Skip to main content
platform

The only platform that sees what your agents actually do.

Four independent observation layers — intent, OS truth, behavioral baseline, compliance rules — converge on every tool call. When they disagree, we block. Deploy with one command. Runs on every developer machine.

GET STARTED
Quint architecture — six service cubes connected to a central asterisk by organic tendons
Thesis · empiricalQuint · §01

MCP is the 6%.
We see the 94%.

94%
of agent actions in our Claude Code runtime study were native tool_use — not MCP.
MCP gateways inspect user-configured tools. We intercept every tool call across 7 LLM API parsers and 21+ agent platforms — then cross-check the agent's stated intent against what the kernel actually saw via EndpointSecurity, ETW, and eBPF. Nine competitors were acquired for $2B in the last 12 months; none ship the piece that lives in that gap.
Source · Quint runtime telemetry · Claude Code fleet · 2026n = 12,847 sessions
0 ns
Fast-path decision
0+
Agent platforms
0
Compliance rules
0.0
AUROC · fingerprint-only
IThe observation stack

Four layers.
Evaluated in parallel. Cross-validated.

Every tool call is observed from four independent vantage points at once. 95% of actions clear the fast path in 114 nanoseconds — a deny-list + envelope check that never leaves the CPU cache. The rest cascade into a 6-signal corroboration pipeline and 162 forward-chaining compliance rules SOC 2 CC6.7 · GDPR Art 32 · HIPAA 164.312 · EU AI Act — all deterministic, zero LLM in the scoring path.

live inspection
14:32:07.441claude-code·Bash: cat config.yml
L1Proxy
Intent
Parsers7 LLM APIs
ProtocolsHTTP · gRPC · MCP
Latency< 2 ms
signaltool_use · Bash"read deployment config"
contributes+12
L2OS Truth
What actually happened
SensorEndpointSecurity
Eventsexec · open · net
KernelES + eBPF
signalopen(2)/etc/ssh/id_rsa
contributes+38
L3Behavioral
What's normal
Modules40+
Scopes6 (agent → global)
Fingerprint3.1 KB
signaldistance4.2σ · 99.7% unusual
contributes+22
L4Compliance
What the rules say
Ontology1,948 nodes · 1,075 edges
Frameworks16
Rules90 forward-chaining
signalviolatedSOC2 CC6.1 · GDPR Art. 5
contributes+22
composite signal
L1+12L2+38L3+22L4+22
risk0Block · Critical
divergence = (L1 ⊕ L2) amplified by (L3 + L4)pipeline · 47 ms

Forty genuinely independent analyzers — Markov transitions, EWMA, Mahalanobis distance, SubgraphGNN, Count-Min sketches, KL divergence — all read from a single 3.1 KB contiguous struct small enough to fit in CPU cache. Inference runs in single-digit milliseconds.

IIData governance

We never see your code.
Out of the box. By design.

Quint runs in Aggressive posture by default — a four-stage redaction pipeline strips secrets, HMAC-tokenizes PII, and filters content through a tier policy before a single byte leaves the machine. Under 1 ms per request.The customer's HMAC key lives in the macOS Keychain; cloud can count and aggregate, but never reverse.

plate ii the wall
on your device
what quint sees
passwordhunter2
emailyou@example.com
credit card4242 4242 4242 4242
ssn123-45-6789
key
stays on your device
password
•••••••#a3f29b
email
••••••••••#6b3ad7
credit card
••••••••••••••••#94f2d1
ssn
•••••••••#2c1e84
Cleartext stops at the wall. Quint's cloud sees the shape of your work, never its body.
IIIBehavioral intelligence

Intent. Truth. Baseline.
Score the gap between all three.

Other tools pick one signal. Observability watches traces. Gateways watch traffic. Governance writes docs. Quint captures what the agent claimed, what it actually did, and what is normal for this agent at this scope — then scores the divergence across all three. Intent alone tells you what was promised. OS truth alone tells you what happened. A baseline alone tells you something changed. Only the combination tells you: “this support agent is behaving unusually for Alice's queue at 2 am — and what it just did doesn't match what it said it would do.”

event log · agent-7f3a · 02:14:08 UTC
divergence0.94
t−500mst−250mstnowΔ 4.2σIntentclaimed: "read config"Truthopen /etc/ssh/id_rsaBaseline14-day envelope
verdict“Claimed to read a config. Opened an SSH key. 4.2σ above this agent's 14-day baseline.” actionblock
IVPolicy enforcement

Plain English in.
Kernel-level blocks out.

Describe the rule you want. Claude Sonnet compiles it into a signed policy bundle that pushes to every machine on the next heartbeat and enforces at the syscall layer — no cloud round-trip, no agent cooperation. The latency panel below is a real-time histogram from a 12-machine fleet.

01Say it

Block any agent from reading SSH keys or AWS credentials outside the ~/.aws/sso cache.

Natural language·Compiled in 420ms
02Scope it
Apply to
Agent
Team
Enterprise
match
Read · Bash
target
~/.ssh/** · ~/.aws/credentials
except
~/.aws/sso/
action
BLOCK
severity
critical
Ed25519Signed bundle
03Enforced everywhere
2,847agents
Propagated in 1.2s·100% coverage
Sample
  • claude-code
    Read ~/.ssh/id_rsa
    BLOCK
  • devin
    Read ~/.aws/credentials
    BLOCK
  • cursor
    Read ~/.aws/sso/cache
    ALLOW
Enforcement latency · p99 · last 60s
9.0 msSLO 10ms
p50 2.1·max 9.6
VAudit trail

An immutable ledger of every agent action.
Hand it to your auditor. Let them verify it themselves.

Every decision is signed with Ed25519 and SHA-256 chained to the previous block. Any attempt to edit history breaks the chain and breaks the signature — visibly, on the next verification sweep. Export with an OpenSSL one-liner or quint verify.

Chain verified
918,406 blocks·Ed25519 signatures·SHA-256 linkedGenesis → Head
#918,402ALLOW
SHA-256
3b7c0e95
f18d44
14:31:41
claude-code
Bash: docker build
Ed25519·pending
Genesis
#918,403ALLOW
SHA-256
c9e3b701
8a2d66
14:31:52
windsurf
Write: src/utils.ts
Ed25519·pending
#918,404ALLOW
SHA-256
5d2f1a88
c74b13
14:31:58
claude-code
Bash: npm test
Ed25519·pending
#918,405FLAG
SHA-256
a1c8e4f2
d39c56
14:32:07
claude-code
Read: .env.production
Ed25519·pending
#918,406BLOCK
SHA-256
7f3a9b2c
e1f8a0
14:32:11
cursor
Bash: rm -rf node_modules
Ed25519·pending
TamperAny edit breaks the chain
ExportJSONL · Merkle proof · CSV
Verifyopenssl or quint verify
The philosophy
“Every agent action should leave a receipt that an auditor can verify without us — and a verdict your security team can explain without lawyers.
— Quint engineering principles · §4
VIOperations

One control plane.
Every machine you have. Every SIEM you use.

A single Go binary with zero runtime dependencies — macOS via EndpointSecurity, Linux via eBPF / Tetragon, Windows via ETW, browsers via Chrome MV3. All four emit the same protobuf quint.v1.Event envelope. Streams OCSF to Splunk, Sentinel, Chronicle, Slack, PagerDuty.

per-platform interception
macOSGA
EndpointSecurityexec · fork · open · write syscalls
NETransparentProxysystem extension · MITM TLS
LinuxBeta
eBPF / Tetragonkernel 5.3+ · < 1% overhead · 1 k eps
io_uring egresszero-copy proxy frames
WindowsBeta
ETWuser-mode providers · no kernel driver
WFPfilter platform for TLS intercept
BrowserQ2 2026
Chrome MV3webRequestBlocking · declarativeNetRequest
Service workerpersistent agent detection

Your agents are running. See what they're actually doing.

Deploy fleet-wide via MDM. Start with visibility, enforce when ready. No agent configuration required.

Book a demo