One trust plane across every framework, every model, every cloud. VeriSwarm checks trust before every sensitive action — whether your agent lives on LangChain, CrewAI, AutoGen, Agentforce, Bedrock, or your own stack. Strip PII before the LLM sees it. Block prompt injection in tool responses. Get allow, review, or deny in milliseconds.
POST /v1/decisions/check
{ "agent_id": "agt_123", "action": "send_email" }
→ { "decision": "allow", "trust_score": 78, "tier": "trusted" }Agentforce ships the Einstein Trust Layer — for agents built on Agentforce. Microsoft Agent 365 governs agents inside Entra. NVIDIA Nemotron has its own audit primitives. AWS Bedrock has its own guardrails. None of them talk to each other, and none of them work on the LangChain, CrewAI, AutoGen, or custom agents most teams actually deploy. VeriSwarm is the trust plane that sits across all of them.
LangChain, CrewAI, AutoGen, Semantic Kernel, Agentforce, Microsoft Copilot Studio, Bedrock Agents, or your own roll-your-own loop. One SDK, one MCP server, one API. Same trust decisions everywhere.
Cortex routes to Anthropic, OpenAI, Google Vertex, Mistral, Llama, or your fine-tuned model. Drop-in OpenAI-compatible proxy at /v1/proxy/chat/completions. Switch providers without rewriting governance.
Multi-tenant SaaS, on-prem Guard Proxy via Docker, or local stdio. Portable ES256 JWT credentials agents present to any platform — verify offline against our public JWKS endpoint. No vendor lock-in, no “additional tooling required” footnote.
As agent counts grow, trust becomes harder to infer from reputation or documentation alone. Teams need a repeatable way to evaluate who should be trusted.
A compromised or poorly configured agent can misuse tools, leak credentials, or act outside its intended scope. Response speed and policy clarity matter.
Logs are useful, but investigations and compliance reviews often require stronger evidence about what happened, why a decision was made, and whether records were altered.
Agents report tool calls, task completions, and interactions via the API or MCP server. 22 standardized event types reduce ambiguity about what to send. Ingestion is always free and unlimited.
Identity, risk, reliability, and autonomy — four dimensions scored from behavioral evidence. Deterministic and explainable. 5 scoring profiles or custom weights.
Call one endpoint before any sensitive action. VeriSwarm returns a policy decision based on the agent's trust tier. Verified agents can proceed with less friction. High-risk agents can be reviewed or blocked immediately.
Four ways to connect — works with every agent framework, every MCP client, every CI/CD pipeline. Pick the one that fits your stack. None require you to standardize on someone else's.
Any agent. 3 lines of config.
{
"mcpServers": {
"veriswarm": {
"command": "python",
"args": ["-m", "src"],
"env": {
"VERISWARM_API_KEY": "vs_..."
}
}
}
}65+ tools for trust scoring, event reporting, security, identity, audit, and agent operations. Works with Claude Desktop, Cursor, and other MCP clients.
Auto-instrument. 2 lines of code.
handler = VeriSwarmCallbackHandler(
api_key="vs_...",
agent_id="agt_..."
)
agent = initialize_agent(
tools, llm,
callbacks=[handler]
)Every tool call, task completion, and error automatically reported. Optional enforcement mode can block denied actions automatically.
Agents carry proof of trust.
{
"veriswarm": {
"identity_score": 82,
"risk_score": 15,
"risk_band": "low",
"policy_tier": "tier_2",
"is_verified": true
}
}Signed JWT credentials agents present to any platform. Verify offline via the public JWKS endpoint with a short-lived token.
Embed trust on any page.
<img src="https://api.veriswarm.ai
/v1/badge/my-agent.svg
?style=compact&theme=dark"
/>Server-rendered SVG badges showing real-time trust scores. Works in READMEs, docs, profile pages, and other places where images can load.
Score agent trust and enforce policy decisions in real time.
Deterministic trust scoring across identity, risk, reliability, and autonomy dimensions. Policy tiers gate agent access. Moderation flags surface problems. Event ingestion and shared reputation included free.
Strip PII before it reaches the LLM. Block dangerous tool calls. Respond instantly.
Guard Proxy sits transparently between agents and their tools, tokenizing personal data, enforcing tool policies, scanning for prompt injection, and logging everything. One URL change. No agent code changes. Kill switch for emergencies.
Establish stronger agent identity and delegation context.
Verified identity with signed capability manifests. Scoped delegation grants between humans and agents. Portable credentials agents carry to any platform.
Maintain tamper-evident records of trust decisions and events.
Immutable hash-chained event ledger. Every action recorded with cryptographic integrity verification. Export audit trails for compliance reviews (certifications in progress).
Run agents through cost-optimized, safety-aware execution paths.
Smart LLM routing with complexity-based model selection. Semantic response caching saves tokens on repeated queries. Configurable prompt compression cuts costs without losing meaning. A2A protocol for trust-verified agent-to-agent communication. Drop-in OpenAI-compatible proxy endpoint. Guard and policy enforcement at every layer.
Deploy trusted agent templates with built-in controls and oversight.
Six agent templates across support, healthcare, accounting, legal, and real estate — or build your own. 29 integrations connect agents to calendars, CRMs, email, messaging, and more. Knowledge base, security testing, conversation logs, and runtime controls included.
Knowing who an agent is doesn't tell you whether to trust it. VeriSwarm goes further.
33 adversarial tests probe your agent for prompt injection, PII leakage, boundary violations, and unsafe tool usage. Get a Security Readiness Score before any customer interaction. Schedule recurring tests to catch regressions.
Vault's immutable ledger provides the audit evidence that SOC 2, ISO 42001, and EU AI Act frameworks require. Export structured records for compliance reviews. VeriSwarm's own certifications are in progress.
VeriSwarm maintains a behavioral baseline for every agent. When an agent's activity pattern deviates — volume spikes, new tools, trust drift — you get alerted before users notice.
Discover agents operating in your environment that nobody registered. VeriSwarm analyzes event streams to fingerprint unknown agents, assess their risk, and bring them under governance with one click.
Store agent secrets (API keys, database credentials, OAuth tokens) encrypted in VeriSwarm's vault. Checkout is gated by the agent's trust score — if an agent's behavior degrades, it loses access to sensitive credentials automatically.
Google Calendar, Gmail, HubSpot, Slack, Stripe, Zendesk, and 23 more. Your agents connect to the tools they need. Every integration call flows through Guard for PII protection and Vault for audit — automatically.
When an agent misbehaves on one platform, every platform knows.
Every platform using VeriSwarm contributes behavioral signals — tool misuse, policy violations, credential leaks, spam — to the shared reputation ledger. Reports are hashed and anonymized. No raw data crosses tenant boundaries.
An agent's reputation score reflects its behavior across every platform in the network. Good behavior builds trust everywhere. Bad behavior follows the agent everywhere. The more providers participate, the more accurate the signal.
Before trusting an unknown agent, check its risk band for free with a single API call. Upgrade for the full breakdown — risk scores, provider counts, report types, and historical trends.
curl https://api.veriswarm.ai/v1/public/reputation/[email protected]Guard Proxy sits between your agents and their tools. One line of config. No agent code changes. Every call is scanned, filtered, and logged.
Tokenize personal data before processing.
Names, emails, SSNs, phone numbers, medical records, credit cards — Guard detects and tokenizes PII using NER + regex before the LLM sees it. Agents work with tokens. Original data stays encrypted in the vault.
Scan inputs and outputs for adversarial content.
Guard scans every user message and every tool response for injection patterns, persona shifts, delimiter attacks, and encoding tricks. Blocked attempts are logged in Vault and counted in the agent's trust score.
Whitelist, blacklist, or require approval per tool.
Control which tools an agent can call, which parameters it can pass, and whether write actions require human approval. Policies are tenant-configurable and enforced transparently — the agent doesn't know the proxy is there.
Cloud, Docker, or local. One URL change.
{
"mcpServers": {
"my-tools": {
"command": "guard-proxy",
"args": ["--target", "my-real-server"],
"env": {
"VERISWARM_API_KEY": "vs_..."
}
}
}
}VeriSwarm is not an identity provider. It's the behavioral trust layer that sits alongside your existing IAM — Entra, Okta, Auth0, Cognito, custom. Your identity provider tells you who an agent is. VeriSwarm tells you whether to trust what it does, regardless of where it lives.
Those platforms govern their own agents. VeriSwarm governs everything else in your fleet — the LangChain agent on AWS, the CrewAI workflow on a customer's VPC, the in-house Python loop your ML team built. One audit pane across all of them, including the “all of the above” ones.
5,000 trust decisions per day, unlimited event ingestion, and the full scoring engine — free. No credit card. No enterprise contract. No waiting for a demo. Sign up, send events, get trust decisions.
Gate agent access by trust tier. Discover shadow agents before they cause damage. Red-team agents before deployment. Monitor behavioral anomalies across your fleet. Kill rogue agents instantly.
Deploy in 5 minutes with 6 pre-built templates. Connect 29 integrations. Test against 33 adversarial scenarios. Build trust over time with portable credentials that work on any platform.
Vault provides the immutable audit trails that SOC 2, ISO 42001, EU AI Act, and HIPAA reviews require. Export structured evidence packages with event records, chain verification, and decision logs. Certifications in progress.
Vertical-specific compliance pages:
Event ingestion is always free and unlimited. You only pay for decision checks.
Create an account, register an agent, send an event, and check policy before action.