Public documentation for governed AI labor
SDKs/Governance/Connectors
Arx / Docs / ARX FAQ

Documentation

ARX FAQ

Project-Agent / docs/FAQ.md

Project-Agent product-docs docs/FAQ.md

---

What is ARX?

ARX is a governance layer for AI agents operating in enterprise security environments. It sits between autonomous agents and the security tools they interact with — intercepting every action, evaluating it against policy, and producing an immutable audit trail.

ARX does not replace your agents or your security tools. It wraps them, adding the control plane that enterprises need before granting AI systems access to production infrastructure.

---

What problem does it solve?

AI agents are being deployed to automate security operations: triaging alerts, enriching incidents, isolating endpoints, creating tickets. These agents interact with tools that carry real blast radius — CrowdStrike can contain hosts, Okta can disable users, Palo Alto can modify firewall rules.

Without governance, an agent misconfiguration or prompt injection can escalate into a production incident. And most AI frameworks provide no audit trail, no access controls, and no human oversight — which means they fail SOC 2, ISO 27001, and FedRAMP requirements by default.

ARX closes that gap.

---

How does it work?

Every operation an agent attempts passes through ARX before reaching the target tool. ARX runs three steps on every call:

  1. Intercept — Captures the full request context: which agent, which tool, which operation, what parameters.
  2. Evaluate — The policy engine computes a risk score and returns a verdict: PERMIT, ESCALATE, or DENY.
  3. Log — Writes an immutable audit record regardless of the verdict.

The verdict determines what happens next:

| Verdict | Effect | |---|---| | PERMIT | Operation executes immediately | | ESCALATE | Operation blocks; a human must approve via Slack or Teams before anything runs | | DENY | Operation is rejected; the agent receives a PermissionDeniedError |

---

How does ARX actually prevent an agent from doing something?

Agents never hold credentials for any downstream tool — only an ARX API key. Without credentials, there is no path to CrowdStrike, Okta, Splunk, or any other connected tool. ARX is the only credential holder and the only execution path.

When the policy engine returns DENY, ARX raises an error and the operation never executes. There is no bypass mechanism.

---

How do I integrate?

Three options:

  • SDK — Install agentvault from PyPI. Replace direct tool API calls with ARXClient calls. The agent's logic doesn't change — it just routes through the governance layer.
  • REST API — Direct HTTP calls to the ARX API. Works for any language or framework.
  • MCP — For MCP-compatible frameworks, ARX exposes an MCP server that intercepts tool calls at the protocol level.

If an agent is already in production, integration is an instrumentation step, not a rebuild.

---

How does human-in-the-loop work?

When an operation receives an ESCALATE verdict, ARX sends a structured approval request to a configured Slack channel or Microsoft Teams channel — including the agent name, operation details, parameters, risk score, and one-click approve/deny buttons. The operation blocks until a reviewer responds. Nothing executes in the meantime.

The reviewer's decision, identity, and timestamp are recorded in the audit trail. Agent ownership is tracked via a bi-directional Jira integration, so every approval request traces back to an accountable owner.

---

What security tools does ARX connect to?

101 pre-built connectors covering 2,519 governed operations across:

  • Endpoint — CrowdStrike, SentinelOne, Carbon Black
  • SIEM — Splunk, Microsoft Sentinel, Elastic
  • Identity — Okta, Entra ID, Duo
  • Cloud Security — Wiz, Prisma Cloud, AWS Security Hub
  • Ticketing — Jira, ServiceNow
  • Vulnerability — Snyk, Checkmarx

---

What governance frameworks does ARX support?

AIUC-1

AIUC-1 is the first compliance standard built specifically for AI agents. ARX implements AIUC-1 across all six of its domains:

  • Data & Privacy — Agents never hold or see credentials. The secrets vault isolates all authentication material, and every data access is captured in the audit trail.
  • Security — Permission bindings, tool restrictions, and hard DENY enforcement with no bypass mechanism.
  • Safety — Behavioral drift detection flags any agent acting outside its declared intent manifest. The ESCALATE gate ensures a human reviews high-risk actions before they execute.
  • Reliability — Policy rules are evaluated on every single call with no caching. Enforcement is consistent regardless of agent state or session history.
  • Accountability — The immutable audit trail records every action, verdict, risk score, and reviewer decision. Every agent has a named owner traceable through Jira.
  • Society — ARX operationalizes the frameworks AIUC-1 builds on: NIST AI RMF, MITRE ATLAS, and OWASP LLM Top 10.

NIST AI Risk Management Framework (AI RMF)

  • Govern — Define blast radius per agent, establish ownership, document policies. ARX provides the control plane to put those decisions into effect.
  • Map — The Agent Registry inventories all AI agents, their declared intent, their permission scope, and their owners.
  • Measure — Risk scoring on every operation, behavioral drift detection, and session-level analytics give continuous measurement of agent behavior against expected norms.
  • Manage — Policy rules enforce permit/escalate/deny verdicts in real time. The audit trail provides evidence for ongoing risk management reviews.

SOC 2

Role-based access control (admin, deployer, auditor, viewer), permission bindings that define the exact scope of each agent's access, an append-only audit trail for every agent action, and exportable audit data for your SIEM.

ISO 27001

Controls around access management, supplier relationships, and operational security — covering the AI agent surface area: who can do what, under what conditions, with full documentation of every action taken.

FedRAMP

Deployment on AWS and Azure with customer-managed encryption keys (AWS KMS, Azure Key Vault, GCP KMS), SAML 2.0/OIDC authentication, SCIM provisioning, and IP allowlisting.

---

What compliance documentation does ARX generate?

ARX generates compliance packages derived from live system data: Vendor Security Questionnaire responses, Data Flow Diagrams, sub-processor lists, and SOC 2 control mappings. These regenerate on demand as your environment changes.

---

Isn't this just logging? We already log agent activity.

Logging is observability. ARX is enforcement. Logging tells you what happened after the fact. ARX's DENY verdict means the operation never ran. The ESCALATE gate means a human reviewed it before it ran. You cannot get that from a log.