Backed by Agentic Builders  ·  AARM-aligned continuous compliance for AI agents

Continuous evidence is how your agents earn trust

Connect once. Heron checks every agent action against the user's intent, blocks what crosses the line, and keeps a record no one can change, ready for any buyer to rely on

The research

We asked 50+ security leaders how they'd trust an AI agent

An AI agent isn't static software. It changes every day — and the security your buyers know wasn't built for that.

“Traditional security only handles point-in-time detection. If the agent keeps updating its memory, it's a new version every time — you can't do once-a-year testing. It has to be continuous.”

VP, AI Security
Broker-dealer

So every security team is told to verify the agent. None of them has a way to.

“Every framework says verify the agent. Nobody says how to check.”

ICT-risk consultant
Investment bank

“How do you prove the agent won't read what it shouldn't? How can you prove that?”

Fractional CISO
Healthcare

A certificate doesn't answer it. They want to see what the agent actually does, from where it really runs.

“SOC 2 is a nice-to-have, not self-verified. Can I actually see how it's operating?”

Security architect + CISO
Enterprise

“We don't trust the registry. We pull the data from where the agent is actually deployed.”

Identity & access lead
Large bank

Across every conversation, one answer: they need continuous evidence of what the agent actually does.

That's Heron.

The Heron platform

One integration. Every agent covered

Heron hooks into the platform your agents run on. Every agent action gets checked against the user's intent, enforced in real time, and written to live proof your buyer's security team can open

H
Trust overview
All tenants
live
AARM-aligned
42
clients
1,284
agents covered
318,492
actions checked · 24h
100%
coverage
41ms
check latency · p95
Coverage no bypass
100%
0 of 318,492 actions bypassed Heron · 24h
every tool call enforced before it runs
Actions checked 318,492
+6.2% vs the previous 24h
Per-action volume · 24h
Tenant health avg 94 / 100
Northwind Trading
98
Vantage Media
96
Meridian Health
95
Lumen Retail
91
Aperture Finance
88
Composite of coverage, intent drift & review response · 0–100
Exposure prevented
PII touches · 24h 4,128
312 redacted 27 blocked
External egress · 24h 86
11 stopped at the perimeter 0 leaked
Evidence freshness continuous
SOC 2 · CC6.1 2m ago
SOC 2 · CC6.7 1m ago
ISO 27001 · A.5.18 3m ago
EU AI Act · Art.12 4m ago
No control older than 6 min
Response
Step-up SLA · median 3m 12s
MTTR · flag closed 7m 40s
First-seen behavior · 24h 3
Detect, hold, heal — before the action runs
Receipts tamper-evident
318,492 issued & signed · 24h
One signed receipt per checked action — action, context, decision & outcome, hash-chained.
100%
signed
Ed25519
signature
continuous
hash chain
Export evidence-log last receipt 2s ago

Connect, check, prove

01 · Connect

Plug in your platform once

Heron hooks into the layer your agents run on, not each agent one by one. Every agent on the platform, the ones you run today and the ones you ship next month, is covered automatically. One integration, full coverage, by construction

02 · Check

Every action, checked against intent

Before an action runs, Heron checks it against your policy and the intent of the session, not just static rules. An action that looks fine on its own but breaks what the agent was asked to do gets caught. Then it is allowed, blocked, modified, sent to a human, or held

03 · Prove

Live, signed proof

Every decision is written to a tamper-evident, hash-chained record. It cannot be altered after the fact, and it never goes stale because it updates with every action. Your buyer's security team opens it and queries the history any time, mapped to the frameworks they already report against

Frameworks

Speaks the language security already uses

Assess once, report against many. Each decision Heron enforces lands on a control your buyer already knows — evidence they recognise, not a format they have to learn

receipt #4a92signed
intent"Summarize Q3 sales for leadership"
priordatabase.query(customers)
actionemail.send → [email protected]
dataPII · CONFIDENTIAL
drift0.72 · semantic distance
decisiondeny · context-dependent
sig ed25519:9f3c…a210prev #4a91
recognised as
SOC 2CC6.7 · Restrict data movement & removal
ISO 27001A.8.12 · Data leakage prevention
EU AI ActArt.12 · Record-keeping
NIST AI RMFMANAGE 2.4 · supersede / disengage / deactivate
OWASP LLMLLM02:2025 · Sensitive info disclosure
AARMR3 intent · R5 receipt
The standard

Heron and AARM (Autonomous Action Runtime Management)

AARM is an open specification for how an agent's actions get checked, enforced, and recorded at runtime — an open benchmark for agent security, the way SOC 2 is for SaaS. Heron builds to it, so the standard sets the bar, not us. Conformance in progress, not claimed

How Heron maps to AARM

Walk into the security review already proven

Connect your platform once. Every action your agents take becomes evidence your buyer's security team can verify on the spot