Threshold sits between your autonomous AI agents and the tools, APIs, and payment systems they consume. Prevent data leakage, enforce granular permissions, and guarantee tamper-proof accountability.
The T8 Engine intercepts agent traffic to seamlessly swap and resolve API credentials. This keeps sensitive keys completely out of the agent's workspace, protecting your infrastructure without requiring changes to agent code.
LivePrevent unauthorized actions and enforce spending limits by evaluating policies before every tool call. Custom rules ensure agents only access the specific data and actions they need for their given tasks.
LiveEnable your agents to execute programmatic payments while strictly enforcing budgets. Our isolated signing architecture ensures that agents can initiate transactions without ever accessing the underlying private keys.
BetaAppend-only, verifiable cryptographic Merkle trees modeled after Certificate Transparency. Every API request, decision, and payment event is logged into an append-only, cryptographically verifiable ledger. This provides the non-repudiation and clear audit trails required for strict enterprise compliance (e.g., SOC2, HIPAA).
PlannedThreshold prevents the "connector chaos" by executing client-authored permission rules directly on the proxy path. Ensure tools are locked down per-agent, per-method, or per-value.
Scripts are evaluated within isolated-vm sandboxes without Node.js global variables, file system access, or network access.
Rules have full access to connection metadata, calling agent ID, specific namespaced tools, and incoming argument key-values.
Should the rule runner experience unexpected downtime, tool calls default to allow to keep critical operations moving.
Give your AI agents programmatic bank accounts. Handing raw private keys directly to agentic workflows is an existential operational risk. Threshold resolves this through cryptographically isolated EVM provider pathways.
Built directly on the open-source x402 payment specification, facilitating smooth, gasless USDC standard transactions across EVM networks.
Keeps payment keys safely isolated in an isolated, secure process. The agent asks for payment execution; the T8 Control Plane processes the request after confirming rule compliance.
Configure single-transaction bounds, daily limits, and connection caps to guarantee agent actions are physically bounded by mathematical controls.
In high-compliance verticals like financial or medical systems, "plain logs" are not enough. Threshold incorporates cryptographic structures that make deletions and modifications physically detectable by external verifiers.
Logs are compiled into a Merkle-tree following RFC 9162 (Certificate Transparency). Anyone can verify that past events were not modified using O(log n) cryptographic consistency proofs.
Every log state is cryptographically signed using industry-standard primitives (like ECDSA P-256). This provides a mathematically verifiable history of agent actions that organizations can rely on during audits.
Securely push and anchor signed checkpoints to independent targets—Amazon S3 (with Object Lock), Git, public blockchains, or trusted emails—preventing internal server root-user tampering.
Built using modular, high-performance open-source standards to satisfy modern architecture and enterprise procurement requirements.
| Layer | Primary Objective |
|---|---|
| Control Plane | Admin API endpoints, Postgres configuration state, connection metadata, credentials. |
| Data Plane (T8 Engine) | Low-latency, stateless proxy paths (HTTPS Prefix, MITM, HTTP proxy) for agent-API routing. |
| Rule Execution | Millisecond-scale policy evaluations inside resource-constrained V8 virtual machines. |
| Payment SDK | Open x402 compliance, gasless EVM transfers, RemoteProvider secure isolation. |
| Transparency Log | Certificate Transparency modeled append-only Merkle-tree structures for complete audits. |
