Introduction

AIOStack is runtime security for agentic data access. It connects agents, identities, database principals, sensitive data, and destinations into a single runtime evidence chain — without requiring code changes, app proxies, or application restarts.

The core insight behind AIOStack: authorized ≠ appropriate. Permissions alone don't ensure safety. An agent can have every credential it needs and still exfiltrate data, drift from its intended purpose, or chain actions in ways no individual access policy was designed to catch. AIOStack makes that chain visible.

What AIOStack secures

How the platform works

AIOStack operates at a runtime layer that IAM systems, cloud logs, NHI tools, and API gateways do not reach. It captures the full data access chain as it actually occurs:

1. Inventory — Discover Identifies every agent, AI application, MCP server, tool, vector store, LLM call, service account, and unmanaged deployment in your environment.

2. Identity Chain — Map Connects human initiators → agents → orchestrators → sub-agents → service accounts → APIs → databases → destinations into a single traceable chain.

3. Runtime Access — Observe Monitors what agents and non-human identities actually do with data: which queries run, which sensitive fields are touched, how data moves, and when.

4. Appropriateness — Detect Identifies access that is authorized but contextually inappropriate — based on workflow intent, data sensitivity, timing, volume anomalies, novel destinations, and purpose drift.

5. Least Privilege — Govern Compares permitted access against observed usage. Surfaces over-provisioned permissions and recommends right-sizing based on runtime evidence.

6. Triage — Investigate Consolidates identity, data, workflow, anomaly, and movement signals into investigation bundles so your team can understand exactly what happened.

Key use cases

• Agentic access monitoring — see which agents exist, what identities they use, and what data they touch; verify behavior matches intended workflows
• AI data exposure — detect when sensitive data is retrieved by an agent and sent to an LLM, external API, or third-party tool
• Identity chaining — trace user → agent → service account → database principal to make agentic risk visible even when all individual credentials are approved
• NHI least privilege — eliminate excessive permissions for non-human identities using actual runtime access patterns
• Purpose drift detection — flag when an agent's observed behavior deviates from its intended function

Technical approach

AIOStack deploys as a Kubernetes DaemonSet using eBPF probes (sock_ops, kprobe, tc, uprobe) to capture runtime signals at the kernel level. A user-space FSM parser reconstructs application-layer protocols — OpenAI API, Anthropic, vector DBs, PostgreSQL, and more — from raw packets. This provides semantic visibility (which model, what data, which tools, where it went) with less than 2% CPU overhead and zero inline latency.

No code changes are required. AIOStack is read-only. Your applications do not know it is there.

Requirements

• Kubernetes 1.29+ with eBPF support enabled on nodes
• Linux kernel 5.15+ on all cluster nodes
• Helm 3.x and kubectl configured with cluster access
• An Aurva account — sign up at app.aurva.ai

Ready to deploy? Head to Installation.