ThirdKey.ai — Symbiont Enterprise

001 / What changes

The enterprise layer.

Everything below the API stays open. What enterprise adds is what you actually need to put an agent in front of a regulator, a CISO, or a customer.

/01 — Auditability

Tamper-evident audit trails.

Every policy decision — every permitted call, every denial, every approval — recorded into a hash-chained log. Replayable, exportable, and structured for the security team that has to answer the next question.

Hash-chained Replayable SIEM-ready

/02 — Human-in-the-loop

Approval gates.

Mark sensitive actions in policy. The agent pauses; a human operator reviews the request — with the full call context — and approves or denies before execution proceeds. No silent privilege escalation.

Policy-driven Context-rich Auditable approvals

/03 — Where work happens

Chat-platform adapters.

Run an agent inside Slack, Microsoft Teams, or Mattermost. Approval requests, audit notifications, and operator interactions live where your team already does — not in another dashboard nobody opens.

Slack Microsoft Teams Mattermost

/04 — Authorization

Formal Cedar policy.

Symbiont uses Cedar — AWS’s open authorization language — for every agent action. Policies are version-controlled, formally analyzable, and reviewed by your security team like any other infrastructure-as-code artifact.

Cedar Version-controlled Formally analyzable

/05 — Visibility

Operator dashboards.

Live view of every agent in the fleet — calls per minute, policy hits and denials, pending approvals, top tools, anomaly flags. Drill into any decision and replay the full audit trail with the exact policy that fired.

Live fleet view Policy heatmap Audit replay Anomaly flags

/06 — Operator security

SSO & RBAC.

Plug the operator console into your IdP — SAML 2.0 or OIDC. Scope reviewer, approver, auditor, and admin roles separately so your incident-response process maps to the people who run it.

SAML 2.0 OIDC RBAC SCIM provisioning

/07 — Where it runs

Private deployment.

Self-hosted in your VPC, your Kubernetes cluster, or fully air-gapped on-prem. Your data never leaves your perimeter; the runtime, audit log, and policy store all live where your security team already governs.

Self-hosted VPC / on-prem Air-gapped Kubernetes

/08 — Backed by humans

Support & onboarding.

Direct access to the engineers who build Symbiont. Production SLAs, long-term-supported releases with backported security patches, and policy-authoring workshops to get your first agent in production safely.

Production SLA LTS releases Backported patches Policy workshops

002 / The stack

Open core, enterprise edge.

Same runtime, same primitives, same trust model. Enterprise is the operational layer on top — not a fork.

Built on the same open primitives.

SchemaPin verifies every tool schema. AgentPin anchors agent identity to a domain. ToolClad declares what each tool does. Cedar enforces policy. The runtime is Rust-native, sandboxed, and Apache 2.0.

Enterprise wraps that with the operations layer required to run it in production: tamper-evident audit, human approval gates, real-time dashboards, SSO, private deployment, and engineering support — under a commercial license.

Tamper-evident audit & replay Enterprise

Approval gates & operator workflow Enterprise

Operator dashboards & alerts Enterprise

Slack · Teams · Mattermost Enterprise

SSO · SAML · RBAC Enterprise

Private deployment · air-gapped Enterprise

24/7 support · SLA · LTS releases Enterprise

Cedar authorization Open

Sandboxed agent execution Open

SchemaPin · AgentPin · ToolClad Open

Rust runtime Open

003 / FAQ

Common questions.

If yours isn’t here, email sales@thirdkey.ai — we’ll route you to a security engineer.

What is Symbiont Enterprise?

Symbiont Enterprise is the commercial tier of the open-source Symbiont runtime for AI agents. The Apache 2.0 open core provides Cedar policy enforcement, sandboxed execution, and cryptographic tool verification. Enterprise adds the operations layer required to run agents in production — tamper-evident audit, human approval gates, operator dashboards, SSO, private deployment, and engineering support.

What’s the difference between the open core and Enterprise?

The open core is the runtime: Cedar authorization, sandboxed agent execution, integrations with SchemaPin, AgentPin, and ToolClad. Enterprise wraps it with tamper-evident audit and replay, approval workflows, real-time dashboards, Slack / Teams / Mattermost adapters, SSO via SAML 2.0 or OIDC, RBAC, private deployment options, LTS releases, and a production support SLA.

How does Symbiont enforce policy?

Every agent action is authorized through Cedar — AWS’s open authorization language. Policies are version-controlled, formally analyzable, and reviewed like any other infrastructure-as-code artifact. Model output is never treated as execution authority; the runtime evaluates a Cedar policy before any tool call proceeds.

Can Symbiont be deployed in an air-gapped environment?

Yes. Symbiont Enterprise supports self-hosted deployments inside your VPC, your Kubernetes cluster, or fully air-gapped on-prem. Your data and audit log never leave your perimeter; the runtime, audit log, and policy store all live where your security team already governs.

Does Symbiont integrate with Slack, Teams, or Mattermost?

Yes. Symbiont Enterprise ships adapters for Slack, Microsoft Teams, and Mattermost. Approval requests, audit notifications, and operator interactions can run in the chat platform your team already uses — not in a separate console nobody opens.

Is the audit log tamper-evident?

Yes. Every policy decision — every permitted call, every denial, every approval — is recorded into a hash-chained log that is replayable and exportable to a SIEM. Tampering with a record breaks the chain and is detectable on verification.

Run agents your security team will sign off on.