updates the score on every call, not once a year. Model Catalog →
A vendor agent reaches for data or tools that were never in the contract Instead of trusting the integration to stay in its lane, the operator allows in-scope calls and blocks the out-of-scope one — before it executes, with the blocked attempt receipted. Tool Governance →
A vendor starts misbehaving and no one notices until the incident review When a vendor's score crosses your threshold, the operator quarantines it in two minutes — drains in-flight requests, blocks new ones — before your team would have seen the trend. Guardrails →
"Trust us, we contained it" is the only evidence you can give the auditor Every score, block and quarantine is a chained, anchored receipt — the auditor recomputes it without calling us. Proof Ledger →
You can't tell which actor — yours or the vendor's — made the call Every vendor agent carries a scoped, revocable, version-fingerprinted identity on the ledger, so the actor behind each receipt is never in doubt. Agent Identity →
// How the operator contains a vendor

It senses, decides, and contains — on the record

Instead of a once-a-year vendor review and a hope that the integration behaves, the operator watches every vendor call, scores the behavior, and acts the moment it crosses your line — each step a receipt you can check.

01

Scores on real behavior

The operator grades each vendor agent on what it actually does in production — scope fit, PII handling, error rate, cost drift — not on the benchmark it shipped with.

02

Contains in two minutes

When the score crosses your threshold or a call goes out of scope, the operator quarantines the vendor — new calls blocked, in-flight requests drained — before your team would have caught the trend.

03

Proves every move

The score, the block and the quarantine each resolve to a chained, anchored receipt — so the containment you report is evidence, not an assurance.

Live today: the operator scores every vendor and proposes containment (Observe & Suggest). One-click and autonomous quarantine roll out per tenant, per vendor, as you grant them — reversible the moment you change your mind.

// Exposure — conservatively

A defensible number, not a breathless one

We do not publish percentage risk-reduction claims. Move the sliders for an illustrative lower bound on what the operator scores and contains; your real number comes from a scoped pilot on your own vendor traffic.

10K500,0005M
$5K$120,000$2M
Spend behind a quarantine line
Assumes 2% of third-party spend flows through vendors the operator caps when they drift; on receipts only.
$2,400
Vendor-review hours saved
Assumes only evidence-gathering time the operator's receipts replace; not incident avoidance.
160
Vendor calls scored on behavior
Every vendor-agent call scored and receipted — not a sampled review.
500,000

Figures are illustrative lower-bounds you control with the sliders. We do not publish percentage risk-reduction claims.

Get your number — book a demo
// Provable containment

Every quarantine resolves to a receipt

When the auditor asks how you knew the vendor was contained, you do not point at a dashboard — you point at a receipt. The vendor, the scope it broke, the outcome and the operator that acted are part of the canonical, hashed record. Recompute the leaf and the decision is confirmed.

This is the same client-side verification on the Trust portal. SHA-256 runs in your browser; no Agentics call.

Explore the Proof Ledger →

// Verify a real receipt Anchored
receipt_idc4d8e2f0…4e5f
prev_hash1af67611…4a032
payload_hash2962f6b5…466dd
recomputed
merkle_root14a24583…c058a
  • Recompute leaf
  • Chain integrity
  • Fold Merkle proof
  • Anchor memo == root

SHA-256 runs in your browser via Web Crypto. No Agentics call.

// Vendor risk, operated

Contain the vendor. Prove you did.

Run a scoped pilot: plug your vendor agents into the gateway and let the operator score, contain, and receipt every one — within bounds you set, reversible in one click.