ARX — AI Workforce Governance

The control plane for the AI workforce. Every AI agent your enterprise deploys becomes an accountable digital employee: a scoped identity, a named human supervisor, a continuous performance record, an immutable audit trail, and a one-button termination — all governed on infrastructure the customer's auditor controls.

ARX is the platform that makes "we have 10,000 AI agents in production" a sentence the CEO, CHRO, CFO, and CISO can all sign their name to.

> Note on framing. ARX is built as workforce *infrastructure* — > the operating model that makes governance decisions answer > themselves. We lead with "governance" because that is the category > the market recognizes today; the long-form positioning, the five > pillars, the platform argument, and the partner ecosystem story > live in OVERVIEW.md.

---

What ARX gives you

A governance pipeline every AI agent runs through, whether the agent was built by ARX, a partner (Sierra, Harvey, Decagon, etc.), the customer's own engineering team, or pulled from open source:

`` ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ Onboarding │──▶│ Supervision │──▶│ Evaluation │──▶│ Records │ │ scoped │ │ named human │ │ drift + │ │ hash-chained│ │ identity │ │ approval + │ │ performance │ │ audit log + │ │ + per-call │ │ SLA-driven │ │ review │ │ customer-KMS│ │ tokens │ │ escalation │ │ pipeline │ │ signing │ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │ ▼ ┌──────────────┐ │ Termination │ │ one-button │ │ cross-system│ │ revoke + │ │ exit attest.│ └──────────────┘ ``

Every action by every agent flows left-to-right through that pipeline. No agent code can route around it because the gates live in the connector layer, not in the agent.

---

What's in the box

| Component | Count | Where | |---|---|---| | Tool / connector integrations | 150 | arxsec-api/app/connectors/ | | ↳ OSS security tools (sandboxed Docker) | 8 dockerfiles, 21 connector modules | arxsec-api/docker/oss-tools/ | | ↳ Enterprise SaaS + cloud + identity | ~129 | grouped below | | Reference agent manifests | 188 | reference-agents/ | | ↳ IC × R/P/C across 14 functions | 42 | manager + senior tiers same | | ↳ Atlas (executive.ceo-aide) | 1 | non-matrix special cell | | Atlas capabilities | 6 | atlas/app/capabilities/ | | Dashboard surfaces | 35 | arxsec-api/frontend/src/app/(dashboard)/ | | API tests | 85 | arxsec-api/tests/ | | Helm chart | Atlas v1.0.0 | atlas/charts/atlas/ | | Operator CLI | arxctl | tools/arxctl/ |

---

Tool list — 150 connectors

Connectors share a uniform Pydantic findings schema (AIFinding, PentestFinding, AgentVuln) and route through ARX's intercept → policy → audit → approval pipeline. See CLAUDE.md for the connector contract.

OSS security tools (community tier)

21 connectors, 8 sandboxed Docker images.

NVIDIA garak, promptfoo, Microsoft PyRIT, Meta PurpleLlama, agentic-radar, agentfence, AI-GOAT, AgentDojo, damn-vulnerable-llm-agent, hexstrike-ai, pentagi, pentestgpt, ai-scanner, reaper, shannon, strix, tachi, seclab-taskflow, sojalsec-pentestagent, gh05tcrew-pentestagent, steph-pentest-ai.

Identity & access (15)

Okta, Microsoft Entra ID, OneLogin, Duo, Ping Identity, JumpCloud, SailPoint, Intune, Jamf, CyberArk, HashiCorp Vault, Bitwarden, 1Password, Mimecast, Proofpoint.

SIEM & analytics (11)

Splunk, IBM QRadar, Elastic Security, CrowdStrike, Microsoft Sentinel, Google Chronicle, Exabeam, Sumo Logic, Azure Sentinel SOAR, Securonix, Datadog Security.

Cloud workload + CSPM (11)

AWS GuardDuty, AWS Security Hub, GCP SCC, Prisma Cloud, Wiz, Orca, Lacework, CrowdStrike CSPM, Defender for Cloud, Palo Alto CNAPP, Upwind.

Endpoint & XDR (10)

Microsoft Defender, SentinelOne, Carbon Black, CrowdStrike, Cisco Secure Endpoint, Trellix, Tanium, Wazuh, Claroty, Nozomi.

Threat intel & vulnerability scanning (12)

Censys, GreyNoise, Hunter, MISP, Recorded Future, Mandiant, ThreatConnect, VirusTotal, Shodan, Rapid7, Tenable, Qualys.

Code & SCA (7)

GitHub Security, GitLab Security, Semgrep, Snyk, Checkmarx, Veracode, SonarQube.

Network & cloud edge (7)

Cisco Umbrella, Cloudflare, Fortinet, Palo Alto, Zscaler, Netskope, AWS WAF.

HR / workforce systems (6)

Salesforce, Workday, GitHub (workforce-scoped), Microsoft 365 Graph, Freshservice, Jira.

Data governance & compliance (5)

BigID, OneTrust, Drata, Vanta, Secureframe.

Incident response & SOAR (5)

ServiceNow, Cortex XSOAR, Swimlane, PagerDuty, Opsgenie.

Communication & collaboration (4)

Notion, Slack, Microsoft Teams, Twilio.

Privileged access (1)

BeyondTrust.

> Authoritative registry: CONNECTOR_REGISTRY in > arxsec-api/app/connectors/__init__.py.

---

What we've built — repository structure

`` Project-Agent/ ├── arxsec-api/ FastAPI control plane + Next.js dashboard │ ├── app/ │ │ ├── api/v1/ 150+ REST endpoints (5 governance pillars + admin) │ │ ├── runtime/ sandbox, executor, policy engine │ │ ├── connectors/ 150 connector modules + shared primitives │ │ └── ... │ ├── frontend/ 35 dashboard surfaces (App Router) │ ├── supabase/ Postgres migrations │ └── tests/ 85 test files ├── atlas/ Customer-private LLM workforce reasoner pod │ ├── app/ │ │ ├── capabilities/ architect, audit, brief, coach, decide, probe │ │ └── memory.py vector store │ └── charts/atlas/ Helm chart v1.0.0 (cosign-signed images) ├── reference-agents/ 188 agent manifests across 14 functions × 4 levels ├── library/ Declarative bundles: policies, prompts, workflows ├── tools/arxctl/ Operator CLI (validate-manifests, verify-chain) ├── load-tests/ k6 perf scenarios ├── docs/ Engineer + customer docs └── tests/ Top-level integration tests ``

Governance pillars — implementation map

| Pillar | API surface | |---|---| | Onboarding (scoped identity) | arxsec-api/app/api/v1/onboarding.py | | Supervision (named-human approval) | arxsec-api/app/api/v1/workforce.py | | Evaluation (performance review) | arxsec-api/app/api/v1/lifecycle.py (performance reviews) | | Records (hash-chained audit) | arxsec-api/app/api/v1/data_lifecycle.py | | Termination (cross-system revoke) | arxsec-api/app/api/v1/lifecycle.py (revoke + transfer-context) |

---

Atlas — the customer-private workforce reasoner

Six capabilities live in atlas/app/capabilities/:

| Capability | What it does | |---|---| | Brief | Auto-generated executive morning brief, sourced + cited | | Decide | Synchronous Q&A with line-level citations across the customer's data warehouse, CRM, HRIS | | Probe | 30-minute sweeps for "what's slipping" — pipeline, OKRs, customer health | | Coach | Routes executive instructions through the supervision pillar to the right agent cohort | | Audit | Quarterly review of the digital workforce's personnel records — recommends consolidation, retirement, reorgs | | Architect | Generates the customer's full manifest set (who to hire, what shape, what scope) — the input to bulk agent instantiation |

Atlas runs entirely inside the customer's environment. NetworkPolicy default-denies egress to ARX domains. Customer KMS signs every audit entry. Customer S3 holds every record. Helm chart at atlas/charts/atlas/, v1.0.0, cosign-signed, customer mirrors before deploy.

---

Reference agents — what's hireable today

188 agent manifests across 14 functions × 4 levels × 3 universal shapes (Research / Production / Coordination):

| | IC | Senior IC | Manager | Senior Manager | |---|---|---|---|---| | R / P / C × 14 functions | 42 ✅ | 42 ✅ | 42 ✅ | 42 ✅ |

Plus Atlas (executive.ceo-aide) and the cross-functional workforce-transformation-analyst.

14 functions: Engineering, Product, Design, Sales, Marketing, Customer Success, Customer Support, Finance, Accounting, Legal, HR / People, Operations, IT, Security.

6 levels (matrixed): IC, Senior IC, Manager, Senior Manager, Director, VP+ (Director / VP+ rows planned, not yet shipped).

Authoritative coverage map: reference-agents/INDEX.md. Manifest framework spec: reference-agents/MANIFEST_FRAMEWORK.md.

---

Recent work — May 2026

The codebase went through four major batches in the last quarter:

• Batch 4 — lifecycle pipeline. POST /agents/{id}/role-change,

POST /agents/{id}/transfer-context, POST /cohorts/{id}/retrain, cross-system credential revoke at termination, performance review pipeline. Means the Termination pillar is now end-to-end across all 150 connectors in a single transaction.

• Batch 3 — demand-side HR. Hiring requests, real Workday +

BambooHR connectors (replacing fixtures), HRIS sync stub for cohort provisioning.

• Batch 2 — executive cockpit. CEO / COO / CISO role-aware

dashboards with role switcher UI; the same data, four different framings.

• Batch 1 — task layer. Work-assignment API, dispatcher core,

quality scoring, throughput dashboard, capacity rebalancer.

• Senior IC + Senior Manager rows. 84 new templates added

(14 functions × 2 levels × 3 shapes).

• Consultant workflow. Multi-tenant consultant role + manifest

review board state machine + cohort gating + Atlas proxy evidence loader.

• 72-hour deployment orchestrator. /workforce/deploy UI walking

the customer's deploy team through PROVISION → VALIDATE → GO-LIVE.

---

Plan — what's next

ARX has no separate ROADMAP.md — the plan lives in three places (by design, since each is owned by a different stakeholder):

1. reference-agents/INDEX.md — cell coverage matrix. Director +

VP+ levels are the next two rows to fill (84 more templates, ~2 sprints with the existing scaffolders).

1. docs/atlas/atlas-spec.md — Atlas's production-real connector

wiring + LLM-call replacement. The capabilities are scaffolded; the next slice is replacing fixture responses with real per-customer data warehouse / CRM / HRIS reads.

1. Git commit log on main — feature batches land here. The

"what's coming" answer is read off recent commit themes plus in-flight feature branches.

If you're looking for status at a glance:

• Five pillars: All shipped. INV-004 (compliance inheritance) and

INV-005 (per-agent credential scope) are cryptographically meaningful end-to-end.

• Cell × shape coverage: 188 / 252 stock manifests (75%). Long

tail is intentionally ecosystem-built.

• Atlas: Helm chart + cosign release pipeline + 6 capability

modules + admin UI. Production-real connector wiring is the next implementation slice.

• 72-hour runbook: Operationally executable end-to-end.
• Catalog + submission pipeline: Browse + install + 4-stage

review state machine all working.

---

Read next

• Long-form positioning — OVERVIEW.md

(the 200-line product narrative — five pillars, partner ecosystem, Cisco-shape deployment math, what ARX deliberately doesn't do)

• Repo layout for code sessions — CLAUDE.md
• Operational runbook — docs/deployment/72-hour-runbook.md
• Atlas spec — docs/atlas/atlas-spec.md
• Per-agent credential model — docs/credentials/per-agent-auth-integration.md
• SDK + worked examples — docs/sdk/README.md
• Pricing — docs/pricing/value-based-pricing.md

---

Bought by

| Role | Decides | Validates | |---|---|---| | CEO | Whether the enterprise treats AI as labor or as a security threat | — | | CHRO | Workforce composition, hiring cadence, manager structure | Personnel records, termination procedure, manager queue UX | | CFO | Engagement fee + retainer; pay-for-performance true-up | Cost-to-serve, productivity-gain measurement, FTE-equivalent rollups | | CISO | — (validator, not buyer) | Credential model, audit chain, supervision posture |

CISO is not the buyer. CISO is the validator — the same role security plays for human employees.

---

*Three months in, ARX is the surface the customer's executives operate their digital workforce from — and every action that workforce takes is governed, attributed, and provable to the customer's auditor on infrastructure the customer controls.*