The Control Tower
for AI Agents.
Autonomous agents now run against real repos and production infra. Nobody owns the question “what is every AI agent doing, and who said it could?” OpenSyber does — discover every agent, govern what it can do, and audit every action.
Pre-revenue · bootstrapped · seeking 3–5 design partners and pre-seed conversations.
An AI cleanup agent deleted a production database — and every backup — in 9 seconds. An over-permissioned token and no gate on irreversible actions.
Shai-Hulud (TeamPCP): a worm that hijacks AI-dev-tool config, plants an auto-run hook, and steals GitHub/npm tokens. Source is public.
Staged MCP rug-pulls swap a hidden instruction after N clean calls — invisible to every single-session scanner.
Architecture problems, not model failures. The threat model already shifted.
Agentic AI security, 2026 → $13.52B by 2032 (42.0% CAGR)
MarketsandMarkets
AI-TRiSM, 2026 → $21.06B by 2035 (~21.7% CAGR)
Precedence
AI agents per Fortune 500 by 2028 — agent sprawl
Gartner
Published standalone MCP-security TAM — open whitespace
verified by absence
The relevant band is $1.65B–$3.59B “security-for-AI,” not the ~$51B headline. Cross-session MCP drift is the least-crowded whitespace.
Discover
Agent + MCP-server inventory and shadow-AI detection. You cannot secure what you cannot see.
Govern
MCP policy chokepoint — allow / step-up / deny — plus JIT least-privilege secrets and a human approval gate on high-risk actions.
Protect
Cross-session MCP drift detection (SHA-256 fingerprints across days) catches the staged rug-pull single-session scanners miss.
Audit
Prompt → tool → repo → infra action linking, with SOC 2 / ISO 27001 / ISO 42001 evidence export.
Cross-session MCP drift
Most AI security checks a tool once per session. We fingerprint across days and catch the swap on call N.
MCP policy chokepoint
We intercept the call — allow / step-up / deny — instead of detecting damage after the fact.
GitHub policy bridge
Prod-touching commits are gated by AI-session identity with step-up auth.
Device-bound sessions
TokenForge ECDSA P-256 keys are non-extractable and survive cookie theft.
Verified marketplace
SBOM-attested, ECDSA-signed, OSV.dev CVE-scanned skills and MCP servers.
apps + 26 packages shipped
tests passing across measured suites
D1 tables · 71 migrations · 195 API routes
marketplace skills (6 AI + 13 utility)
Pre-revenue, pre-design-partner. LemonSqueezy billing live. Product Hunt launch planned Q2 2026.
Three design partners. One quarter. One proven catch each.
We commit to surfacing at least one finding your current stack missed — an over-permissioned agent token, an unaudited MCP call, or a drifted tool definition. Investors and operators in AI security: let’s talk.