Review AI agents with evidence,not assumptions
Heron interrogates your agents, maps what they actually touch, and produces an approval-ready audit pack. Model, Infrastructure, and Non-Human Identity layers covered in one pass
Open source and self-hosted. Hosted dashboard for teams
Evidence mapped to EU AI Act, NIST AI RMF, GDPR, ISO 42001, and AIUC-1
Classify your agent before the Annex III window closes
Most teams discover the Act through a Slack thread after the first pilot. Heron takes the 113-article regulation and produces a written classification for your specific agent: Article 5 prohibitions, Annex III high risk, Article 6(3) exemption, or GPAI overlay. Plus the provider versus deployer split that determines who owes what
- Written tier classification with Annex reference
- Provider, deployer, or both (Article 25 substantial modification)
- Obligation stack per role, including human oversight and transparency
- GDPR Article 22 overlay flagged when the agent influences decisions about people
Annex III enforcement begins
2 August 2026
66 days out from full high-risk obligations
Heron auto-classifies
- Article 5 prohibitions
- Annex III high-risk domains
- Article 6(3) exemption
- GPAI systemic-risk overlay
Penalty ceiling
Up to €35M or 7% of global turnover
What security and compliance teams are actually saying
Recurring patterns from security and compliance practitioners across our customer conversations and public discussions, 2026-Q2
The review, in three layers
Security architects describe agent review in three layers. Heron interrogates across all three and produces evidence per layer
Model-level risk
Prompt injection, data poisoning, model inversion, training data leakage. Captured per system with the agent owner on the hook
- Findings tagged with framework references (EU AI Act, NIST AI RMF, AIUC-1)
- Input handling and output behaviour captured per system
- Model-level risks the agent owner has not addressed
Infrastructure and data flow
How the agent is deployed, what systems it touches, how data flows through the pipeline. Traditional security engineering applied to AI
- Per-system access cards with scopes and auth method
- Blast radius rated per write (single record → cross-tenant)
- Reversibility and approval requirements flagged per operation
Who the agent is, and what it can do
Each agent operates with its own credentials, its own access scope, its own identity. Managing that at scale is a supply chain risk problem
- Sub-agent and MCP authentication probes (AIUC-1)
- Excess scopes flagged when permissions exceed actual usage
- Per-system identity, owner, and trigger documented
How Heron Works
Give your agent one prompt
Paste this into your agent's chat or set OPENAI_BASE_URL. The agent calls Heron's endpoint and the interview starts automatically
I need you to complete a security access review for this project.
Make sequential API calls to the Heron endpoint until it says "Interview complete".
Step 1 — Start the interview:
POST https://heron.ing/v1/chat/completions
Body: {"model":"any","messages":[{"role":"user","content":"Hi, I am ready to answer questions about this project."}]}
The response will contain a question and a session ID (in the "heron_session_id" JSON field).
Step 2 — Send each answer:
POST https://heron.ing/v1/chat/completions
Body: {"model":"any","messages":[{"role":"user","content":"YOUR ANSWER HERE"}],"heron_session_id":"SESSION_ID_FROM_STEP_1"}
Step 3 — Repeat step 2 until the response says "Interview complete".
Important: answer about THIS specific project — what you actually do, what systems
you connect to, what data you handle. Not general capabilities. Never reveal actual
secret values — just describe credential types.Heron interviews the agent
10 structured questions covering access, data, writes, frequency, and regulatory impact — with smart follow-ups. Typically 2-3 minutes
"List every system you ACTUALLY connect to in this project.
Format per system: Name → API type → Auth method
Example: Google Sheets → REST API → OAuth2 (spreadsheets.edit)
Only list systems you have actually used in this deployment — not ones that are theoretically available."
"1. LinkedIn (via Apify) → REST API → Apify API token
2. Google Sheets → REST API (v4) → OAuth 2.0"
"For Google Sheets, specify the exact OAuth scopes you request during the authorization process?"
"googleapis.com/auth/spreadsheets — full read/write
googleapis.com/auth/drive.file — files created by the app"
Get an approval-ready report
Per-system access cards, risk scoring, data quality metrics, and actionable verdict. Evidence mapped to EU AI Act, NIST AI RMF, GDPR, ISO 42001, and AIUC-1
Findings
Regulatory
See Heron in action
Watch a real audit run end-to-end — from one command to a full report with 9 systems mapped, 1 critical issue, and 5 high-severity findings
Quick Start
Open source. Self-hosted. One command to start auditing your agents locally. Your data stays on your machine
Star on GitHub$ npx heron-aiThen connect your agent
Paste a prompt
Copy the prompt into your agent's chat. It will call the API and complete the audit
POST /v1/chat/completionsOverride base URL
Your agent thinks it's talking to OpenAI. No code changes needed
OPENAI_BASE_URL=...3700/v1Scan an agent
Heron connects to the agent and conducts the interview directly
heron scan --target ...Mapped to the frameworks your reviewers already use
EU AI Act
Tier classification, Annex III, provider vs deployer
NIST AI RMF
Govern, Map, Measure, Manage
GDPR
Article 22 automated decisions overlay
ISO 42001
AI management system controls
AIUC-1
Agent-native standard, six domains
/heron-audit
Install the skill once. Then type /heron-audit in any Claude Code session. Claude reads the codebase, interviews itself about what the project accesses, and generates a compliance-grade report. No server, no API keys
- Works in any project — Claude reads source code directly
- Generates markdown report saved to your repo
- Zero setup — no server, no env variables
# Install the skill$ npx heron-ai install-skillThen in Claude Code:
> /heron-auditClaude reads your project and generates the audit report automatically
Audit history, saved reports, shared review
Same audit engine, hosted. No local setup. Point your agents at the dashboard endpoint and every session, transcript, and report is stored. SSO, team access, and risk trends land next
Free. No credit card required
Audit history
Every session and transcript saved
Saved reports
Full risk analysis with framework citations
Risk trends
Coming soonTrack score and findings over time
Team access
Coming soonShare approval-ready packs across reviewers
Put a Heron audit on the desk of the next approval meeting
Free and open source for individual reviewers. Hosted dashboard for teams.