For enterprise
Your agents are smarter
than your policies.
An AI agent that understands your codebase can also understand your access control model. Policy-based security is a negotiation with something that's getting better at negotiating. Clavitor replaces policy with mathematics.
Math, not policy
Other solutions add an AI checkbox to an existing vault. The agent gets MCP access — search, browse, discover. It's smarter than you. It will find edge cases in your policies. It will enumerate credentials it was never meant to see. Not because it's malicious — because that's what agents do when given a search endpoint and a goal.
Clavitor doesn't give agents vault access. It issues specific credentials to specific agents through a narrow API. No browsing. No discovery. No enumeration. No search endpoint. The agent gets what it's been issued and cannot find what it hasn't. This isn't a configuration option or a policy toggle — it's how the protocol works. There is no agent-facing endpoint that returns a list of credentials. The capability doesn't exist in the binary.
On top of that, every agent token is bound to a source IP at first contact. The whitelist can be updated by an admin — but a stolen token used from an unlisted IP is refused before any handler runs. And every agent is rate-limited: more than three unique credentials per minute or ten per hour triggers a throttle. A second violation within two hours locks the agent entirely — frozen until your security team unlocks it with a hardware tap. A normal agent needs two or three credentials. An agent reading ten is either misconfigured or compromised. Either way, it stops.
The result: a compromised agent's blast radius is bounded to its scope, from its IP, at a rate that triggers lockdown before meaningful exfiltration can occur. Not by a rule that can be circumvented, but by the absence of a path that would allow it.
Built for your security team
Hardware-enforced boundaries
Every admin operation — creating agent tokens, modifying scopes, changing access lists, revoking credentials — requires a physical confirmation with a fingerprint, face, or security key from an authorized person. This is not a software gate that a privileged process can bypass. It's a cryptographic challenge that requires a registered device in someone's hand.
No agent can escalate its own permissions. No compromised workstation can mint new tokens. No social engineering attack can trick someone into granting access over the phone — the hardware tap is required, and it's bound to the browser origin. Your security team controls the trust boundary with something no attacker can replicate remotely.
Cryptographic isolation
Each employee's vault is a separate encrypted database — not a row in a shared table, not a namespace in a multi-tenant store. A breach of one vault yields ciphertext. The encryption key is not on the server, not in the backup, not in any datacenter.
Scopes control which entries an agent can see. Encryption tiers control what anyone can decrypt. Credit cards and government IDs are automatically encrypted at identity-tier — hardware-key-only, undecryptable without the physical device. Your enterprise can promote any field to that tier: banking logins, procurement credentials, HR systems, signing keys. These fields are ciphertext on every server, in every backup, in every breach scenario. The decryption keys are not co-located with the data they protect.
Compliance
SOC 2 Type II
Audited controls for security, availability, and confidentiality. The audit covers infrastructure operations, access management, encryption key handling, and incident response. Reports available under NDA for enterprise customers evaluating the platform.
ISO 27001
Information security management system certified. Covers the full lifecycle — from vault provisioning through credential issuance to deletion and backup retention. The certification scope includes all Points of Presence (POPs), the central admin infrastructure, and the development pipeline.
99.99% read SLA
99.99% uptime on reads. Cross-hemisphere failover between Calgary and Zürich — two sites chosen for geological stability and maximum distance. If we miss the target, you get a full month credit on your next invoice. Automatic, no claim form, no negotiation. The SLA is contractual, not aspirational.
Integration
SCIM directory sync
Employee joins in Azure AD, Okta, or Google Workspace — vault provisioned automatically. Scopes assigned by group membership. Employee leaves — vault frozen, every token revoked, every agent locked out. No manual cleanup, no tickets, no "did someone remember to rotate the credentials."
The provisioning is real-time, not batch. A new hire's vault is ready before their laptop is. A terminated employee's access is gone before they reach the parking lot.
SIEM integration
Real-time feed to Splunk, Datadog, or Sentinel. Every credential access, every failed attempt, every scope violation, every token creation, every rotation. Not a daily digest — a live stream of structured events your SOC can alert on.
When an agent accesses more than three unique credentials per minute, or ten per hour, it's automatically throttled. A second violation triggers a hard lockdown. Your SIEM sees the event before the agent's next request completes.
Audit and attribution
Every credential access is attributed to a specific actor — human or agent. Not "someone with the shared password." A name, a scope, a timestamp, a source IP. When your CISO asks who accessed the production database at 2 AM on a Tuesday, the answer is one query away.
Password rotations carry the same attribution. Which credential changed, who triggered it, which agents picked up the new value. If a rotation breaks a deployment, you trace it to the exact change in seconds.
This is always on. No configuration. No opt-in. The audit log is your compliance evidence, your incident response tool, and your answer to every regulator who asks how you control access to sensitive systems.
Enterprise pricing
Per-user pricing. Three agents per user. Price for life — your rate never increases. Not after a year. Not after five years. Not after your headcount doubles. We may raise rates for new customers, but your rate is locked at your tier, in your currency, for the lifetime of your subscription.
Let's talk.
Your agents are already here. Your credential layer should be too.