# MITRITY > MITRITY is an Intent-Aware Governance (IAG) platform — an agent firewall for autonomous AI agents. It intercepts every action an agent attempts and validates it against the agent's declared mission scope in real time, before the action executes. The platform pairs edge enforcement in the customer environment (Mitrity Gateway for HTTP-based agents, MCP Sidecar for MCP-compatible agents, plus mesh integration) with a cloud control plane for mission policies, behavioral drift detection, prompt-injection defense, DLP, delegation-chain governance, audit, and compliance reporting. MITRITY AB is headquartered in Stockholm, Sweden. ## Docs - [Quickstart](https://mitrity.com/docs/getting-started/quickstart): Deploy your first governed agent in under 10 minutes - [Documentation](https://mitrity.com/docs): Full product documentation — gateway, sidecar, policies, security, API, integrations - [API reference](https://mitrity.com/docs/api-reference): Interactive reference for the MITRITY REST API - [OpenAPI specification](https://mitrity.com/openapi.yaml): Raw OpenAPI 3.1 document for the platform API - [Integration modes](https://mitrity.com/docs/edge/modes): Gateway, Sidecar & Mesh — how agent traffic reaches MITRITY ## Product - [Platform](https://mitrity.com/platform): Architecture and capabilities of the MITRITY governance platform - [Solutions](https://mitrity.com/solutions): Industry use cases for governed autonomous agents - [Pricing](https://mitrity.com/pricing): Starter, Pro, and Enterprise plans ## Academy - [MITRITY Academy](https://mitrity.com/academy): Free hands-on training in AI agent governance, with certificates ## Company - [About](https://mitrity.com/about): Company, mission, and team - [Contact](https://mitrity.com/contact): Sales, support, and security contacts - [Careers](https://mitrity.com/careers): Open roles at MITRITY - [Blog](https://mitrity.com/blog): Engineering and product notes (RSS: https://mitrity.com/feed.xml) ## Legal & Trust - [Terms of Service](https://mitrity.com/terms): The agreement governing use of the platform - [Privacy Policy](https://mitrity.com/privacy): How personal data is collected, used, and protected - [Data Processing Agreement](https://mitrity.com/dpa): GDPR Article 28 processing terms and sub-processor list - [Service Level Agreement](https://mitrity.com/sla): Uptime commitments and support levels - [Acceptable Use Policy](https://mitrity.com/acceptable-use): What you may and may not do with the platform - [AI transparency](https://mitrity.com/ai): How MITRITY uses AI, and how AI systems should interact with this site - [security.txt](https://mitrity.com/.well-known/security.txt): Coordinated vulnerability disclosure — report to soc@mitrity.com ## Documentation inventory ### Getting Started - [Quickstart](https://mitrity.com/docs/getting-started/quickstart): Get your first AI agent governed by MITRITY in under 5 minutes. Install Mitrity Gateway, connect to the control plane, and see your first event. - [Core Concepts](https://mitrity.com/docs/getting-started/concepts): Understand the foundational concepts of the MITRITY Platform: agents, mission profiles, policies, behavioral hashes, and drift scores. - [Demo: Mitrity Gateway](https://mitrity.com/docs/getting-started/demo-gateway): Run a self-contained Docker demo that puts a Claude-powered AI agent through a scripted governance scenario using Mitrity Gateway. See policies, DLP, injection detection, and hold workflows in action. - [Demo: Mitrity MCP Sidecar](https://mitrity.com/docs/getting-started/demo-sidecar): Run a self-contained Docker demo that puts a Claude-powered AI agent through a scripted governance scenario using Mitrity MCP Sidecar. See policies, DLP, injection detection, and hold workflows in action. - [Demo: Multi-Agent Governance](https://mitrity.com/docs/getting-started/demo-multi-agent): Run three Claude-powered AI agents in parallel containers — an orchestrator and two specialist workers — and watch real delegation chains, per-agent threat-intel matches, and privilege boundaries emerge from genuine multi-agent activity. ### Gateway, Sidecar & Mesh - [Deployment Guide](https://mitrity.com/docs/edge/deployment): Deploy Mitrity Gateway or Mitrity MCP Sidecar in your environment. Docker, standalone binary, systemd, or Cloud Run for the gateway. Binary download for the sidecar. - [Integration Modes](https://mitrity.com/docs/edge/modes): Two integration modes for different use cases: Mitrity Gateway for governed MCP tool aggregation and Mitrity MCP Sidecar for lightweight single-server wrapping. - [Configuration Reference](https://mitrity.com/docs/edge/configuration): Complete YAML configuration reference for Mitrity Gateway and Mitrity MCP Sidecar. Covers all fields, defaults, and environment variable overrides. - [Mesh Enforcement (Istio)](https://mitrity.com/docs/edge/mesh-overview): The Mitrity Mesh Authorizer brings the same MITRITY decision engine that powers Mitrity Gateway and Mitrity MCP Sidecar to an Istio service mesh. Per-request SPIFFE ServiceAccount to agent to policy governance for east-west, agent-to-agent, and egress traffic. - [Deploy in Istio](https://mitrity.com/docs/edge/mesh-deployment): Install the Mitrity Mesh Authorizer in an Istio service mesh with Helm. Prerequisites and version compatibility, the mesh-wide extension registration, scoping governed namespaces, mTLS, failure modes, and verifying enforcement. - [Per-Agent Identity in the Mesh](https://mitrity.com/docs/edge/mesh-identity): Bind a MITRITY agent to its Kubernetes namespace and ServiceAccount so the Mitrity Mesh Authorizer can resolve each request's SPIFFE identity to the right agent and apply its policy. Why STRICT mTLS is required and why unmapped identities are denied. - [Mesh Egress Allowlist](https://mitrity.com/docs/edge/mesh-egress): The opt-in per-agent egress destination and SNI allowlist for the Mitrity Mesh Authorizer. Govern agent traffic leaving the Istio mesh against each agent's approved-destination list, with the agent's identity preserved through an in-cluster egress hop. - [Mitrity LLM Gateway](https://mitrity.com/docs/edge/llm-gateway): A TLS-terminating egress gateway for LLM traffic. Agents point their provider base_url at it; the gateway governs every prompt with intent, threat-intel, and DLP checks -- including true wire-redaction in both directions -- and enforces per-policy guardrails (model allowlists, token caps, cost budgets, rate limits) before forwarding to Anthropic or OpenAI. Prompts never leave your cluster except to the provider you configured. ### Policies - [Writing Policies](https://mitrity.com/docs/policies/writing-policies): Learn how to write governance policies in MITRITY: policy structure, action pattern matching, priority system, and practical examples. - [Enforcement Modes](https://mitrity.com/docs/policies/enforcement-modes): Understand the three enforcement modes in MITRITY — Monitor, Alert, and Enforce — and how to safely graduate from observation to active blocking. - [Approval Workflows](https://mitrity.com/docs/policies/approval-workflows): Configure hold policies for human-in-the-loop governance. Manage the approval queue, set timeouts, and integrate notifications via email and Slack. ### Tools & Permissions - [Tool Catalog](https://mitrity.com/docs/tools/tool-catalog): Browse the MITRITY tool catalog. Built-in tools ship with MITRITY; custom tools are scoped to your tenant. Match rules, operations, and categories drive fine-grained governance. - [Agent Capabilities](https://mitrity.com/docs/tools/agent-permissions): Grant per-agent capabilities in MITRITY. Control which tools each agent can use, set rate limits, time windows, and fine-grained resource scopes, alongside policy rules. - [Destination Allowlists](https://mitrity.com/docs/tools/destination-allowlists): Configure per-agent destination allowlists — the destination layer of MITRITY DLP. Control which domains and endpoints agents can reach, detect exfiltration attempts, and manage DLP events. ### Security - [Injection Detection](https://mitrity.com/docs/security/injection-detection): Detect and respond to prompt injection attacks against your AI agents. Understand detection methods, probability scoring, pattern matching, and false positive management. - [Delegation Chains](https://mitrity.com/docs/security/delegation-chains): Govern agent-to-agent delegation in MITRITY. Track delegation chains, enforce depth limits, detect privilege escalation, and audit multi-agent workflows. - [Credential Broker](https://mitrity.com/docs/security/credential-broker): How MITRITY stores credentials, grants agents access to them, and issues time-bound leases. Includes the rotation runbook and the audit / encryption model. - [Threat Intelligence](https://mitrity.com/docs/security/threat-intelligence): Leverage MITRITY's shared threat intelligence feed for cross-tenant protection. Understand indicator types, feed sources, tenant matching, and configure automated responses. - [DLP Pattern Authoring](https://mitrity.com/docs/security/dlp-patterns): Define content patterns and bind them to policies with per-binding direction, action, and priority. Built-in catalog for PII and credentials, plus customer-authored regex / string list patterns. - [AI Bill of Materials (AIBOM)](https://mitrity.com/docs/security/aibom): Track every MCP server identity your agents touch, overlay per-tool risk ratings, and get drift advisories when a new threat indicator matches your inventory. Multi-channel notifications: email, Slack, webhook, in-portal bell. ### Compliance & Insights - [Compliance Reports](https://mitrity.com/docs/compliance/reports): Generate SOC 2, GDPR, ISO 27001, executive summary, and asset inventory reports from your MITRITY governance data. Schedule, download, and share compliance evidence. - [ML Insights](https://mitrity.com/docs/compliance/ml-insights): Explore MITRITY's ML-driven analytics: drift scoring, per-agent risk assessment, anomaly detection, behavioral topology, and the multi-tier model architecture. ### Administration - [Roles & Access Control](https://mitrity.com/docs/administration/rbac): Manage team roles and access control in MITRITY. Understand the four-role model, permissions matrix, access scopes, environment-level access, and per-agent resource grants. - [Environments](https://mitrity.com/docs/administration/environments): Manage multiple environments in MITRITY. Scope agents, policies, and audit events to isolated environments like Development, Staging, and Production. - [SAML SSO](https://mitrity.com/docs/administration/saml-sso): Configure enterprise SAML 2.0 single sign-on for your MITRITY tenant. Step-by-step setup for Okta, Azure AD, and Google Workspace with JIT provisioning. - [API Keys](https://mitrity.com/docs/administration/api-keys): Manage API keys for programmatic access to the MITRITY platform. Create, scope, rotate, and revoke keys with full lifecycle management. - [Billing & Plans](https://mitrity.com/docs/administration/billing): Manage your MITRITY subscription. Plan tiers, scale limits, feature differences, Stripe integration, and the subscription lifecycle including upgrades, downgrades, and cancellation. ### API - [API Overview](https://mitrity.com/docs/api/overview): Overview of the MITRITY REST API: authentication, base URL, versioning, rate limits, and key endpoints for managing agents and policies. ### Integrations - [SIEM Integration](https://mitrity.com/docs/integrations/siem): Forward MITRITY governance events to your existing SIEM: Splunk HEC, syslog CEF (QRadar, ArcSight), or generic webhooks. ## Blog posts - [Securing the Swarm: MITRITY Announces Native Kubernetes & Istio Mesh Governance for Agentic AI](https://mitrity.com/blog/securing-the-swarm-istio-mesh-governance) (2026-06-10): Enterprise teams are deploying AI agents as microservices in Kubernetes — and Istio secures the network, but it doesn't speak AI intent. The MITRITY Mesh Authorizer injects intent-based, zero-trust governance directly into the Istio data plane via Envoy ext_authz: zero-code, SPIFFE-bound identity, delegation-chain enforcement on east-west traffic, and opt-in per-agent egress control. - [You Know What's In Your Software. But Do You Know What Your AI Agents Are Doing? Enter the AIBOM.](https://mitrity.com/blog/aibom-runtime-inventory-for-ai-agents) (2026-06-09): Traditional SBOMs list the static libraries you ship — but autonomous AI agents discover MCP servers and invoke tools at runtime, far beyond any static manifest. The AI Bill of Materials (AIBOM) is a live, runtime inventory of every tool and MCP server your agents actually invoke, with drift advisories, an automatic risk overlay, and full traceability. - [The Multi-Agent Blind Spot: How to Stop AI-to-AI Privilege Escalation](https://mitrity.com/blog/multi-agent-blind-spot-ai-to-ai-privilege-escalation) (2026-06-02): When agents collaborate, a compromised low-privilege bot can weaponize a high-privilege peer to execute actions it could never authorize directly. Traditional security only sees the last actor in the chain. Here's why governing a multi-agent swarm requires lineage and privilege intersection — and how MITRITY's delegation engine blocks AI-to-AI privilege escalation inline. - [Getting Started with Intent-Aware Governance: A Practical Walkthrough](https://mitrity.com/blog/getting-started-iag-walkthrough) (2026-05-21): A practical guide to implementing AI agent governance without sacrificing development velocity — backed by two open-source demonstration agents you can run in minutes. - [Why Your AI Agents Shouldn't Hold the Keys to the Kingdom](https://mitrity.com/blog/agents-keys-to-the-kingdom) (2026-05-15): Pasting permanent credentials into an agent's config is the modern equivalent of leaving the master key under the doormat. Here's why agents should borrow secrets, not own them — and how just-in-time leases shrink the attack surface to seconds. - [Securing the Agentic Stack: Privacy-First Threat Intelligence for AI](https://mitrity.com/blog/privacy-first-threat-intel-agentic-stack) (2026-05-08): Traditional threat intel relies on IPs and file hashes. AI agents need something different. Here's how MITRITY built behavior-based, privacy-first threat intelligence designed specifically for the unique vulnerabilities of autonomous agents. - [Your Customer Service Agent Just Gave Away Your Pricing Strategy](https://mitrity.com/blog/ai-agents-as-customer-representatives) (2026-03-11): AI agents handling customer interactions have access to the most sensitive data in your organization — customer PII, account details, internal policies, and business logic. Without governance, they will leak it, one helpful response at a time. - [When Your AI Agent Reprices Your Entire Catalog at 2 AM](https://mitrity.com/blog/ai-agents-in-ecommerce-governance) (2026-03-11): AI agents are transforming e-commerce operations — managing inventory, adjusting prices, and fulfilling orders autonomously. Without real-time governance, a single miscalculation can wipe out margins, oversell inventory, or ship orders to the wrong addresses. - [Your Payment Agent Just Issued 200 Refunds to the Same Account](https://mitrity.com/blog/ai-agents-in-payment-processing) (2026-03-11): AI agents processing payments, managing refunds, and handling billing disputes operate in the highest-stakes environment in your stack. Without inline governance, a single compromised or misconfigured agent can drain funds, expose card data, and create compliance violations that take months to remediate. - [Intent-Aware Governance: Why Autonomous AI Agents Need a New Control Model](https://mitrity.com/blog/intent-aware-governance-for-the-ai-era) (2026-03-01): AI agents are autonomous, fast, and increasingly powerful. Traditional security tools were not built for systems that reason, adapt, and act independently. Intent-aware governance is the control model designed for this reality. - [Real-Time Behavioral Drift Detection for Autonomous Agents](https://mitrity.com/blog/real-time-behavioral-drift-detection) (2026-02-25): A technical deep-dive into the ML pipeline behind sub-millisecond behavioral drift detection — from edge-deployed DriftGuard models to centralized TrustGraph threat analysis. - [Shared Threat Intelligence Without Shared Data: Privacy-First Cross-Tenant Protection](https://mitrity.com/blog/shared-threat-intelligence-without-shared-data) (2026-02-18): How MITRITY enables cross-tenant threat intelligence for AI agent attacks without exposing any tenant's data — using behavioral hashing, anonymized contribution, and tenant-scoped matching.