Protect every action your agent takes.

Hermes Shield is a local-first security layer for AI agents, auditable and in your control.

Hermes Shield is a local-first action-control layer for teams deploying agents that browse, send, post, approve, schedule, call APIs or mutate systems — operator-controlled boundaries with audit evidence.

PRIVATE BETA IN PROGRESS.CUSTOMER-ZERO PROOF ENGINE: ACTIVE
Retro TV console showing the Hermes Shield crest over a pixel-art worldRuggedised security console showing the metallic Hermes Shield crest

Kill Switch

One switch to stop outbound actions instantly.

Action Gates

Every action is verified before it’s allowed.

Threat Shield

Untrusted content is fenced, scanned and contained.

Audit Trail

Everything is logged, redacted and easy to review.

Agents don’t just answer. They act.

Modern agents browse, email, post, approve, schedule, write files, trigger APIs, and mutate live systems.

Browse
Email
Post
Schedule
Approve
Write File
Trigger API
Mutate System
The risk moved from bad answers → unauthorised actions.

Prompt filters are not enough.
Agents need action control.

Prompt Firewall

Stops text.

Untrusted
Input
Pixel-art brick firewallStone firewall with an ember shield emblem
Blocked
Message

Hermes Shield

Controls actions.

Untrusted
Input
Hermes Shield crestHermes Shield crest
Action Gate
Approved or
Blocked Action
What can this agent actually do after compromise?

Customer-Zero
Proof Engine

Built inside a real Hermes agent system with posting lanes, queues, schedulers, browser automation, email paths, approvals, and live-action risk.

✦ LIVE PROOF EVIDENCE ✦

These are the live internal review milestones of the system protecting our own production agents — each code is a dated internal security-review checkpoint, shown unedited.

Latest MilestoneS2.3-REVIEWCOMMIT 47d4d09
Tests Green538FULL SUITE PASSING AT S2.3-REVIEW
Reviewed Live-Action Paths10gmail_send_lead · gmail_senders · gmail_followup_lead · linkedin_dm_send_runner · linkedin_dm_bridge · friday_quote_autoposter · friday_reply_autoposter · x_api_publish_thread · x_post · linkedin_first_comment
VerdictPASS_​WITH_​RESIDUAL_​RISKPASS_WITH_RESIDUAL_RISK
DISCOVERY ENGINE — CUSTOMER-ZERO REPO
Action surfaces discovered1,185+RAW DISCOVERY — NOT A PROTECTION CLAIM
Untrusted ingress points698RAW DISCOVERY — NOT A PROTECTION CLAIM
Patch-plan items generated375RAW DISCOVERY — NOT A PROTECTION CLAIM
Files scanned1,125RAW DISCOVERY — NOT A PROTECTION CLAIM
iCurrent proof coverage is bounded to the tested threat model. Residual risk is documented.
Source: sanitised public proof capsule
IN PRIVATE DEVELOPMENT

Every agent has a blast radius.
Most teams have never seen theirs.

The same discovery engine that protects our own agents maps every place an agent can act — the tools, files, sends and API calls it can reach. We ran it first on our own codebase.

1,185+Action surfaces mappedCUSTOMER-ZERO REPO — MORE AS IT RUNS
698Untrusted ingress pointsCUSTOMER-ZERO REPO — MORE AS IT RUNS
375Patch-plan items generatedCUSTOMER-ZERO REPO — MORE AS IT RUNS
1,125Files scannedCUSTOMER-ZERO REPO — MORE AS IT RUNS

An agent blast-radius scan for your own repositories is in private development. Ask for early access and we’ll bring you in as it opens.

See a Sample ReportRequest Scanner Early Access

Building
Agents
That Act?

Register interest in Hermes Shield private beta.

Register InterestRegister Interest
Pixel-art castle bearing the Hermes Shield crestDark castle bearing the metallic Hermes Shield crest against a futuristic city