Public documentation for governed AI labor
SDKs/Governance/Connectors
Arx / Docs / Mythos Outreach Materials

Documentation

Mythos Outreach Materials

Project-Agent-trust-merge / MYTHOS_OUTREACH.md

Project-Agent-trust-merge market MYTHOS_OUTREACH.md

> Positioning: Risk reduction at AI speed. Lead with a number, not with governance. Compliance is a byproduct.

---

LinkedIn Post

---

SECURITY LEADERS: Stop selling governance to your CFO.

Your team wants to deploy AI agents. Mythos makes them powerful. But your CFO doesn't buy "governance" — they buy a number on a P&L line.

So give them a number.

Arx scores every connector call your agents make 0–100, in milliseconds, before the call leaves the platform. Operation blast radius + connector sensitivity + session frequency + target criticality. Open formula, tunable thresholds, written to a hash-chained audit row.

  • Above the deny threshold, the call is denied automatically.
  • On drift, the agent is suspended automatically.
  • On TTL elapsed, the request is declined automatically.

In the gray zone, a human approves once — and if the fix needs write access, your remediation agent gets a scoped, time-bound permission grant. Arx grants the permission; your agent does the fix; the audit row proves both. The grant auto-reverts when the TTL expires.

Compliance? Byproduct. SOC 2 / NIST AI RMF / ISO 42001 / EU AI Act maps fall out of the score and the trail.

The orgs winning with agents aren't the ones with the smartest model. They're the ones who can defend the deployment to the board with evidence — quantified, ranked, contained, traceable.

The right pitch to your CFO is not "we need governance."

It's: *"94% of calls auto-allow. Median 2m 34s on the gray zone. Deny rate, drift suspensions, and dollar exposure avoided — all in one dashboard."*

Read the business case: [for-executives page link]

---

Email Template

Subject: A 0–100 risk score for every Claude agent action your team ships

---

Hi [Name],

We spoke recently about Claude's Mythos framework, and I remember you asking the question every CISO eventually asks:

> "How do we keep control?"

It's the right question. The answer most agent platforms give back is "governance." That's the wrong word. Governance reads as overhead — a process tax on the team that already shipped the agent.

The right answer is a number.

Arx scores every connector call your agent makes — 0 to 100 — in milliseconds, before the call leaves the platform. The score combines four signals you can audit and tune: operation blast radius, connector sensitivity, this session's action frequency, and target system criticality. Crossing your threshold doesn't fire an alert. The call is denied, deterministically, and the verdict is written to a hash-chained audit trail.

What that gives a security team:

  • A per-call risk score they can put in front of the board
  • Automated containment when the score crosses the line — deny on threshold, suspend on drift, decline on TTL elapsed
  • Scoped, time-bound write grants so a remediation agent can actually fix the underlying issue (Arx grants the permission, your agent does the fix, the audit row proves both)
  • A tamper-evident audit trail your GRC team verifies from a witness bucket in your own account — without trusting us

Compliance maps (SOC 2, NIST AI RMF, ISO 42001, EU AI Act) fall out of platform state. They're a byproduct of the score, not the pitch.

We wrote a short business case for security executives — the page covers the risk math, the containment primitives, the scoped-grant pattern, and the audit. It's the document I'd hand the CFO if I were trying to defend an agent deployment.

[For-executives page link]

Happy to spin up a 30-minute sandbox against one of your Python agents and show you the score on real calls.

Best, [Your Name]

---

Twitter/X Post

---

Mythos agents are powerful. Your CFO doesn't buy "governance" — they buy a number.

Arx gives them one. 0–100 risk score per connector call, deny-on-threshold, suspend-on-drift, scoped-time-bound writes for the remediation agent.

Compliance is a byproduct.

The business case: [link]

---

Slack Message (Internal)

---

Mythos business-case page is live

Hey everyone — the new for-executives page is up, with the matched objections doc.

The frame is simple: stop selling governance, sell a number. The page covers:

  • The 0–100 risk score formula (open and explicit)
  • Automated containment: deny on threshold, suspend on drift, decline on TTL
  • Scoped, time-bound remediation grants (Arx grants permission, your agent does the fix)
  • Tamper-evident audit (witness bucket in the customer's account)
  • The business case (revenue enablement, risk reduction, compliance leverage)

Use this with anyone who's pushed back that "governance is overhead" or that "a list of issues isn't actionable." There are matched reframes in MYTHOS_OBJECTIONS.md.

[For-executives page link] · [MYTHOS_OBJECTIONS.md]

---

Key Messaging Points

For Security Leaders:

  • Every connector call gets a 0–100 risk score, before it leaves the platform
  • Crossing the threshold deterministically denies; drift deterministically suspends
  • Scoped, time-bound permission grants let your remediation agents actually fix things

For Developers:

  • The score is plumbing, not paperwork — computed in the connector, not in agent code
  • Approval gates live server-side; nothing for the agent to route around
  • Manifest-in, connector-out — the rest is automatic

For Compliance/Risk:

  • Hash-chained, witness-signed audit trail your auditor verifies without trusting us
  • Drift detection compares runtime against the declared manifest, not a moving baseline
  • SOC 2 / NIST AI RMF / ISO 42001 / EU AI Act fall out of platform state

For Enterprise Leaders:

  • Ship the agents that would have been blocked, with a number to defend each one
  • Manage by exception: the gray-zone queue is the surface area
  • Competitive advantage goes to whoever can defend the deployment with evidence