One control plane. Three pillars. Every deployment surface.

Helixar is one control plane above your model providers. It enforces your policy at the moment of every AI action and records what happened in a trail you can hand to an auditor.

A trail your auditor can trust, and verify without us

Every governed AI interaction is recorded as an Ed25519-signed event in a hash-chained, append-only trail. Delegated agent actions carry additive delegated-authorization and provenance (HDP), bound to the specific workload on every request.

  • Tamper-evident, any alteration breaks the chain, visibly
  • Independently verifiable offline, without Helixar
  • Chained across delegation, who authorised the agent, and what it did
Verify it yourself, the offline verifier →
The provenance chaineach event signed, each hash linking back
user.requestsigned · Ed25519
hash: 9f2c…a114 · prev: genesis
policy.decisionenabled · caps checked
hash: 41d8…c07b · prev: 9f2c…a114
agent.tool_calldelegated · HDP provenance
hash: e3aa…9d21 · prev: 41d8…c07b
chain.verified✓ intact · offline
4 events · 4 signatures valid · 0 breaks

Tamper-evident and append-only. Third-party anchoring is on the roadmap, see the evidence-honesty statement.

Graduated enforcement, reversible by design

Your policy is evaluated on every request with a graduated response, so governance can start as observation and harden as your confidence grows. Fail-closed by default: if the policy engine is unreachable, sensitive traffic stops.

Observe

Watch and attribute, nothing changes for users.

Alert

Notify owners when policy thresholds are crossed.

Approve

Hold sensitive actions for a named human decision.

Block / contain

Stop the action; contain the workload if needed.

Reversible by design, every enforcement step can be stepped back without residue.Safe by default, if the policy engine is unreachable, sensitive traffic doesn’t flow.

MCP tool-call governance

Agent tool-calls pass a policy gate with safety scoring before the tool runs.

Org-wide budget caps

Per-user, per-team, and per-workload AI spend caps with threshold alerting, so cost runaway is answered by a control, not a promise.

Policy change governance

Policies are versioned, and publishing can require maker-checker approval. The change history is itself signed evidence.

Detection & response, when you’re ready for it

Behavioural detection for prompt injection, agent hijacking, and anomalies, with incident reconstruction and containment. Off by default, enabled per deployment on the Enterprise tier.

This is an expansion of the same control plane. The audit trail you already run is the forensic record detection works from.

  • Behavioural anomaly detection on governed traffic
  • Incident reconstruction from the signed trail
  • Containment actions with forensic evidence export

See the control plane in your own environment

An 8-week pilot, no procurement required, working directly with the engineering team.

Every tool your AI agents reach for, checked and controlled

To get work done, AI agents connect to outside tools and servers. Helixar checks each one, gives it a simple trust rating, and blocks anything risky before your agent uses it. It covers tools nobody signed off on, and it runs on its own.

1

Discover

Find every tool your agents can reach, including the ones nobody approved.

2

Rate

Score each tool for trust: who made it, what it claims to do, and how it really behaves.

3

Control

Block anything below the bar you set. An unknown tool is never treated as safe.

4

Watch

Keep watching. If a tool starts behaving differently, it is quarantined on the spot.

5

Prove

Every check and decision is recorded as audit-ready evidence.

You set the rules once. Helixar handles the rest.

Deployed your way, in your region

Cloud proxy

AI traffic routed through Helixar’s managed control point, running in days, no agent rollout.

Endpoint proxy

A lightweight endpoint agent governs AI use at the device, coverage where traffic can’t be routed.

SaaS or on-prem

Managed SaaS, or a single-org on-prem edition with a signed licence that degrades to read-only, so it never locks you out.

Scoped rollout

Per-org entitlements let you govern one business unit first, then expand on evidence.

Deployed in your required region.

Helixar operates managed environments in the United States and Australia, with additional jurisdictions including New Zealand provisioned per customer during implementation. Your data stays in the region you require.

Works with your stack

Helixar feeds the systems you already run: governed AI events into your SIEM, containment into your SOAR, approvals into your ticketing, and identity from your IdP.

HDP is additive delegated-authorization and provenance. It layers onto your existing secure channel and does not replace it.

SIEM
signed events, streamed
SOAR
containment playbooks
Identity
SSO · RBAC · MFA
Ticketing
approvals & reviews