Detect. Triage. Contain.
Prove it.
The Autonomous MSSP platform for AI-governed security operations.
XDR detects. MSSPs escalate. We do neither. We run the full incident lifecycle — detect, triage, investigate, contain, escalate, report — autonomously, cryptographically governed on every action. MCP-agnostic by design. Proven in production against Cisco ISE, FMC, FTD, ASA, and Secure Access.
XDR detects. MSSPs escalate.
We run the full loop.
Detect. Triage. Investigate. Contain. Escalate. Report. Every step autonomous. Every step governed. Every step provable.
Traditional MSSPs ship alerts to humans and call it response. XDR platforms surface findings to analysts and call it detection. Between them sits the work nobody automates — the judgement, correlation, containment, and writeup that actually closes an incident.
The Autonomous MSSP platform closes that loop. An AI agent operates the SOC: it runs scheduled detections continuously, promotes findings into incidents, executes investigation playbooks, contains within its governed manifest of 176+ governed tools across the full AGTS stack, escalates to your on-call with SLA teeth when the action is out of scope, and drafts the regulator-grade writeup at close. Every tool call passes a five-gate cryptographic governance check before touching infrastructure. Every decision anchors on a public transparency log.
- Monitor any security-tool MCP surface continuously — verified against 372+ Cisco tools (ISE, FMC, FTD, ASA, Secure Access) in lab integration
- Run seven scheduled detection recipes (5-minute to daily cadence) against the live transparency log
- Promote correlated findings into full incident records with auto-run triage playbooks
- Execute investigation playbooks keyed to MITRE tactics: lateral movement, privilege escalation, data exfil, persistence, anchor integrity
- Contain within the explicit autonomous manifest — ISE ANC quarantine, FMC policy push, ASA session cut
- Escalate via mail / Slack / webhook to your on-call with SLA enforcement when the manifest edge is hit
- Draft DORA / NIS2 / SOC2 evidence packs automatically at incident close
- Every action gated by AGTS G1–G5 before it touches infrastructure
- REFUSE hard-blocks the tool — infrastructure is never touched on gate failure
- Every autonomous action produces a Merkle leaf with publicly verifiable inclusion proof
- Agent-initiated actions cryptographically distinguished from human-initiated on the log
- Separate HCE trust trajectories for interactive vs autonomous operation
- Autonomous manifest ships fully disabled — you enable each entry explicitly with a review gate per entry
- Single kill switch stops all autonomous execution within 30 seconds
Deploy it yourself.
Or white-label it as a service.
Either way, the loop runs without human hands on the keyboard.
MSPs and MSSPs white-label the platform to deliver autonomous SOC capacity without growing their analyst headcount linearly. Regulated enterprises deploy it in-tenant and keep the transparency log under their own signing keys. In both modes, every governed decision is cryptographically provable to an auditor without calling anyone.
01 — AGTS Governance
Five gates.
Before a single packet moves.
Every autonomous write or delete passes through five deterministic gates before touching infrastructure. G1 evaluates semantic coherence. G2 scores consequence. G3 validates operational authority. G4 checks policy clauses. G5 commits a cryptographic proof. A single REFUSE blocks the action. A COMMIT produces a verifiable Merkle leaf. This is the same governance stack that has been stress-tested in production against Cisco security infrastructure — ISE ANC, FMC policy, ASA configuration, Secure Access ZTNA — across 300+ real tool calls.
Does the artifact + intent describe a coherent, in-scope action for this vertical and policy?
What is the blast radius if this runs? Irreversible or multi-tenant actions raise the bar.
Is the operator authorised? Window open? Prerequisite anchors present?
Four artifact hashes validated against the signed policy clauses for this tenant.
Merkle commit. Always runs. Verifiable inclusion proof issued on COMMIT.
✅ Status: COMMIT Leaf Hash: 72bd7b6402b8b4ded6e803a4eba6243f238404a88005070d91eb5f4aaac9996b Leaf Index: 10517 Verify at: https://obligationsign.com/verify/72bd7b64…
Click the hash. It resolves. Nobody else on the market will let you do that on their marketing page, and that is the point.
02 — Reference Integration Test
372+ real tool calls.
Against a live Cisco lab.
The platform is MCP-agnostic — connect any security-tool MCP server and it becomes part of the agent’s governed surface. To prove the governance model, incident lifecycle, and response loop hold up against real enterprise security infrastructure, we ran a full integration test across eight MCP servers wired to a production Cisco lab: identity, posture, firewall, legacy estate, and SSE/ZTNA.
The result is the credibility evidence below. Every tool exercised. Every write AGTS-gated. Every decision anchored. The governance model survived contact with production Cisco control-plane semantics — ERS, OpenAPI, pxGrid, ACP, NAT, VPN, IPS, HA, ZTNA, SWG — which is the hardest stress test most security platforms will ever face.
| MCP Server | Read tools | Write / Delete |
|---|---|---|
| cisco-ise-unified | LOG_ONLY (24) | BLOCK (29) ✓ |
| cisco-asa-mcp-ssh | LOG_ONLY (13) | BLOCK (1) ✓ |
| cisco-ftd-mcp-ts | LOG_ONLY | pending rollout |
| cisco-secure-access | LOG_ONLY | pending rollout |
This is lab-integration test coverage — not the full set of integrations a customer deployment ships with. Customers bring their own MCP servers; the governance model applies identically whatever’s connected.
03 — Response Loop
Signal to containment.
In seconds. With proof.
A concrete sequence from the Cisco integration test: an endpoint posture failure on ISE triggers an autonomous ANC quarantine. Every step governed, every leaf anchored, every verdict verifiable. The same loop runs for any governed tool on any connected MCP server — the example is chosen because it is one of the most consequential actions a SOC can take autonomously.
The AI requests permission from ObligationSign before touching the endpoint. The decision is permanently and immutably logged in the Merkle tree.
Subject: endpoint:AA:BB:CC:DD:EE:FF Domain: network-security Leaf Index: 15765 Leaf Hash: d825d38b639057f3fb81ceb292caf8e… Verify at: https://obligationsign.com/verify/d825d38b… G1-G5: ALL PASS (including G4 with full policy clauses)
ANC_Quarantine confirmed active on ISE PAN1 (172.16.1.10) with action QUARANTINE. Two other policies also present: OFFNet and Re-Auth.
MAC: AA:BB:CC:DD:EE:FF Policy: ANC_Quarantine (action: QUARANTINE) Result: HTTP 204 No Content — binding accepted AGTS: Leaf Index 15766 — second Merkle proof anchored
ISE ERS returned 204: the ANC binding is written and active on the PAN. On next RADIUS authentication or CoA trigger, ISE enforces the quarantine authorization profile.
Incident timeline gains two anchored leaves (15765, 15766). Writeup draft generated via generate_governance_report. DORA Art.18 and NIS2 Art.23 evidence packs updated with the inclusion proofs.
Elapsed time from detection to containment: under ten seconds. Elapsed time for an auditor to verify the entire sequence: two clicks.
04 — Three Properties
Governed. Autonomous.
Distinguishable.
Every action gated.
- •G1–G5 runs before every write
- •REFUSE hard-blocks — infrastructure untouched
- •Every ADMIT produces a signed Merkle leaf
- •Verifiable inclusion proof on the public log
Running on its own.
- •7 continuous detection recipes (5min to daily)
- •Full incident lifecycle: triage → investigate → contain
- •5 investigation playbooks keyed to MITRE tactics
- •SLA-enforced escalation when manifest edge hit
Humans and AI, separately audited.
- •Every leaf tagged initiator: user | agent_scheduled | agent_autonomous
- •Separate HCE trajectories for humans vs agent
- •Autonomous breach auto-pauses the agent, not the humans
- •Compliance auditor sees a clean split
05 — Category Shift
Traditional MSSP / XDR
vs. Autonomous Governed SOC.
| Traditional MSSP / XDR | Autonomous Governed SOC | |
|---|---|---|
| Response latency | Minutes to hours. Human in every loop. | Seconds. Governed autonomous response. |
| Audit trail | Ticketing system. Reconstructable. | Cryptographic proof per action. Verifiable. |
| AI agent actions | Ungoverned. Invisible to audit. | G1–G5 gated. Leaf-anchored. Tamper-evident. |
| Scale | Linear in headcount. | Linear in policy. |
| Regulatory evidence | Assembled on demand. Manually. | Continuously generated. Verifiable. |
| Prompt-injection risk | High — no action-layer gate. | Hard-blocked at G1–G5. |
| Where it fits | Broad stack. Vendor-neutral. Human-backed. | MCP-agnostic. AI-native. Provably governed. Battle-tested against Cisco. |
06 — Compliance Evidence · DORA / NIS2 in teeth
DORA. NIS2. SOC2.
Evidence as a byproduct.
Every autonomous action produces a signed Merkle leaf. Every incident state transition produces a leaf. Every writeup cites them. The evidence packs auditors require aren't assembled at audit time — they're generated continuously as a consequence of operation.
The regulatory problem most firms can’t solve today: DORA Art.18 and NIS2 Art.23 require incident reports with provable timelines and tamper-evident action trails. AI agents acting on security infrastructure produce no native audit trail — no way to prove which agent authorized which action, when, under which policy. Without that, regulated firms running AI in security operations are structurally non-compliant. This is what the platform solves, not a side-feature.
Significant incident reports, drafted.
Auto-generated within 15 minutes of a P1 incident resolving. Includes the full anchored timeline, failing gate analysis, response action chain, and MITRE mapping.
Early-warning evidence, ready.
24-hour early-warning package auto-assembled from incident timeline and source leaves. Inclusion proofs resolve publicly; the regulator can verify without contacting you.
Quarterly evidence, emitted.
Access-control (CC6.1, CC6.6) and monitoring (CC7.2, CC7.3) evidence packs emitted on the first of every quarter. Segmented by initiator so auditors see humans and AI separately.
framework: NIS2_Art23_early_warning period: 2026-04-18T09:14:00Z / 2026-04-19T09:14:00Z incident_id: inc_f8a71c4d merkle_root: a7c1d802f9e4b3… included_leaves: 47 (all FINALIZED) bundle_hash: 3d9e1a7c5f2b8d… signature: Ed25519+SLH-DSA verify_at: https://obligationsign.com/verify-pack/3d9e1a7c…
07 — Category of One
The only platform that does this.
Battle-tested where it matters.
Nobody else ships an autonomous MSSP platform with cryptographic governance on every agent action, a separate transparency track for AI-initiated work, and an AI-governed incident lifecycle that auditors can verify without calling the operator.
The platform is MCP-agnostic: connect any security-tool MCP server and it becomes part of the agent's governed surface. The reference integration test — run against a full Cisco lab environment with ISE, FMC, FTD, ASA, and Secure Access — exercised 372+ real tool calls across identity, firewall, legacy estate, and SSE/ZTNA. That’s the stress test the governance model and the incident lifecycle have already survived.
XDR platforms surface findings but can’t prove agent provenance. MSSPs escalate tickets but can’t cryptographically distinguish human from AI action. AI-governance platforms produce audit trails but don’t run incident lifecycle. This platform does all three, end-to-end, on a single anchored log.
Deploy the autonomous MSSP platform
on your stack.
Full incident lifecycle live. Read-only onboarding first; autonomous response enabled per-tool with explicit review. Full kill-switch control retained by your operator at all times. Or white-label the platform to deliver autonomous SOC capacity under your own brand.
ObligationSign tenant: tn_54912a38e8b5bb392b2fe7ce · Verify any leaf: obligationsign.com/verify/<leaf_hash>