Your employees ignore 96% of their permissions. Agents won't. → Read the research
Agents
Apps

Visibility and controls to secure agents.

Agents are here. Oso makes them safe.

Book a demoLearn more
Trusted by

Your engineers are already using agents

Next up is product, finance, and sales - the whole company. How do you get your arms around agent adoption?

Search with AI icon

Discover

Find every agent running inside your company. On a laptop, in a browser, in the terminal – wherever it’s running. Shut down the unsanctioned AI.

Search with checklist icon

Monitor

Bring all approved AI traffic under your watch – every prompt, tool call, and response. Start monitoring so you’re prepared for the next issue or question from leadership.

warning sign icon

Detect

Know when something's wrong. Get default detection for rule violations, as well as common issues like high-velocity behavior, PII leakage, and API keys.

Agentic code icon

Control

Build any rule to capture your internal AI policy, like "block unknown MCP servers," "deny all delete operations," or “allow only ChatGPT and Claude.”

presentation with chart icon

Report

Complete logs of every agent action. Export compliance records on demand. Walk any incident back step by step.

Oso dashboard listing AI agents with their session, user, and device counts in a software interface.
Oso for Agents screenshot of a session timeline with API key alert and conversation about bug report contents.
Alert in Oso dashboard shows email address detected in user prompt at 4:06 AM on April 20, 2026.
Oso for Agents interface showing form to create a new policy blocking deletions on sensitive systems with conditions on tools and actions.
Oso for Agents dashboard with report data

Integrated into your stack

Real-world AI agent failures, exploits, and defenses

The Agents Gone Rogue registry tracks the latest agentic failures, exploits, and emergent attack patterns so organizations can understand where real risks exist and how to mitigate them.
Go to registry
least privilege blog graphic
Featured Blog

Least Privilege Manifesto

We’ve been doing permissions wrong. Not just a little wrong — completely wrong. And for humans, it mostly didn't matter. For agents, it's going to.

Read blog

Your employees ignore 96% of their permissions. Agents won't.

‍New study reveals that nearly all enterprise permissions are left untouched by humans, creating a massive risk when agents inherit human access.
Read the reseach
Featured in
Foundry-Logo

Testimonials

close-quote-icon
You can’t prompt your way to least privilege. Oso wires it into every call. Let’s have a cocktail.
Jared Rosoff,
VP of Infra, Roblox
close-quote-icon
Agents should unlock creativity, not create new categories of risk. Oso's approach—automated least privilege—is exactly how you make that real.
Kareem Amin
Co-Founder & CEO, Clay
close-quote-icon
We want partners who understand where security is headed, not just where it's been. Oso gets that agentic systems need fine-grained authorization baked in from the start.
Mark Hillick
CISO, Brex
close-quote-icon
Agents in production need the same rigor we bring to clinical decisions: precise, measurable, auditable. Oso gets that.
Adam Chekroud
Co-Founder & President, Spring Health
close-quote-icon
At 1Password, we’re seeing the same pattern Oso highlights as teams start putting AI agents into real production workflows. Access models built for humans don’t map cleanly to agents. When agents are handed broad, static permissions, the unused ones don’t just sit there, they quietly expand the attack surface.
Nancy Wang
CTO at 1Password

FAQs

What is Oso for Agents?

Oso for Agents is a platform for organizations to discover, monitor, detect, and control AI agent activity inside their company. It addresses the problem that AI coding agents, browser agents, and other autonomous tools often run with broad inherited permissions and no visibility or audit trail. Oso for Agents lets security and IT teams see every agent running across endpoints, browsers, and network traffic; monitor every prompt, tool call, and response; get alerted on policy violations or sensitive data exposure; and enforce rules on what agents can and can't do.

What is Shadow AI, and how does Oso address it?

Shadow AI refers to AI agents and tools that employees are using without IT or security teams knowing about them — installed on laptops, running in browsers, or making network calls outside sanctioned channels. Oso for Agents continuously inventories agent activity across all these surfaces so organizations can identify unsanctioned tools and shut them down or bring them under policy.

What does Oso monitor in an AI agent session?

For approved agents routed through Oso's edge proxy, Oso captures every prompt sent to the model, every completion returned, every tool call made, and the data that flows through the session. This produces a full, step-by-step timeline of what the agent did — useful for incident investigation, compliance, and audit.

What kinds of alerts does Oso generate for agents?

Oso generates alerts for: detection of unsanctioned agents, PII appearing in agent sessions, API keys surfacing in prompts or completions, high-velocity unusual behavior, violations of custom policies (e.g., "block unknown MCP servers," "deny all delete operations," "allow only ChatGPT and Claude").

Who uses Oso?

Oso is trusted by organizations including Duolingo, Vanta, and Brex. You can read case studies on our customers page.

How do I get started with Oso for Agents?

You can start by signing up for an account, user our installer, and be up and running in <5 mins. See the quickstart docs at osohq.com/docs/oso-for-agents/quickstart-coding-agents or meet with us.

Get your arms around agent adoption

Request a demo

RBAC, ReBAC, ABAC, AnyBAC you need.

Never build authorization again.

Try for freeMeet an Eng
Trusted by

How Oso for apps works

Oso is what engineering teams use when they’re done rolling their own permissions. It lets your application answer questions like “can this user read that document?” and “which objects can this agent manage?”

Write your policy

RBAC, ReBAC, ABAC, AnyBAC you need. Express any authorization model with Polar, our flexible DSL for permissions logic.

Show me the code
how-oso-works-code-snippet

Plug in your data

Sync your authorization data with Oso, or keep it in your database – whatever fits your architecture best.

See how it works
how-oso-works-subsection-2-diagram

Integrate (for the last time)

The right abstractions for every use case. Idiomatic SDKs in the language of your choice. Inline policy tests. Logging, regression testing, and debugging. Backed by the most comprehensive documentation on earth and the team that created the category.

Logos for various programming languages like JavaScript, Ruby, .Net, and Python.
Read the docs
how-oso-works-subsection-3-diagram
Featured in
Foundry-Logo

Testimonials

Duolingo-logo-mark
close-quote-icon
Oso is a compelling fit because of their singular focus on authz, plus the flexibility of their Polar rule definitions. In twenty minutes we’d managed to define a custom Polar definition to handle our current use case.

Evan Ziebart
Engineer, Duolingo
Productboard-logo-mark
close-quote-icon
We reviewed multiple solutions – Oso came out on top for its devex, scalable and consistent performance, and the flexibility to match all our needs.
Jiří Brunclík
VP Engineering, Productboard
Intercom-logo-mark
close-quote-icon
Oso is A+. As we moved upmarket, being able to implement authz consistently and accurately helped us move faster and resolved a never-ending source of bugs.
Brian Scanlan
Engineer, Intercom
Oyster-logo-mark
close-quote-icon
It used to take us months to add new roles. With Oso we cut that time 10x. The Oso team has also been very helpful, making our migration super smooth.
Derick Matamoros
Lead Engineer, Oyster HR
Wayfair logo mark
close-quote-icon
We needed to break our monolith into microservices [and] manage authorization across all of our new microservices. The answer was the Oso authorization framework... Today, we have multiple services within our domain that are utilizing Oso as their source of authorization management.
Nicholas Matison
Senior Engineer, Wayfair

Built for the critical path

Scalability
Scales horizontally to
1M+
requests/sec
Reliability
Runs in 30+ AZs for
99.99%
uptime
Performance
Delivers
<10ms
p90 latency
Built in Rust
rustacean-flat-white-logo-mark

Authorization Resources

Academy

graduate-cap-icon
Read a series of technical guides on application authorization in the Authorization Academy
Go to Authorization Academy

Docs

Open book icon
Learn more about Oso Cloud and how to get started building authorization systems
Go to Docs

Blog

Newspaper icon
Catch up with the latest news, how-to guides, and technical explainers on our blog
Read our Blog