Runtime control layer for AI agents
Your agents can do anything. Polaxis decides what they're allowed to.
The runtime control layer between your AI agents and the real world. Intercept every tool call, enforce policies, require human approval, audit everything. Before anything executes.
Start for free — no card required Log inDefinition Polaxis is the runtime control layer between AI agents and the real world — middleware that intercepts every tool call through a 7-layer detection pipeline (regex scan, risk scorer, LLM gate, behavioral baseline, session graph, threat intel, policy engine) before it executes. Block unsafe actions, require human approval, enforce spend budgets, and generate SOC 2, GDPR, HIPAA, EU AI Act, and OWASP audit evidence reports on demand. Two lines of Python. Any agent framework.
SOC 2GDPRHIPAA EU AI ActOWASP audit evidence reports on demand
0.15ms
Regex layer p50 latency
99.4%
Threat detection rate
$0.00026
Cost per evaluation
$0
Free · no card required
The Problem
AI agents are powerful. And completely ungoverned.
The same autonomy that makes AI agents valuable makes them dangerous. One bad tool call can delete production data, send 50,000 wrong emails, or violate GDPR — with no trace of what happened.
Without Polaxis
Agent deletes production records — no audit trail, no way to know who or when.
Billing agent charges a customer $5,000 instead of $50. No approval was required.
Marketing agent sends 40,000 emails to unsubscribed users. GDPR fine incoming.
HR agent exposes salary data to the wrong employee. Zero visibility into what was accessed.
Attacker injects a prompt — agent exfiltrates your customer database to an external API.
With Polaxis
Every delete intercepted. Policy blocks it, logs it, and notifies your team — before it happens.
Billing agent requires human approval for charges above $500. One-click approve or reject.
Email blast paused at the policy layer. Compliance team reviews before a single email sends.
Full audit trail: which agent, which tool, what data, who approved, timestamp. Immutable.
Prompt injection detected and blocked by the AI Firewall. Attack never reaches your data.
Platform
Everything your AI stack needs to ship safely.
One security and governance layer. Zero trust by default. Full visibility and control over every agent action.
Policy Engine
Define rules in JSON or plain language. Block, allow, or escalate based on tool name, parameters, agent identity, time, or any custom condition.
Human-in-the-Loop
Pause execution and route high-risk actions to Slack or your dashboard. Approve or reject with one click. PII automatically masked for approvers.
Budget Control
Set hard cost limits per agent, day, or month. Auto-block when thresholds are hit. Full spend breakdowns — no more surprise bills.
Immutable Audit Trail
Every decision recorded — what was called, when, which policy applied, who approved. Tamper-proof. One-click export for auditors.
7-Layer Agent Firewall
7 detection layers — regex scan, risk scorer, LLM gate, behavioral baseline, session graph, threat intel, and policy engine. Blocks prompt injection, jailbreaks, PII leakage, and data exfiltration with < 1ms median latency.
On-Demand Compliance Reports
Generate SOC 2, GDPR, HIPAA, EU AI Act, and OWASP reports on demand. Filter by agent and date range. Download audit-ready PDFs in seconds — built for real auditors.
How It Works
7-layer defense, resolved in < 1ms.
89% of calls never touch an LLM — pure Python signals handle them in microseconds. The semantic LLM gate fires only when needed.
Layer 01
Regex Scan
100% of all calls. 80+ compiled patterns: injection, PII, secrets — no allocations, instant results.
Layer 02
Risk Scorer
<1ms pure Python. 15 signals: entropy, delimiters, soft keywords, payload size.
Layer 03
LLM Gate
~11% of calls only. claude-3-5-haiku, 5-min cache, fail-open — skipped when score is clean.
Layer 04
Behavioral Baseline
Welford online stats. Per-agent baseline, anomaly boost 0–30 pts — detects slow drift attacks.
Layer 05
Session Graph
2h TTL per session. Recon to exfil kill-chain detection across multi-turn agent runs.
Layer 06
Threat Intel
24h aggregation. Attack history, per-agent threat level 0–4, 5-min in-memory cache.
Layer 07
Policy Engine
JSON rules: Allow, Block, or HITL. Matches tool name, params, agent, time, spend, and custom logic.
89%
calls resolved without LLM
< 1ms
median latency (Python layers)
2%
random audit sample on clean calls
100%
accuracy on adversarial test suite
Real-World Scenarios
Built for every team deploying AI agents.
Whether you're in fintech, healthcare, SaaS, or enterprise IT — Polaxis handles the governance layer so your team doesn't have to.
Fintech
Autonomous billing & payments
A billing agent needs to issue refunds, charge cards, and send invoices 24/7 — but finance requires sign-off on anything over $1,000. Rules: block charges > $500 without approval, require 2FA confirmation for refunds, $10k/day budget cap, full SOX audit log.
Healthcare
Patient scheduling & records
An AI assistant books appointments, updates patient records, and triages queries — HIPAA requires airtight access control and audit trails. Rules: block PII exfiltration, require physician approval for prescriptions, immutable 7-year audit log, HIPAA-ready compliance reports.
SaaS / Startup
Customer-facing AI agents
Your AI support agent handles refunds, account changes, and feature flags — directly touching customer data and billing systems. Rules: no delete_account without human approval, rate limit 100 actions/hour, auto-block prompt injection, Slack alert on any blocked action.
Enterprise IT
Infrastructure & DevOps automation
AI agents provision cloud resources, manage deployments, and rotate secrets — one mistake can take down production or expose credentials. Rules: block prod database mutations without approval, detect secret/key exfiltration, $500/day cloud API spend limit, SOC 2 Type II reports.
Integration
Two lines to govern any AI agent.
Works with OpenAI, LangChain, LangGraph, CrewAI, PydanticAI, or any custom agent.
Step 1: Install the SDK
pip install polaxis — works in any Python environment and any agent framework.
Step 2: Configure your policies
Define rules in the dashboard or via JSON config. Block by tool name, parameter values, spend thresholds, or write custom conditions.
Step 3: Ship with confidence
Every tool call is evaluated in real-time. Your agents behave exactly as intended, every time.
Supported frameworks: Python · LangChain · LangGraph · CrewAI · OpenAI · MCP · PydanticAI · AutoGen · Claude SDK · Cursor · Claude Desktop · Any custom agent
Why Polaxis
The only runtime control layer built for the tool call layer.
Others protect the LLM text layer. Polaxis controls what agents actually execute in the world.
| Feature | Polaxis | Lakera Guard | Guardrails AI | Prompt Security |
|---|
| Pre-execution tool call interception | ✓ | — | — | — |
| Human-in-the-loop approvals | ✓ | — | — | — |
| Policy engine (block/allow/escalate) | ✓ | — | ✓ | — |
| Budget & spend controls | ✓ | — | — | — |
| Behavioral anomaly detection | ✓ | — | — | — |
| Immutable audit trail | ✓ | — | — | — |
| Prompt injection detection | ✓ | ✓ | ✓ | ✓ |
| MCP proxy — zero-code setup | ✓ | — | — | — |
| Works with any agent framework | ✓ | — | ✓ | ✓ |
| Free tier | ✓ | — | ✓ | — |
Pricing
Simple, transparent pricing.
Start free. Scale when you're ready.
Starter
$0/mo
- 1 agent
- 10,000 evaluations/month
- 3 policy rules
- 7-day audit log retention
- Community support (Discord)
Start free — no cardPro
$149/mo
- 5 agents
- 1,000,000 evaluations/month
- Unlimited policy rules
- Agent Firewall — injection & PII
- Budget enforcement per agent
- HITL approvals via email
- 90-day audit retention
- Email support (next business day)
Start free trialScale
$499/mo
- 25 agents
- 10,000,000 evaluations/month
- HITL approvals via Slack
- Custom policy templates
- 5 team seats + RBAC
- 1-year audit retention
- SOC 2 Type II report
- Priority support (4h SLA)
Start Scale trialEnterprise
Custom
- Unlimited agents
- Custom evaluation volume
- Self-hosted (your VPC)
- SSO — SAML / OIDC
- Dedicated CSM + Slack channel
- Custom SLA (99.9% uptime)
- DPA / MSA / BAA available
- Annual invoicing, PO accepted
Talk to usFAQ
Questions we get a lot.
How long does integration take?
For the Python SDK: about 10 minutes. Install the package, create an agent in the dashboard, paste two lines of code. For MCP-connected agents: set three environment variables and point your MCP client at the proxy — no code changes at all.
Does Polaxis add latency to my agents?
Median decision latency is 3–5ms. Policy evaluation is in-memory with a compiled rule engine — there are no round-trips to external LLMs or expensive lookups. For human-in-the-loop approvals, the agent waits, but that's intentional.
Do you store my tool inputs and outputs?
Yes — encrypted at rest using AES-256. The audit trail stores what was called and what was returned, which is required for compliance. You control retention periods: 7 days on Free, 1 year on Pro, 7 years on Enterprise. You can also anonymize or purge records at any time.
What happens if Polaxis goes down?
You configure the failure mode per agent: fail-open (allow all calls, log for later) or fail-closed (block all calls until service recovers). Most production customers use fail-open for non-sensitive agents and fail-closed for financial or data-modifying agents.
How is this different from Lakera Guard, Guardrails AI, or Prompt Security?
Those tools operate at the LLM text layer — validating prompts and outputs. Polaxis is middleware at the tool call layer: it controls what your agents are actually allowed to execute in the world. You put an API gateway in front of your backend. Polaxis is that gateway for your agents — policy enforcement, human approval gates, spend limits, and an audit trail, before anything executes.
Does it work with OpenAI, LangChain, CrewAI, etc.?
Yes. Polaxis is framework-agnostic — it wraps the tool call layer, not the LLM layer. It works with any agent framework: LangChain, LangGraph, CrewAI, PydanticAI, AutoGen, raw OpenAI function-calling, or your own custom code. If it calls a tool, Polaxis can govern it.
Can I self-host Polaxis?
Yes on Enterprise plans. The full stack (FastAPI backend, MongoDB, MCP proxy) can run in your own VPC with no data leaving your infrastructure. Contact sales@polaxis.io for a deployment guide.
What's the free tier limit?
1 agent, 10,000 evaluations per month, 3 policy rules, and 7-day audit log retention. No credit card required. Hit the limit and need more? Upgrade to Pro in seconds — or add individual capabilities with an add-on.
Is Polaxis related to Polixis, the AML/KYC company?
No. Polixis (polixis.com) is a Swiss financial compliance data company providing AML, KYC, and sanctions screening for banks — founded in 2012, completely different product and market. Polaxis (polaxis.io) is an AI agent security and governance platform for engineering teams building autonomous AI agents. We stop agents from deleting databases, leaking credentials, blowing budgets, and making irreversible decisions without approval. Nothing to do with financial compliance.
Your AI agents. Secured. Governed. Audited.
Free forever for one agent. No credit card required.
Create free account