Enterprise agent security

Convert enterprise APIs into secure agent tools

KeyRunner converts your APIs into governed tools, exposes them via KeyRunner MCP, and returns clean responses to agents — secrets redacted going in, PII and PHI redacted coming back. Policy-enforced. Runtime-injected. Fully audited.

Book a security call Read the docs

API-to-Agent Conversion

Convert enterprise APIs into governed agent tools

Import an OpenAPI spec. KeyRunner converts it into governed tool definitions and exposes them via the KeyRunner MCP server. Agents call /get_tools via the KeyRunner SDK, select a tool, and call it. KeyRunner resolves the secret, executes the API, redacts sensitive data from the response, and returns clean output to the agent.

Import OpenAPI specs to generate agent tools automatically
Expose tools via KeyRunner MCP — agents discover them with /get_tools
Policy enforced before every tool call
Credentials resolved at runtime, never passed to the agent
PII, PHI, PCI and secrets redacted from API responses
Every tool call logged in an immutable audit trail

OpenAPI → Agent Tool

import openapi_spec # your existing API

keyrunner.register(

spec=openapi_spec,

policy="least-privilege",

secret_store="vault",

expose_as="mcp-tool"

)

# Agent calls tool, never sees credentials

agent.use_tool("get_orders")

The credential exposure problem in agentic AI

Most organizations are giving AI agents API keys the same way they gave developers API keys ten years ago. That was already a bad idea. For autonomous agents, it's a critical risk.

🔑

Keys in the wrong places

Agent credentials end up in system prompts, tool configs, memory layers, and logs, all reachable by prompt injection or logging systems.

🚫

No per-action governance

Once an agent has a key, it has unlimited access until the key is rotated. There's no policy that says "this agent can call GET /orders but not DELETE /users."

📭

No audit trail

When an agent makes an unauthorized or unexpected API call, there's no immutable record to reconstruct what happened, when, or why.

How KeyRunner's secure agent runtime works

Five steps, from agent intent to API response, with credentials that never leave the runtime.

Platform teams import an OpenAPI spec or register API endpoints as named, policy-governed actions in KeyRunner.

Request

An AI agent invokes a named action, not a raw API endpoint. The agent has no credential to send. It just calls the action.

Validate

Before any credential is retrieved, KeyRunner evaluates the request against policy: agent role, action scope, rate limits, conditional access.

Inject

KeyRunner fetches the credential from Vault, 1Password, or AWS/Azure KMS at runtime. It is used internally. The agent never receives it.

Execute & Audit

KeyRunner makes the API call, returns only the response to the agent, and writes an immutable log: agent, action, outcome, timestamp.

The execution guarantee

The agent never sees the key. It receives only the API response.

Credentials fetched at runtime. Used once. Never returned to the caller. Every execution logged.

Built for the teams responsible when agents go wrong

Platform engineering

Define which APIs agents can call
Set policy per agent role and action
Integrate with existing secret stores
Works with any agent framework

Security engineering

Zero standing credentials in agent context
Least-privilege enforcement per action
Credential rotation transparent to agents
Addresses OWASP LLM04, LLM06, LLM08

Compliance

Immutable audit trail on every agent action
SIEM export for SOC 2, ISO 27001, HIPAA
On-premises deployment, no data egress
Full execution reconstruction for reviews

Why existing tools don't fully solve this

Each of these is a necessary part of your stack. None of them is the execution governance layer.

Tool

What it does

What KeyRunner adds

vs Secrets Managers

Store and retrieve credentials. An agent that fetches a secret from Vault now holds that secret.

Retrieve credentials internally and execute the call. The agent never receives the credential.

vs API Gateways

Govern inbound traffic to your APIs. Do not govern which external APIs your agents call.

Govern outbound agent behavior, which external APIs agents can call, under what policy, with what credentials.

vs NHI Platforms

Establish who the agent is. Do not govern what the agent does with downstream API credentials.

Add the execution governance layer on top of identity, every API call policy-checked, credential-safe, audited.

vs Agent Frameworks

Define how agents call tools. Provide no credential governance, no policy enforcement, no audit.

The enforcement layer those frameworks are missing, same tool-call interface, with full security underneath.

Common questions

What is a secure agent runtime?

A secure agent runtime is the infrastructure layer that sits between an AI agent and the downstream APIs it needs to call. Instead of giving the agent a credential, the runtime receives the agent's intent, validates it against policy, injects the credential at execution time, performs the API call, and returns only the response. The agent never holds the key.

Why can't agents just use API keys like developers do?

Developers can be held accountable for how they use credentials. AI agents cannot, they operate across sessions, prompts, and memory layers where keys can leak or be logged. A compromised agent with standing keys has unlimited access until manual rotation. A secure agent runtime removes credentials from agent context entirely.

Does this work with LangChain, CrewAI, Claude, or GPT-based agents?

Yes. KeyRunner exposes governed API actions as callable tools that integrate with any agent framework supporting tool use. The agent calls the registered action, not the raw API. From the agent's perspective it's a tool call. From the infrastructure's perspective it's a governed, audited, credential-safe execution.

See all questions →

Ready to govern agent execution?

Give agents capability. Not credentials.

Book a security architecture call or start with the docs.

Book a call Read the docs