Platform Architecture Overview Privileged Access Active Directory & On-Prem Cloud & Non-Human Identity AI Agents & MCP
Solutions AI Agent Governance Proof & Audit Consolidation
Industries All Industries
Resources Insights, Guides & Datasheets Industry Data
Contact Start a Pilot
← Back to Platform AI Agents & MCP

Govern every call at the protocol chokepoint.

The newest, fastest-moving identity surface of any enterprise: AI agents and MCP servers, governed at the protocol chokepoint — the point every agent call must pass through before it executes.

Capabilities

Nine sub-capabilities — the deepest surface.

Chokepoint Discovery

Continuous, real-time visibility — at the chokepoint, not an estate-wide scan.

  1. Route — Every agent or MCP call passing through the gateway is observed in real time.
  2. Identify — Discovery is scoped to traffic that reaches the chokepoint — Whiteswan is the gate nothing executes without passing through, not a scanner reaching independently into every corner of the network.
  3. Update — Visibility is continuous, not a periodic scan.
Verified — boundary stated

Discovery in un-instrumented or cloud-native environments where traffic never reaches the gateway requires a network-sensor or CNAPP layer — there is no out-of-band sensor built into Whiteswan today.

Capability Registry

Know every tool, prompt, and resource an MCP server exposes — automatically.

  1. Connect — When a server connects, its full capability set is captured.
  2. Populate — The registry auto-populates with every tool, prompt, and resource the server offers.
  3. Maintain — The registry stays current as servers connect and disconnect.
Verified

Agent & Server Approval

Nothing acts without explicit approval — passive discovery, active gating.

  1. Discover — New agents are passively identified and placed into a PENDING state.
  2. Decide — An admin explicitly approves or blocks each agent or server.
  3. Enforce — Unregistered servers cannot connect; unapproved agents cannot pass.
Verified

JIT Authorization & Per-Call Inspection

Every call inspected before it executes — not sampled, not after the fact.

  1. Inspect — Each agent call passes through a multi-step inspection sequence before execution.
  2. Validate — Identity, capability, and scope are checked against policy at every single call.
  3. Decide — The call is permitted or refused based on that inspection — in-line, not retrospectively.
Verified

Cryptographic Identity at Spawn

Every agent gets its own verifiable identity the moment it exists.

  1. Issue — Each agent receives its own per-session cryptographic key pair via SPIFFE/SPIRE at the moment it spawns.
  2. Scope — The identity is scoped to that specific session — not reused, not shared.
  3. Retire — The cryptographic identity is retired automatically when the session ends.
Verified

Token Validation & Delegation Lineage

Know whether a human or an automated process is really behind every call.

  1. Validate — Every agent token is checked against your identity provider on every single call.
  2. Classify — Tokens are distinguished as delegated (human-on-behalf-of) or fully automated (agent-credential).
  3. Trace — The original human initiator is identifiable for delegated actions.
Verified — boundary stated

Single-hop delegation lineage is live today; multi-hop lineage across chained agents (user → agent → agent → tool) is in design, not yet claimable.

Real-Time Interception

Stop unauthorized activity at the next hop — fast, even if not literally mid-operation.

  1. Detect — Unauthorized or anomalous agent activity is identified.
  2. Disconnect — A compromised or misbehaving server is disconnected immediately, draining its in-flight work.
  3. Block — A specific agent is blocked, taking effect on its very next call.
Verified — boundary stated

This is next-hop and in-flight-drain control, not literal mid-operation/in-flight blocking of a single call already underway — a distinction worth being precise about rather than implying more than is true.

Audit & Forensics

Every decision, attributable and exportable.

  1. Log — Every decision and action is written to a tamper-evident trail spanning 48 event types across 7 areas.
  2. Inventory — Complete agent, capability, and server inventories are maintained alongside the trail.
  3. Export — The full trail is exportable via REST API for audit and forensic review.
Verified — boundary stated

Artifacts are fully exportable, but pre-built, regulator-shaped report templates are not yet built — the underlying data is complete; the curated template layer is a future build.

Approval Workflow Governance

Onboarding an agent is a recorded, audited decision — not a default-allow.

  1. Request — A new agent or server enters the governed pipeline.
  2. Approve — A human reviews and explicitly approves or blocks it.
  3. Record — The decision, and who made it, is logged.
Verified at scope confirmed

Admin approve/block, recorded and audited. A richer manifest-to-SecOps-to-CISO sign-off ceremony is not corroborated and is not claimed here.

Start a pilot

Talk to us

Connect with a Whiteswan expert

See how one engine governs every identity in your estate.

Contact →
See it in action

Get hands-on with Whiteswan

See how Whiteswan decides, in-line, at the moment of action.

See how it works →