Prove what your AI agents do without exposing the data.

See where every byte of data went, block what shouldn't leave, and turn each production run into signed, reviewer-ready evidence.

Keep your observability stack. TracerYX adds the security plane on top of OpenTelemetry: data lineage, enforcement at the tool boundary, and proof.

Join the waitlist See the data flow

Runs in your VPCNo agent code changesRedacted before egressReviewer-ready packet

Evidence packet · pkt_9f31c7a4

Ready for review

Share proof. Not payloads.

03send_email(to=████@███.com)redacted

07charge_refund(card=tok_████)hashed

04policy: pii_egress_guardpass

0 secrets egressed3/3 destinations allowed5/5 controls passed

Data lineage

Know exactly where your agent's data went.

Every tool call is an egress event. TracerYX maps each one to its destination, labels the data class that moved, and shows whether it was redacted, hashed, allowed, or blocked at the boundary, in real time.

internal-orders-apiredacted

order + PIIvia lookup_order

api.stripe.comhashed

card tokenvia charge_refund

smtp.sendgrid.netredacted

customer emailvia send_email

raw-llm-logs.vendor.ioblocked

full promptvia model_call

4 destinations3 allowed · 1 blocked0 raw secrets egressed

How it works

From agent run to reviewer sign-off in one pass.

TracerYX deploys as a sidecar next to your agents in production and turns each run into evidence a security team can inspect line by line. Three steps, one packet.

1file

Everything a reviewer needs, in one packet

Raw prompts or secrets that leave your boundary

VPC

Self-hosted sidecar that runs inside your network

CC6

Controls mapped to SOC 2, GDPR, PCI line by line

Trace

An OpenTelemetry-compatible sidecar records every agent step, tool call, policy check, and destination in production, with no changes to your agent code.

Redact

Prompts, secrets, files, and customer data are masked inside your boundary before anyone reviews. Hashes let a reviewer verify a value without ever seeing it.

Prove

Share a single evidence packet security and compliance teams can inspect: behavior and proof, not payloads. Re-runs regenerate it automatically.

Clear evidence, fewer review loops.

Give security reviewers behavior, boundaries, policies, and proof that sensitive material was protected, structured the way they already think about risk.

Every packet is a single shareable file. No dashboards to grant access to, no raw logs to comb through, no prompts to leak.

Timeline

Agent actions, model calls, and tool destinations. every step, in order.

Boundary

What data moved, and how it was protected. redacted · hashed · blocked · approved.

Policy

Rules evaluated and controls already satisfied. mapped to your framework.

Notes

A compact artifact teams keep with the review record. one shareable file.

The shift

You can watch your agents. You can't stop them.

Observability tools show what an agent reasoned. They don't enforce, redact, or prove. With the EU AI Act's high-risk logging obligations landing in 2026, security teams need an answer to “what did the agent do with our data, and can you prove it” — not another dashboard.

Reviewers ask for screenshots and raw logs
Prompts and customer data get copied into tickets
Every review restarts the evidence-gathering from zero
Security signs off on faith, not proof

One packet answers the reviewer's questions up front
Sensitive payloads are redacted before they ever leave
Re-runs regenerate the packet instantly
Security signs off on inspectable evidence

Trust, today and next

Verifiable evidence now. Hardware-attested next.

Every packet is signed and tamper-evident — anyone can verify it offline with our public key, no account and no trust in us required.

Shipping

Software attestation

Deterministic redaction, policy enforced at the tool boundary, and Ed25519-signed packets with SHA-256 tamper-evidence. Verify any packet against the published key.

Roadmap

Confidential compute

Enforcement running inside a TEE with composite CPU + GPU attestation (NVIDIA H100/H200 CC, Intel TDX, AMD SEV-SNP) and attestation-gated key release — so the enforcement itself is provable, not just asserted.

Get the full sample packet.

We are onboarding the first 50 design-partner teams by hand. Tell us what you are trying to prove and we will reach out with the complete evidence packet, not the preview.

First 50 design-partner slotsRuns inside your VPCNo spam. Unsubscribe anytime