Find every
machine identity
before they do.
45 machine identities for every 1 human. IAM roles, API keys, AI agents — almost none of them governed. AgentSentry audits your cloud in minutes, scores every NHI by blast radius, and maps attack paths to your crown jewels.
Every attack surface.
One scanner.
AgentSentry is the only open-source tool that audits machine identities and AI agents in the same scan, with the same risk model.
NHI Discovery
Finds every IAM role, API key, service account, and OAuth token in your cloud. The ones you know about, and the ones you don't.
AI Agent Scanner
Statically analyzes LangChain, CrewAI, and AutoGen codebases. Extracts tool permissions. Computes the AI-Amplification Factor.
CISA KEV Enrichment
Correlates every finding against 1,610+ actively exploited CVEs. Flags ransomware-linked vulnerabilities.
Attack Graph
Builds a directed graph of access relationships. Computes blast radius: if this identity is compromised, what does the attacker reach?
MITRE ATT&CK Mapping
Every finding maps to ATT&CK techniques. T1078.004, T1528, T1651 — the language your SOC already speaks.
Risk Scoring: P×R×E×A
Privilege × Reachability × Exposure × AI-Amplification. The first scoring model that accounts for autonomous AI agent blast radius.
Free forever. Pro when you need it.
The core scanner is free and always will be. Pro unlocks the features that enterprises need for continuous governance.
- AWS IAM role & access key scanner
- LangChain / CrewAI / AutoGen agent scanner
- P×R×E×A risk scoring engine
- CISA KEV threat intel enrichment
- Interactive NHI attack graph
- MITRE ATT&CK mapping
- CLI tool — runs locally, no data sent
- Open source — MIT license
- Everything in Free
- Continuous monitoring — alerts when new NHIs appearpro
- Remediation workflows — auto-creates Jira/ServiceNow ticketspro
- Audit-grade PDF reports — SOC2, ISO27001, NIS2 mappingpro
- Azure AD + GCP scanner
- GitHub Actions secrets scanner
- Priority support
- Early access to new features