For Platform Engineering, AI & Security Teams
The unified control plane for AI agent discovery, identity, authorization, and runtime enforcement for every agent in your organization running on Kubernetes. Guardrails, not gates.
Deploy agents faster with comprehensive observability
Complete visibility into every agent; shadow agents too
They are autonomous and non-deterministic: they act on behalf of a user, reach for any tool, LLM, or other agent, have a delegation chain, and read untrusted input.
Agents reach for any tool, LLM, or agent and read untrusted input
What you need: One place that says what each agent can do. Policy-driven, applied at every call.
Every action is a delegation chain: User->agent->agent->Tool.
What you need: JWT Tokens scoped, time-bound, carrying the chain.
A valid credential does not guarantee good behavior
What you need: Detect anomalies: quarantine the ones going wrong.
Blast radius moves as new agents and tools come online
What you need: Test the posture; sandbox new agents on the way in
Lynx is a cloud-native enforcement layer purpose-built for autonomous agents. It sits in the middle of all agentic traffic across Kubernetes clusters to discover, authenticate, authorize, and observe every agent action in real time.
Every agent is known. Every identity is verified.
Every action is authorized before it happens. Every interaction is traceable.
Know every agent before they do something they shouldn't.
A directory of every agent with owner, purpose, version, context. Full APIs for CI/CD registration at deploy time.
Find every agent running, including ones nobody registered. Detected by behavior (library loads, MCP traffic, TLS SNI.
Discovered agents are cross-referenced against the registry.
Reconstruct any agent's actions end-to-end: what it saw, what it decided, which tools it called. Open Telemetry traces.
Fine-grained authorization for every agent interaction before it happens.
Continuously evaluate every registered agent's configuration against security baselines. Detect drift the moment it occurs — not at the next scheduled scan. Surface over-permissioned tools, excessive scopes, missing identity bindings, and exposed MCP servers before they become incidents.
Provide a sandbox environment for each agent with a controlled blast radius. Leverage eBPF to control kernel primitives applied to the cluster before any agent runs. Customer-configurable baselines for safe operation by default.
Posture policies derived from actual K8s configuration — namespace, service account, RBAC bindings, and network policy — not just agent metadata.
Pre-built policy packs for common compliance frameworks. Map agent configuration gaps directly to GDPR, HIPAA, SOC 2, and financial services requirements.
Every agent needs a verified identity. Not a shared API key.
Cryptographic workload identities issued to every agent. Integrates with Microsoft EntraID, Okta, and existing IdPs. Private key never leaves the workload.
Eliminates long-lived API keys entirely. Short-lived tokens with ~10-minute TTL are automatically rotated. Credential theft becomes operationally useless.
Tracks On-Behalf-Of delegation chains via RFC 8693 token exchange. Every hop in a multi-agent workflow is cryptographically attributed.
Standard Mode replaces caller tokens with gateway-minted JWTs. Passthrough Mode preserves the original token for downstream verification alongside the gateway JWT.
Guardrails, not gates. Enforcement that doesn't slow your AI & platform engineering teams down.
Istio Ambient Mesh: ztunnel at L4, waypoint proxy at L7. Every policy evaluated in real-time before any action. Break-glass quarantine. HIL hooks.
Restrict exactly which LLM, MCP server, API endpoint, or tool an agent can access. Bindings enforced at the gateway — not in agent code.
LLM-assisted authoring of Cedar policies. Plain English expression of desired intent. Lowers the cognitive burden on authoring policies.
See everything. Trace every action. Prove it to the auditor.
eBPF empirical classifier and behavioral baseline built from real agent traces. Detects anomalies — credential theft, lateral movement, supply-chain compromise — that static signatures miss.
Full reproducible audit trail satisfies GDPR, HIPAA, SOC 2, and financial services requirements. Every agent decision is logged with cryptographic attribution.
Leverage eBPF & LSM to watch agent behavior on a continual basis and feed traces to the anomaly detection engine. Use Cedar policies to configure eBPF & LSM controls per agent. LLM-assisted authoring of Cedar policies.
LLM-driven adversarial agent continuously probes the cluster for posture gaps — IAM misconfigs, over-permissioned tools, exposed MCP servers — before attackers do.
Lynx meets you where your agents are.
Lynx is a Kubernetes-native gateway deployed in your cluster, sitting in the middle of all agentic traffic and enforcing policy at runtime. Control and data plane fully managed by you.
We’ve spent a decade enforcing policy for cloud-native workloads at the world’s most demanding organizations — 8 million+ nodes, 1 million+ clusters. The same enforcement rigor and policy framework powering the Calico platform is now available for AI agents.
The enforcement engine behind Lynx secures 8M+ Kubernetes nodes daily. Enterprise-proven at the most demanding scale.
Not IAM stretched to cover agents. Not CASB repurposed for a new problem. Built from the ground up for autonomous, non-deterministic, distributed AI agents.
Real-time enforcement that enables AI & Platform Engineering teams to move fast — not a bureaucratic control layer that creates bottlenecks and drives workarounds.
A decade alongside NVIDIA, RBC, Bloomberg, and many more. That accumulated knowledge ships with every product we build.
Lynx gives security, AI, and platform engineering teams the visibility, authorization, and enforcement controls to safely deploy AI agents, anywhere in your Kubernetes environment, at enterprise scale.