Product Walkthrough · 4 min

See what your AI agents actually do.

An AI agent on your build server just opened your secrets – and nothing wrote it down. This four-minute walkthrough shows how RAXE records what every agent actually did, and seals it as provable evidence.

RAXE Lineage Lens · the RAXE console – live deployment

Everything in this walkthrough was recorded on a real, live RAXE deployment – real detections, no mockups. The AWS view uses clearly-labelled sample data. RAXE runs self-hosted in your own environment; sealed evidence never leaves it.

Read the transcript

Lightly edited for readability. Chapter times match the strip above.

0:00 – Open

An AI agent in your organisation just accessed your secrets. Nobody noticed. Nobody will. Your engineers ship at the speed of a prompt – Claude Code, OpenCode, Codex, your own SDK web apps, agents on AWS or Azure. Every one of them can read a secret, run a script, access tools and data. The moment the action ends, it evaporates. Five different runtimes, five blind spots, and no single record of what any of them actually did.

0:37 – What RAXE is

So here is what changes that. RAXE is runtime security for your AI agents. It watches every agent across your stack – coding agents, SDKs, gateways, the kernel execution of agents itself. It records what each one actually did, and seals it as provable evidence. Here is what that means for your team.

1:01 – SOC console

Start with your SOC analyst. Instead of five dashboards, one central console. And it opens on the honest headline: what would have been blocked is counted in plain sight – because RAXE runs in observe-and-log mode today, and never breaks your agents or interferes. Every surface lands in one triage queue, and when a threat fires, your analyst sees the exact rule that caught it. Not a black-box score.

1:33 – Coding agents

For the platform owner, the blind spot is where AI enters – and it is already covered. Every coding agent your engineers run: Claude Code, OpenCode, and Codex, each with its own session and lineage. Claude Code and OpenCode tie back to the exact agent with explicit attribution. Codex, we label inferred – because we only claim what the evidence earns.

1:56 – The AWS lane

Your AWS Bedrock lane is here too, shown with clearly-labelled sample data.

2:06 – Lineage

And you stop correlating by hand. One agent's actions resolve under a single lineage: the gateway that saw what it claimed, the SDK inside the app, and the host kernel itself. All three – one continuous story you own, end to end. Next, we zoom into what that kernel caught.

2:30 – The reveal

Here is the moment that matters – the one your analyst and your CISO both need. The host kernel, real eBPF, caught the agent reading the /etc/passwd file, in-process. Something no proxy or log would ever see, pinned to the exact agent. The evidence sits sealed: you can see that it happened, not what – until the analyst clicks Reveal, and the act of looking writes its own audit row into the audit log. Actor, field, outcome granted, an audit ID. RAXE watches your agents, and it watches its own watchers.

3:12 – Verdicts

For your AI and detection engineers, none of this is a black box. Every verdict opens up: the binary threat head's probability, the per-family heads, an out-of-distribution energy score, the nearest known-attack prototypes. And for the borderline calls, a heavyweight second opinion – a separate model gives an advisory read, threat or benign. It is evidence for the analyst. It never changes the decision. Advisory, only.

3:45 – CISO

And for the CISO, the AI-risk story finally has a paper trail. Every reveal and every denial is hash-linked into one tamper-evident ledger, and you can verify the whole chain on demand: Intact. Aligned to MITRE ATLAS and OWASP ASI, the AI-specific frameworks – not the classical endpoint frameworks, which are the wrong frame for agent threats. This is not a screenshot someone could doctor. It is board-grade, audit-ready evidence you can hand up with confidence.

4:20 – Close

RAXE gives you the true, sealed, provable story of everything your AI agents did – across every agent, in one place. Today, it lets you see it. Next, it lets you stop it. We watch everything now, so you can act with confidence later. Trust starts with the truth.

The Walkthrough

From blind spot to board-grade proof

One story, told through the three people who have to act on it – the SOC analyst who triages, the platform owner who owns the chain, and the CISO who has to sign.

RAXE console posture screen: source health for six agent surfaces and one triage queue
Act 01For your SOC team

One console. Every agent. One honest queue.

RAXE puts every agent surface on one screen with one triage queue, and opens on an honest headline: what fired, what would have been blocked, counted in plain sight. It deploys in observe-and-log mode, so your team starts seeing recorded agent activity from day one without ever breaking a developer’s workflow. And when a threat fires, the analyst sees the exact rule and evidence that caught it – not a black-box score.

Observe-and-log from day one – zero disruption
Explore the console →
Dev sessions view: Claude Code, OpenCode and Codex sessions with attribution grades
Act 02For platform owners

The coding agents your engineers already run.

AI enters your organisation wherever your engineers adopt it – so that’s where RAXE starts. Claude Code, OpenCode and Codex sessions appear automatically, each with its own session history and lineage. Attribution is graded honestly: explicit where we can prove exactly which agent acted, inferred where we can’t – we only claim what the evidence earns. Your AWS Bedrock activity lands in the same console (shown here with clearly-labelled sample data).

Claude Code · OpenCode · Codex · AWS Bedrock
Coding-agent coverage in depth →
Story view: gateway, SDK and host sensor events resolved under one lineage
Act 03For platform owners

One agent. One lineage. One story.

Stop reconciling fragments by hand. What an agent claimed at RAXE Gateway, what your application saw through RAXE Sensor [sdk], and what the host sensor actually observed at the kernel all resolve into one continuous, provable story – end to end, owned by you. When something goes wrong, you don’t assemble the timeline. You open it.

Gateway + SDK + kernel – one continuous story
How the platform joins the story →
Agent behaviour graph: sealed /etc/passwd access revealed under audit with a Granted audit row
Act 04The moment that matters

It read /etc/passwd – caught in the act.

An agent read /etc/passwd in-process – invisible to any proxy, gateway or log file. The host kernel caught it live and pinned it to the exact agent. Sensitive evidence stays sealed until an analyst supplies a purpose and clicks Reveal – and the act of looking writes its own entry into the audit ledger: who looked, at what, and the outcome. RAXE watches your agents – and it watches its own watchers.

Kernel-level detection · sealed until audited reveal
Inside the host sensor →
Verdict internals: threat probability, per-family scores and the advisory second opinion
Act 05For your AI & detection team

Every verdict, explained.

No black boxes. Every verdict opens into the evidence behind it – threat probability, per-family scores, an out-of-distribution signal, and the closest known attack patterns. Borderline calls get an advisory-only second opinion from a heavier model in your environment: more evidence for your analyst, never a change to the decision. Your team can defend every verdict.

Explainable verdicts · advisory second opinion
Read the detection stack →
Govern view: hash-chained reveal ledger verified Intact
Act 06For your CISO

Board-grade proof – verified Intact.

Your AI-risk story finally has a paper trail. Every reveal and every denial is hash-linked into a tamper-evident ledger you can verify on demand – Intact. Detections map to MITRE ATLAS and OWASP ASI, the security frameworks built specifically for AI-agent threats. This isn’t a screenshot someone could doctor; it’s audit-ready evidence you can hand to the board, a regulator, or an incident review with confidence.

Tamper-evident audit chain · MITRE ATLAS + OWASP ASI
Procurement-ready answers on the trust page →
Beyond this one story

Agent actions your existing tools never see

Proxies see traffic. Logs see what the agent chose to write down. RAXE watches the agent itself – at the gateway, inside your apps, and at the kernel – and turns every risky action into sealed, provable evidence.

Secret & credential access

An agent reading /etc/passwd, your .env, or a cloud secret – caught in-process, the moment it happens.

Data exfiltration

Cloud API calls that move sensitive data – like a secrets-manager read on AWS – flagged and pinned to the agent that made them.

Prompt injection

Adversarial instructions smuggled into your agents’ inputs, detected before they become someone else’s incident report.

Unsafe tool calls

SQL injection, shell injection and dangerous arguments inside agent tool use – with the flagged argument as evidence.

Rogue script execution

Agents fetching and running remote scripts, watched at the kernel with full process lineage.

The claim-vs-reality gap

What the agent said it would do versus what it actually did – two-sided evidence from gateway and kernel.

Trust starts with the truth.

Today it lets you see it. Next, it lets you stop it.

RAXE deploys observe-first: recorded evidence from day one, sealed by default, with zero disruption to your agents – so when you’re ready to stop it, you act with confidence, not guesswork.

We’re onboarding a small group of early-access design partners now. Bring your own agents – we’ll show you what they’re actually doing, live on your stack, in a 30-minute walkthrough.

See how it deploys →
Deploys in observe & log mode Self-hosted in your environment – VPC or on-prem Early access – design partner programme MITRE ATLAS + OWASP ASI aligned