Praxel is the vendor-neutral runtime control plane for AI agents. Wrap any agent in three lines. Get cryptographically signed audit logs, real-time policy enforcement, and compliance evidence for SOC 2, HIPAA, and EU AI Act — by default.
Join the waitlist — early access for design partners.
from anthropic import Anthropic client = Anthropic() resp = client.messages.create( model="claude-sonnet-4-5", tools=tools, )
from praxel import Praxel client = Anthropic() agent = Praxel.wrap(client) # → allow · signed:ed25519:b1e4…c09a
Three steps. Zero infrastructure changes.
Three lines. Any agent, any provider.
Allow safe actions, approve high-value ones, deny violations.
Every call checked against policy. Sub-50ms.
Each action: signed, timestamped, verifiable.
Every decision signed. Auditor-ready by default.
Composite scenarios drawn from publicly reported AI incidents (2024–2026). Praxel enforcement would have logged, blocked, or escalated each.
A scheduling agent chained lookup_vendor and send_ach and wired funds to a spoofed payee. No human. No audit trail that survived rotation.
A Claude triage agent echoed patient records into a third-party summarizer. Screenshots surfaced in a training set. HHS opened a breach investigation in two weeks.
A three-agent workflow hit a retry loop: planner → executor → search. By the time rate limits tripped, the team had burned $11k and a customer circuit breaker.
86% of production AI agents go live without formal security review
Source: Pragatix AI Agent Security Report, 2026
€35M or 7% EU AI Act max penalty for prohibited practices · enforcement August 2026
Source: EU AI Act Article 99
35% of executives report they cannot stop a rogue agent in real time
Source: Pragatix AI Agent Security Report, 2026
Praxel works across every model provider and isn't tied to any single lab's roadmap. One governance layer for your whole agent stack — Anthropic, OpenAI, or custom — so you're never locked in.
MIT open source · vendor-neutral by structure. No frontier lab owns the roadmap.
Ed25519 signed events, individually verifiable, cryptographically timestamped. Tamper-evident by construction.
Every call, every tool, every retry. Not a quarterly snapshot run in your eval pipeline.
The SDK is MIT, forever. Pay us when you need hosted distribution, BAA, or signed forensic export.
Everything an independent dev needs to govern production agents.
For teams running agents in production across 2+ providers.
Self-hosted, SSO, BAA, dedicated compliance engineer.
The ones we get most from platform leads, CISOs, and the senior engineer in the room with arms crossed.
Sub-50ms policy evaluation in-process. No sidecar, no proxy hop.
Promptfoo tests agents in CI before they ship. Praxel governs them in production, on every live call. Testing is a snapshot; production is a stream. And Praxel stays neutral across providers.
Yes. We wrap at the model-client layer, below LangChain, LlamaIndex, CrewAI, or your own orchestration. If it eventually calls an HTTP model endpoint, Praxel sees it.
Wherever you want. Local filesystem, your S3 bucket, Snowflake, BigQuery, or a WORM archive. We never see your events unless you explicitly enable the hosted plane.
The SDK is in-process. There is no SaaS dependency in the critical path unless you opt into hosted approvals. Policies are cached locally and evaluated offline.
Install the SDK in three lines. Sign every call. Hand your auditor signed event exports instead of screenshots.