Production governance for the agents calling your tools.
A 2.7-microsecond Rust proxy in front of every MCP server, CLI, and API your agents reach. Policy at install, enforcement at every call.
Why now
Security teams are being asked what their agents actually do in production — which tools they call, which data they touch, what they tried that failed.They cannot answer.
Andrej Karpathy’s Software 3.0 framing names why: the LLM is the new interpreter, the context window the lever, tool calls how the interpreter touches reality. In the past twelve months, those tool calls moved from demo to production — at hedge funds, banks, and SaaS platforms running Claude Code, Cursor, and custom agents inside the perimeter. The runtime needs an answer.
Anthropic ships Claude Security for Anthropic-hosted agents. The other half of every enterprise — Cursor, Continue, custom internal agents, multi-vendor MCP — needs a runtime layer that doesn’t depend on a single model vendor.
Navil is the answer.
What it does
01 / 02 / 03Ship agents to production faster.
YAML policies scope which tools each agent sees. navil secure auto-discovers MCP configs, wraps every server, and shows your platform lead the before/after coverage in 47 seconds — measured, not estimated.
94% fewer schema tokens per call.
Most agents see hundreds of tools they will never use. Navil shows each agent only the tools its policy permits, cutting context-window waste and inference cost on every loop.
Threat signal that compounds across nodes.
568 detection patterns across 36 categories, fed by anonymized signal from every Navil deployment. A new tool-poisoning attempt caught at one node blocks at every node within minutes — without sharing tenant data.
Live demo
Real decisions from the github-mcp policy template against a stream of agent tool calls. Allow, approval-required, and deny — all enforced at the proxy before the call leaves the machine.
Reproduce locally: navil policy test --policy templates/policies/github-mcp.yaml --fixture templates/fixtures/github-risky-calls.jsonl
Proof
Read the sourcep99 6.1 µs · Rust data plane
vs unscoped MCP exposure
across 36 agent-native categories
from `pip install` to enforcement
Read the code.
Apache 2.0. Rust data plane, Python control plane. Every detection pattern is in navil-threat-catalog.
Run the benchmark.
The 2.7 µs number isn’t marketing. bench_total_latency.py ships in the repo. Bring your own machine.
Watch the network.
Anonymized threat signal from every Navil deployment, refreshed every 60 seconds. Public, no login.
navil.ai/radarPricing
Free for solo developers. Per-seat for teams. Air-gapped for everyone else.
No usage caps on the free tier. Upgrade when your security team wants the audit log.
Free
For solo developers and OSS contributors.
- Apache 2.0 core
- 568 detection patterns
- Local policy enforcement
- Community threat feed
Team
For platform teams shipping agents internally.
- Cloud dashboard
- Audit log retention
- Per-agent policy versioning
- Slack & GitHub alerts
Business
Most teamsFor SaaS companies building MCP integrations.
- SSO (SAML, OIDC)
- SOC 2 evidence pack
- Custom detection rules
- Priority threat-intel feed
Scale
For F500 platform engineering.
- Air-gapped deployment
- Dedicated runbook
- Quarterly threat report
- 24/7 incident response
Watch your agents in production. Today.
Install in under a minute, or schedule 30 minutes with the team to scope a deployment.