First Pilot Customer Reveal: SPICE Protocol on a Month of Helixar Watching Their Claude Code

Today we are revealing our first named pilot customer: SPICE Protocol. They are a DeFi team building autonomous on-chain underwriting for real-world assets. For the last month, they ran Helixar against their daily Claude Code workflow. Their co-founder, Pramodya De Alwis, sent us his feedback, and it is exactly the kind of signal we built the company to hear.

Pilot reveals are easy to do badly. The honest version reads like this: a customer used the product, found something useful, asked for the next thing. That is what happened. So this article is not a testimonial wall. It is a record of what changed when a real engineering team pointed Helixar at a real AI agent with real permissions, and watched what came back.

The Setup: A Coding Agent With Production Permissions

Pramodya, like a lot of senior engineers in 2026, runs Claude Code as a daily driver. That is not a novelty anymore. It is how serious teams ship. The catch is that Claude Code, by design, holds meaningful permissions on whatever machine it is running on. Filesystem access. Shell access. Repository credentials. Cloud tokens. Secrets in dotfiles that nobody remembers leaving there.

Every one of those permissions is also an attack surface. A prompt injection inside a README. A poisoned dependency. A compromised MCP server. Any of those can turn an obedient coding assistant into an autonomous insider with everything it needs to exfiltrate credentials, modify code, or pivot into production. The detection gap on this attack class is one of the things Helixar exists to close.

Pramodya named the problem himself. From his email:

“I use Claude Code quite heavily for daily development activities, and it has quite a few permissions to access certain data. This does seem to be quite a dangerous attack vector, so it was reassuring that the monitor tracked the agent's activities and gave me actionable insights.”

Pramodya De Alwis, Co-founder, SPICE Protocol

Two phrases in there are doing the work. The monitor tracked the agent's activities. And gave him actionable insight. Those are the two halves of the problem. Most security tools either fail at the first part because they were not built for AI agents, or fail at the second part because they produce a wall of noise nobody acts on. Pramodya got both.

Beyond a Single Developer: Safety Across the Team

The second thing Pramodya called out was a newer piece of Helixar's agent governance stack, aimed at teams rather than individual developers. We are not going to describe how the stack works. What matters here is the outcome: SPICE moved from one developer using AI carefully, to an entire team using AI safely.

For a small team, that solves a problem most companies have not even named yet. AI is no longer a tool a single developer uses on a laptop. It is increasingly the engine behind shared workflows, internal bots, and product features, and every team needs a sane way to run that without slowing anyone down.

Here is how Pramodya put it, in his own words:

“The new wrapped API key feature is pretty handy. I was especially impressed with the ability to permit Claude's usage across my team. We are quite a small team, but we have been experimenting quite a bit with AI workflows using messaging bots. So it has been useful for more than just personal use on our devices.”

Pramodya De Alwis, Co-founder, SPICE Protocol

The last sentence is the one we care about most. The same agent governance stack that started life protecting a single developer is now backing the AI workflows behind a real product. That is a different category of usage, and it is the right one. The agent layer is becoming team infrastructure. It needs to be governed like team infrastructure.

The Roadmap Signal: Notifications and a Lighter Surface

Pilot feedback is most useful when it tells you what to build next. Pramodya did not just tell us what worked. He told us what was missing.

Both requests map to work already in our pipeline. We will not preview the implementation here. What matters is that a working customer asked for them in exactly the terms we were already planning against, which is a strong validation of the direction.

Why This Pilot Matters

Helixar has spent the last several months publishing research on agentic threat detection, building the HDP open protocol for verifiable human delegation, joining NVIDIA Inception, and shipping ReleaseGuard, Sentinel, and the MCP Security Checklist as open-source artifacts. All of that is the foundation. None of it is the same as a real engineering team using the product on a daily basis and telling us what it changed for them.

SPICE Protocol is the first team to do that on the record. They are a small, technically sharp, Antler-backed DeFi infrastructure company building in a domain where security failures are catastrophic and irreversible. They use AI agents heavily because they have to ship fast. They needed a way to do that without widening the blast radius of every prompt. That is the exact buyer profile Helixar was built for.

That they came back with feedback that maps line by line to the thesis we have been writing about publicly for months is, candidly, a good day.

Who Is SPICE Protocol

SPICE Protocol is building autonomous, on-chain underwriting infrastructure for decentralized lending against real-world assets. In their own framing, SPICE is the world's first autonomous underwriting engine built to secure lending positions on-chain, with a focus on bringing institutional-grade risk management to DeFi. SPICE is backed by Antler , the global early-stage VC and day-zero startup platform.

Their stack covers four core capabilities. Autonomous underwriting that automates risk assessment and pricing through on-chain rules. A reputation system that gives operators a transparent, auditable track record. Real-time on-chain proofs that continuously attest fund utilization and milestone achievement. And a regulation-ready framework for onboarding operators into compliant lending environments. Their SPICE Vault Portal exposes the resulting credit vaults to private investors.

Who Is Helixar

Helixar is the agentic threat detection and governance layer for enterprises deploying AI agents at scale. We exist for the moment when an AI agent stops being a chatbox and starts being an actor inside your environment, with credentials, tools, and the ability to take real action on your behalf.

Beyond the platform, Helixar is the team behind the open HDP protocol for verifiable human delegation in AI systems, the HDP-P extension for physical AI, and Helixar Labs, which ships free, Apache 2.0-licensed tools like ReleaseGuard and Sentinel for supply chain and MCP security. Helixar is part of NVIDIA Inception and Google for Startups.

What Comes Next

More pilots are running. More feedback is coming in. The next set of features in the pipeline is already shaped by what real customers like SPICE asked for. We will share specifics when they ship, not before.

If you are an enterprise deploying AI agents at scale, and you want to put real detection and governance behind that deployment, the door is open.