Skip to main content
MagCarta
Get in touch
Governance plane

Every agent.
Every action.
identified, checked, signed, kept.

MagCarta issues cryptographic identities to every autonomous system, enforces policy inline at the gateway, and commits a signed record of each decision to an append-only ledger — in about a third of a millisecond.

Get in touchSee gateway demo
The governance & security platform for enterprise AI agents
policy.v3.magc
signed policy snapshot
permit (
  principal in AgentGroup::"analyst",
  action   in Action::"ReadRecord",
  resource in Dataset::"pii.customer"
) when {
  context.purpose == "monthly_report" &&
  context.row_count < 500
};
hashsha256:4f…9c21
snapv3.1 · signed
gateway.decide()
in-process decision
ALLOW · 0.34mspolicy.v3#L12
agentdid:mc:0x4f2a…e19
actionReadRecord
resourcepii.customer/42
purposemonthly_report
rows38
attemptrcpt-0x8c…f2
provenance.receipt
append-only ledger
batch#2,481
root0x8c…f214
witness3 / 3 signed
anchorchain · 0x1a…
▣ tamper-evident14:22:08.912Z
Built on research · proving in public
pre-revenue · design partners open
Research
16+ peer-reviewed papers
AgentSpec · IFC/Fides · CaMeLs
Standards
W3C DID · VC · MCP-native
no lock-in · portable receipts
Overhead
~0.37ms / action
0.05% of an LLM round-trip
Model
Vendor-neutral · cross-cloud
BYOF · AWS · GCP · Azure marketplaces
The problem
02 / 08

Agents are acting.
Nobody is watching.

Every autonomous system is a new, unaccountable employee with root access to your business. Most incidents are discovered weeks later — by auditors, not operators.

Exposure model
63% of enterprises deploying AI agents have no runtime controls.
Gartner, 2025 · Projected to be the #1 audit finding by 2026.
2024
Incident

Agent ships production code after hours

A coding agent, granted shell access "temporarily," pushed 14 commits to main over a weekend. No reviewer. No audit trail until Monday.

2024
Incident

Customer data exfiltrated via LLM plugin

A support assistant resolved tickets by querying internal databases. When its auth token was reused by a compromised partner, 2.3M records leaked.

2025
Incident

Wire transfer executed by hallucinated instruction

A treasury agent misread a purchase order, wired $847K to an unverified payee, and filed its own expense report.

The platform
03 / 08

Four primitives.
One control plane.

MagCarta is what comes between your agents and the world. Identity establishes who. Policy defines what. Enforcement decides whether. Provenance records it all.

01 · IDENTITY

Cryptographic identity

Every agent, tool, and service gets a W3C DID with rotating keys. Unsigned requests die at the edge. Runs DID-native, or binds your existing IAM to a canonical agent identity — your IdP stays authoritative, MagCarta adds the agent layer on top.

Binds to
Okta / Auth0Entra IDGoogle WorkspaceAWS IAM · LDAP
did:magc:z6Mk…94f2
02 · POLICY

Policy as code

Declare what agents can do in a single, version-controlled ruleset — spend limits, data scopes, purpose, time windows, required approvers. Policies are signed, snapshotted, and label-aware: your existing data catalog stays authoritative; we consume its tags, never overwrite them.

Consumes labels from
Purview · MIPGoogle DLP · BigLakeAWS Macie · Lake FormationBigID · OneTrust · Collibra
policy://spend.v12
03 · ENFORCEMENT

Inline gateway

Every action routes through the gateway. Identity is verified, policy evaluated, request and response inspected — pattern, entity, and model-based — with streaming redaction before bytes reach your systems. Allowed calls carry a signed warrant; denied calls never land. Fail-closed by default, < 2ms p50.

Protects
Data · Postgres · Snowflake · S3Code · GitHub · GitLab · CI/CDMoney · Stripe · wire · treasuryPeople · Slack · email · API
< 2ms p50 overhead
04 · PROVENANCE

Immutable ledger

Every decision — allow, deny, or review — is signed and lands in an append-only, tamper-evident ledger with the actor, action, policy hash, and witness. W3C Verifiable Credentials in, cryptographic anchors out. Replay any day. Export to your audit stack of choice.

Exports to
SplunkDatadogS3 · WORMRegulators · auditors
ledger://9a3f.b71c
How it works
04 / 09

The gateway sits between your agents and everything they touch.

01 · AGENTSAny runtime. Identity: DID or bound IdP subject.LangChainagent.support.24abCrewAIagent.ops.7b1eCustom SDKagent.billing.9f3aMCP toolagent.research.ff12MAGCARTA GATEWAY● FAIL-CLOSED · < 2 ms p5001IdentityVERIFY WHO02PolicyDECIDE WHAT03DecisionENFORCE HOW04WitnessPROVE IT02 · SYSTEMSWhat gets protected. Signed warrant →Datapostgres · snowflake · s3Codegithub · gitlab · ci/cdMoneystripe · wise · treasuryPeopleslack · email · api03 · PROVENANCEEvery gateway decision writes here · the ledger is read back for audit.Provenance Ledgerappend-only · tamper-evident · W3C VC · cryptographically anchoredidentity proof · policy hash · decision · witness signatureEXPORTS →SIEM · Splunk · Datadog · S3regulators · auditors · procurement
Demo · Coming Soon
05 / 08

Watch the gateway decide.

Pick a scenario. Every action runs through Identity → Policy → Decision → Witness. Under 2ms, every time.

Scenarios
agent.billing.9f3aPOST treasury.wire
to=acme-supplies.usamount=12500currency=USDmemo=PO-31248
01Resolve DIDdid:magc:z6Mk…94f20.4ms
02Verify signaturesignature · key #70.6ms
03Match policypolicy.spend.v12 → limit=$10K1.1ms
04DecisionDENY — amount exceeds limit1.3ms
05Commit to ledgertx 0x7b3f…91ae1.8ms
Awaiting request…
For developers
06 / 08

One decorator.
Every action,
governed.

Wrap any tool or agent. MagCarta handles DID resolution, signature verification, policy evaluation, and ledger commit — all inline, under 2ms.

Language-agnostic SDK
Sidecar or inline — your choice
Fail-closed on network errors
Every call witnessed + signed
Read the docsComing soon
magcarta-sdk@1.0.0
fromfrom magcarta importimport Gateway, Policy
gw = Gateway(env="production")
@gw.guard
defdef transfer(amount: int, to: str):
    """Wire transfer. Gateway evaluates policy inline."""
    returnreturn treasury.wire(to=to, amount=amount)
# Any call passes through identity → policy → ledger
transfer(amount=12_500, to="acme-supplies.us")
# → gateway.Denied: policy.spend.v12 · limit=10000
Plug-and-play distribution
07 / 08

Subscribe from the marketplace.
Governing in minutes.

MagCarta ships as a single, pre-audited image on AWS, GCP, and Azure Marketplace. Your cloud handles procurement, distribution, and billing. We stay the governance plane — you keep your data, your keys, your runtime.

Image artifact
magcarta-gateway-v1.ami
ListingAWS Marketplace
Availabilityus-east-1, eu-west-1, +14
ProcurementPrivate Offers · EDP drawdown
Starts onSigned, verified boot
LicenseKey-validated at startup
one-line installv1.0
$ aws marketplace subscribe \
  --product-id magcarta/gateway \
  --region $AWS_REGION

 image pulled · pre-audited
 license validated
 connected to $DATABASE_URL
 gateway listening on :4400
01
Subscribe
One-click from your cloud marketplace. Billing flows through your existing cloud contract.
02
Boot the image
Pre-audited container. Gateway + identity + policy + ledger in a single artifact.
03
Point BYO Postgres
Bring your own database. MagCarta creates its own schema. No data leaves your VPC.
04
Governing in minutes
Point your agent runtime at the gateway endpoint. Every call now inline-evaluated.
01
Pre-audited once, not per customer
The image clears marketplace security review once. Procurement and infosec collapse into a SKU approval.
02
No data egress from your VPC
MagCarta is the governance plane — it runs in your network, reads your database, holds your keys. We never see your traffic.
03
Cloud-native billing
Burns down against your existing EDP / MACC / CUD spend commitment. No new vendor onboarding.
04
BYO runtime, BYO keys, BYO model
LangChain, CrewAI, MCP, or custom. OpenAI, Anthropic, self-hosted. MagCarta governs them all.
governance plane · single image · gateway + identity + policy + ledger · you bring: postgres, llm keys, agent runtime, network
Deployment guideComing soon
How we compare
08 / 08

Not a firewall.
Not an IAM.
A governance plane.

The closest product-level competitor covers 2 of the 7 pillars regulated industries will require. The best-funded covers none. Sourced from our public competitive analysis.

Capability
MagCarta
Governance plane
Zenity
Agentic AI security
Credal
Managed AI workspace
IntentBound
Intent-based access
Gravitee
API / agent catalog
MS Entra Agent ID
Azure-scoped IAM
Cryptographic agent identity (DID + PKI)
Vendor-neutral agent credentials
Deterministic policy engine
Signed, versioned policy
Inline enforcement gateway
Block before the call, not after
Information-flow / taint tracking
Context-scoped egress rules
*
Cryptographic provenance
Regulator-grade audit trail
BYOF adapters (LangChain / CrewAI / MCP)
Bring your own framework
*
Vendor-neutral, cross-cloud
No single-cloud lock-in
Built & testedPartial** Phase 3 onwardsNot offeredSource: public docs · MagCarta competitive analysis, Mar 2026
Built for regulated environments
SOC 2 Type IIISO 27001NIST AI RMFEU AI ActColorado AI ActGDPRHIPAA-ready
Before you ship another agent

Govern it, or
audit the fallout.

30-minute conversation with our team. We'll walk the gateway, show a decision on your stack, and share the roadmap.

Get in touchRead the whitepaperComing soon