The cryptographic guardrail layer for agentic AI.
Trust math, not software.
When an AI agent calls a tool, that call usually goes straight from the model to your filesystem, your shell, your GitHub, your Stripe — with no enforcement boundary in between. If the model is prompt-injected, hallucinating, or compromised, every tool it can reach is fair game.
Inherence sits in that gap. Every tool call passes through a policy decision, and every decision is recorded on a signed, per-action receipt that a third party can verify independently — without seeing the prompt, the data, or the tool arguments.
A six-rule catastrophe shield, tunable from the dashboard:
- Financial drain — transfers above thresholds, velocity-aware
- Credential access —
.env, cloud keys, SSH keys, package tokens - Identity escalation — password resets, MFA changes, admin grants
- Mass destruction —
rm -rf,DROP TABLE, bulk-id deletes - Lateral pivot — cloud metadata, K8s management, container escape
- Unauthorized exfiltration — sensitive read followed by outbound POST
Custom policies are available on the paid tier.
- inherence-proxy — Local MCP proxy that gates AI-agent tool calls through hosted Inherence. Apache 2.0.
More public releases — SDK, dashboard, connector clients — are rolling out through 2026.
- inherencelabs.com — site
- app.inherencelabs.com — dashboard
- inherencelabs.com/how-it-works — how the proofs work