isolation
Hardware-virtualized microVMs.
Every Operator task runs in its own Firecracker microVM — separate kernel, separate root filesystem, separate network namespace. A misbehaving sub-task can't see your host or any other tenant's data.
For Enterprise
AI agents that fit
your security envelope.
Operator v1 for the enterprise. SSO/SAML, region-pinned deploys, SOC 2 Type II in flight, and a dedicated solutions engineer from the first call.
the four pillars
Built for trust.
Verified end-to-end.
included with enterprise
Everything you'd expect.
And what you wouldn't.
- SSO via SAML 2.0, OIDC, or SCIM provisioning
- Custom seat limits & per-team usage controls
- Dedicated solutions engineer from week one
- Region-pinned deploys (US, EU, UK, AU)
- BYOK encryption & on-prem available
- Per-task audit log, exportable for compliance
- Custom integrations + private API access
- 24/7 priority support with SLA-backed uptime
schedule
Pick a time. We'll bring the agenda.
30 minutes with our solutions team. We'll walk through your use case, the security model, and design a deploy plan you can take back to procurement.
common questions
Asked & answered.
Where do I get the DPA?
Email [email protected] with your company name and we'll send the standard DPA + subprocessor list within one business day. Custom redlines are welcome.
Can you deploy in our VPC / on-prem?
Yes. We support single-tenant deploys on AWS, GCP, Azure, and air-gapped on-prem with a dedicated container registry. The microVM substrate is the same Firecracker stack we run on the public cloud.
How does pricing work for enterprise?
Custom — typically a per-seat license + a usage tier for tasks, with volume discounts above 100 seats. Annual contracts only at this level. We design the plan together on the call.
What's the SOC 2 status?
Type II audit is in flight, expected to complete in Q3 2026. Type I report and our security questionnaire are available under NDA today.