      db      \`7MM"""Mq.   .g8"""bgd     db      \`7MN.   \`7MF'\`7MM"""YMM
     ;MM:       MM   \`MM..dP'     \`M    ;MM:       MMN.    M    MM    \`7
    ,V^MM.      MM   ,M9 dM'       \`   ,V^MM.      M YMb   M    MM   d
   ,M  \`MM      MMmmdM9  MM           ,M  \`MM      M  \`MN. M    MMmmMM
   AbmmmqMA     MM  YM.  MM.          AbmmmqMA     M   \`MM.M    MM   Y  ,
  A'     VML    MM   \`Mb.\`Mb.     ,' A'     VML    M     YMM    MM     ,M
.AMA.   .AMMA..JMML. .JMM. \`"bmmmd'.AMA.   .AMMA..JML.    YM  .JMMmmmmMMM

Govern as fast as employees build

Talk to founders

see how it works

1.0 · The shift

The risk isn't just Shadow AI. It's the speed.

Employees build and ship AI workflows faster than any review process can keep up. Arcane works as fast as the threat model.

PLATFORM APPROVED

The tool is allowed.

But the app built inside it may be invisible.

WORKFLOW CREATED

Data, secrets, and tools get connected.

Often outside formal SDLC.

SECURITY REVIEW

Manual review cannot keep up.

Arcane handles the drudge and escalates what matters.

← arcane operates here

2.0 · The platform

Governance that outpaces development.

Enforce now, watch always, tighten over time. Arcane monitors behavior 24/7, drafts policy changes, and queues meaningful exceptions for approval so security stays in control without turning every workflow into a ticket.

arcane / policy loop

01 · Observe

30d traffic + denials + drift

active

02 · Propose

Posture agent drafts change

03 · Review

Operator inspects + replays

04 · Promote

Active policy set updated

watching traffic

tool calls · 30d

18,432

denials · 30d

agents drifted

baseline → proposal → operator → activecontinuous

arcane / proposal · 1 of 3

proposed by posture agent

allow research-agent to read drive.files when delegated by an engineering-org user

reasoning

research-agent attempted drive.files.read 47 times in the last 30 days — all from engineering users. No matching rule. Promoting shadow → active would convert 47 reviews to allows.

impact if applied

+47 newly allowed362 unchanged

cedar

permit (
  principal in Group::"research-agent",
  action == Action::"read",
  resource in ResourceType::"drive.files"
) when {
  principal.delegated_by.org == "engineering"
};

posture agent · proposal queuepolicy stays in shadow until you promote

3.0 · How it works

Three calls. Identity to enforcement.

Bind once at boot. Mint per task. Enforce on every call. The whole control plane fits behind three SDK methods.

Bind identity

Arcane composes the user from your IdP, the agent from your registry, and the workload from runtime attestation into a single signed principal.

arcane.tsSDK

// At agent boot
const principal = await arcane.bind({
  user: req.identity,           // verified IdP token
  agent: { id: "release-bot", version: "1.2" },
  workload: await runtime.attest(),
});
// → { principalId, boundAt, expiresAt }

Issue a task-bound grant

Each grant names the task, the resources it covers, and the actions allowed. Short TTLs replace standing access; nothing else carries.

arcane.tsSDK

// Per-task grant
const grant = await arcane.issue({
  principal,
  task: "rotate-staging-keys",
  resources: ["aws:iam:role/staging-*", "vault:kv/staging/*"],
  actions: ["iam:UpdateAccessKey", "kv:read"],
  ttl: "5m",
});
// → { token, exp, jti }

Enforce on every call

SDK at the call site, or transparent proxy in front of any service. Same policy, same signed evidence — evaluation happens inline, not out of band.

arcane.tsSDK

// Guarded call — policy evaluates before the SDK forwards
await arcane.guard(grant, () =>
  aws.iam.updateAccessKey({
    UserName: "ci-deploy",
    Status: "Inactive",
  }),
);
// decision: allow · signed · evidenceId=ev_3f9c…

4.0 · The console

Every decision, in plain view.

The same record that flows to your audit log shows up live — who, what, why, and which rule matched. Filter by agent, task, or outcome.

arcane / decisions

time

outcome

agent · task

resource

matched rule

14:02:11

allow

release-bot@v1.2 / deploy-staging

vault.kv/staging/*

rule.deploy.staging

whyrule.deploy.staging

release-bot is on staging allowlist for vault.kv/staging/*. Token TTL: 5m. Principal binding fresh.

14:02:09

deny

support-agent@v3.0 / lookup-customer

billing.customers.write

rule.support.read-only

whyrule.support.read-only

support-agent is bound to a read-only role. The call requested write on billing.customers — outside declared actions.

14:02:04

allow

support-agent@v3.0 / lookup-customer

billing.customers.read

rule.support.read-only

whyrule.support.read-only

Read on billing.customers is in support-agent's declared action set. Caller user verified at task start.

14:01:57

review

research-agent@v0.4 / fetch-document

drive.files.read

rule.research.pending

whyrule.research.pending

research-agent is in shadow mode. Decision logged; promotion of rule.research.* awaits operator review.

14:01:51

allow

release-bot@v1.2 / rotate-keys

aws.iam.rotate

rule.deploy.rotation

whyrule.deploy.rotation

Key rotation is a declared task action for release-bot@v1.2. Token is single-use; one rotation per grant.

14:01:42

deny

release-bot@v1.0 / deploy-prod

aws.ecs.deploy

rule.deploy.version-gate

whyrule.deploy.version-gate

release-bot@v1.0 is below the minimum approved version (v1.2). Version gate denies deploy-prod for older builds.

showing 6 of 1,284live

5.0 · Get started

One conversation.
Enable your security team.

Talk to founders

Govern as fast as employees build

allow research-agent to read drive.files when delegated by an engineering-org user

Bind identity

Issue a task-bound grant

Enforce on every call

One conversation.Enable your security team.

One conversation.
Enable your security team.