ZaunZaun
Securing AI Adoption · Zaun Reagent

Say yes to AI. Securely.

Reagent is the AI security posture management & AI TPRM for security and GRC leaders. Onboard new AI tools in days, not months, then carry that security decision from procurement all the way to runtime AI security.

Adopt AI Securely TodaySee how it works ↓
14+AI tools governed
5frameworks mapped
Daysto onboard
ABBA · contained reactionsealedAI Vendor TPRM · labeled reagentsUNKNOWNout-of-policyISO 27001controlledNew AI IDEcontrolledHIPAA67% stagedPCI DSS36% staged
National Audubon Society case study
Case StudyHow the National Audubon Society made security the AI acceleration team.Read →
§ R1Why now

You’re adopting AI faster than you can govern it.

Your teams adopt new AI tools every week. Security and GRC are the bottleneck, and the assessment that should clear them takes months. You can’t see all the AI already in use, and you can’t put a defensible answer in front of your board.

COVERAGE RADARAI agentsCSPMcloudSSPMsaasEDRendpointGatewaynetworkIDPidentityNO SIGNALblind spot

That missing layer is AI Adoption Security: assess and onboard new AI vendors with real security depth, then carry that decision into runtime. Reagent owns it from procurement to production.

Step 01AI Discovery

You already own the tools that can see your AI.

Your network, endpoint, identity, and cloud already hold the signal. They were just never built to read it. Reagent’s AI reads it for them, maps your live AI coverage, and names every blind spot, with no new sensor to install.

0 / 16 territories seen
See AI chatbot accounts in the browser
See data pasted or uploaded into web AI
See AI desktop apps on managed devices
See local LLM runtimes on hosts
See IDE coding agents and their MCP servers
See AI features inside sanctioned SaaS
See AI app sign-ups and OAuth grants
See AI meeting bots on calendars
See AI agents acting in mailboxes
See user-initiated AI traffic on the network
See server-side and CI/CD AI traffic
See custom agents on builder platforms
See MCP servers and exposed model endpoints in cloud
See agent code, MCP definitions, and keys in repos
See sanctioned AI prompts and model routing
See agent tool calls via MCP gateway

Reagent uses AI to identify and correlate raw signals from the security tools you already own. Every other vendor in this space asks you to install one more sensor. We make the ones you have add up to a real AI adoption governance program, and we are honest about the gaps until they are closed.

Step 02AI Vendor Assessment

Know the risk of every AI vendor before you trust it.

Every approved AI vendor runs a real questionnaire against your frameworks. Reagent runs the chat, the vendor answers, and each control closes the moment the evidence lands.

Claude Code by Anthropic
AI vendor · logged in to assessment
Online
Step 03AI Controls

Every approved tool compliant the moment it lands.

Reagent runs a per-vendor control assessment on each AI tool. Public artifacts pull in automatically from the vendor's published policies and compliance API. NDA-only docs drop in by hand. Every piece of evidence maps to every vendor control it actually proves.

Evidence Vault
Source · drag onto any control
Usage Policy + sub-processors
anthropic.com/legal/aup
auto · from public docs
3 maps
Claude Code audit log API
api.anthropic.com/v1/organizations/.../audit_logs
auto · from Anthropic Admin API
3 maps
Anthropic SOC 2 Type 2
anthropic-soc2-typeii.pdf · NDA
uploaded · [email protected] · 12 May
2 maps
Vendor questionnaire + DPA
anthropic-vendor-q.pdf · 47 questions
uploaded · [email protected] · 14 May
3 maps
Auto-collected from public sources. Manual uploads land here too. Reagent maps each artifact to every vendor control it proves.
Vendor control assessment
Claude Codeby Anthropic
0 / 11 evidenced
AI GovernanceAC-20Model & tool integration safetycore
pending
AI GovernanceSA-9Customer data training restrictioncore
pending
NIST AI RMFMAP-3.1Data class enumeration
pending
AI GovernanceAU-12Customer-accessible audit log APIcore
pending
AI GovernanceAU-11Audit log retention SLA
pending
AI GovernanceMP-6Data deletion verification
pending
SOC 2CC7.3Incident communication
pending
ISO 27018A.8.1PII processed under instruction
pending
AI GovernanceSI-12Data retention & deletion SLAcore
pending
AI GovernanceIR-6Customer incident notificationcore
pending
OWASP LLMLLM06Sensitive information disclosure
pending
Step 04AI Policy Enforcement

Write policy once, enforce it everywhere AI runs.

Reagent unifies identity, tool, and agent into one control plane, then enforces the right policy at the tool, agent, and prompt layer. Approve the right tools for the right roles, and hold the line even on products that ship no native permissions.

Enforce · destructive command policy· hardening agents
4 SCOPED
# block on match
BLOCK/rm\s+-rf\s+//wipe root
BLOCK/:\(\)\{\s*:\|:&\s*\};:/fork bomb
BLOCK/dd\s+if=.*of=/dev/\w+/disk overwrite
BLOCK/mkfs\.\w+\s+/dev/\w+/reformat volume
BLOCK/chmod\s+-R\s+777\s+//permission wipe
apply policy
CursorHARDENED
Claude CodeHARDENED
CopilotHARDENED
CodeiumUnavailable
Recent enforcement eventslive
14:22:08agent-42BLOCKrm -rf /var/data
14:21:55jordan@…BLOCKdd if=/dev/zero of=/dev/sda
14:21:11agent-11BLOCKmkfs.ext4 /dev/nvme0n1
14:20:43mira@…ALLOWgit reset --hard HEAD~1
14:20:02agent-07BLOCKchmod -R 777 /
14:19:38lou@…ALLOWnpm run build
Step 05ABBA

Agent and Bot Behavior Analytics.

ABBA learns each agent's baseline, then explains every deviation in plain language. When an agent drifts out of pattern, Reagent pulls the explanation from Okta IDP, AWS, and CrowdStrike, ties the timeline together, and fires containment automatically.

Agent baseline deviation · claude-prod-svc

Alert Details

⚡ Risk · Escalateclaude-prod-svc⏱ 1m 50s
Raw Alert PayloadJSON
Alert Summary

A high-severity agent baseline deviation alert was generated for service agent claude-prod-svc. ABBA scored the agent's activity at 4.2σ over its rolling 7-day baseline. The same identity hit Okta sign-ins, AWS assume-role, and a CrowdStrike launcher-host PID hijack within the same 1m 50s window.

Investigation Summary

Reagent correlated identity, cloud, and endpoint signals to trace MFA bypass via replayed Okta session token, lateral sts:AssumeRole into prod-data-rw, and a parent-host PID hijack on the launcher. Containment fired automatically at 13:13:54 — keys rotated, Okta session revoked, IAM role-binding pulled, host isolated, investigation queued for analyst review.

§ R2AI coverage

One layer across every AI tool your teams adopt.

New AI tools ship every week. Every SaaS product is becoming an AI product. Reagent covers the AI you buy and the AI you build, the assistants, agents, and platforms your teams actually use, and adds coverage for the next wave as it lands.

Assistants

ClaudeASSISTANT
ChatGPTASSISTANT
GeminiASSISTANT
PerplexityASSISTANT
GleanASSISTANT

Coding agents

CursorCODING
GitHub CopilotCODING
Claude CodeCODING
CodexCODING
DevinCODING

Sales & SDR agents

AgentforceSALES
HubSpotSALES
ClaySALES

Legal agents

HarveyLEGAL
LegoraLEGAL
IroncladLEGAL

HR & recruiting agents

WorkdayHR
GreenhouseHR
GustoHR
RipplingHR

Work & knowledge agents

Notion AIWORK
CoworkWORK
Slack AIWORK

Don’t see your AI tool? Ask our team to add it at [email protected].

That is Reagent: one control plane for every AI tool your organization adopts. Next, the surfaces around that AI.

For security and GRC leaders adopting AI faster than they can govern it, Reagent onboards new AI tools in days, not months, then enforces that decision at runtime. One platform, from procurement to production.

Assessment that doesn’t stop at the questionnaire, enforcement that doesn’t start after the tool is already in.

§ R3Pricing

One agent.One price.

No event metering. No per-feature gates. No surprises when your team scales. Reagent counts what your auditors count: agent identities.

priced per agent monitored
1
Claude Code & Cowork account
Copilot seat
ChatGPT Enterprise user
Cursor seat
Gemini Enterprise user
Other AI service identity
1 monitored agent
Also from Zaun

Defend the rest of your organization with Zaun Ember.

Ember is Zaun's other platform. Agentic Security Operations across cloud, endpoint, and identity. A separate product from Reagent, built for the surfaces around the AI it secures.

Explore Zaun Ember →
Begin

Make security the reason AI ships faster.

See Reagent in your environment.

Adopt AI Securely Today →Read the docs
SOC 2 Type II·AWS Marketplace·30-min call·No obligation