Ceros is a security layer for AI agents that lives on the developer's machine. It wraps your coding assistant, binds every action to a verified identity and device, and enforces company policy before anything leaves the endpoint.
Learn more in the documentation.
macOS / Linux:
curl -fsSL https://agent.beyondidentity.com/install.sh | bashWindows support coming soon.
ceros claudeThat's it. Your agent works exactly as before. Ceros wraps the session, authenticates the user, checks device posture, and enforces policy — all before any request leaves your machine.
- Agent inventory — know which AI agents are running across your fleet, which are sanctioned, and which are shadow AI
- AI Bill of Materials — curated catalog of 64+ agents, MCP servers, and LLM providers. Identify what's in your environment before it becomes a problem
- Identity — every session tied to a verified user on a verified device, not a shared API key
- Observability — tool calls, file reads, shell commands, MCP connections — who ran it, when, from where
- Policy enforcement — tool allowlists, MCP controls, device posture requirements, argument-aware rules
- Managed MCP deployment — push approved MCP servers from admin console, no manual setup
- Cryptographic audit trail — every action signed with a hardware-bound key, tamper-proof
- Continuous posture — device security monitored throughout the session, not just at login
- File a GitHub issue
Join the Beyond Identity Slack to connect with other users, get help, and share feedback.