IAM for the agent era

Identity, authorization, and audit for AI agents.

Govern every tool call your agents make — on the harnesses you already use. No switch required, nothing to bypass.

Get a demo Read the docs →

Works with Claude Code, Cursor, and custom harnesses · OIDC / SAML / SCIM · Cedar policy

slack.postMessage — allowed · maya@acme via dhvati
Trusted by security-first teams Nordwerk CANTOR helvetia.io BRUMM Ostara FERRUM&CO

The problem

Agents now act on your real systems. Nothing governs them.

AI agents post to Slack, push to GitHub, and touch production APIs on behalf of employees — with shared credentials, no per-user identity, no policy, and no audit trail.

0
Identity

Agents act as shared API keys. No one can say which employee was behind an action.

Blast radius

One credential in an agent's context can read, write, and delete everything it reaches.

?
Audit trail

When something goes wrong, there is no record of who asked, what ran, or why it was allowed.

The platform

Authenticate. Authorize. Audit.

Authenticate

Every agent action is tied to a verified employee via your identity provider — OIDC, SAML, SCIM. No anonymous automation.

Authorize

Per-role, per-tool policy in Cedar. Allow the read, deny the post — decided on every call, before it reaches the vendor.

Audit

Every decision logged — who, what, when, allow or deny — in a stream your SIEM can read. Answers, not forensics.

How it works

Credential custody, not honor system.

The dhvati Gateway holds your vendor credentials. It verifies the acting employee against your IdP, evaluates Cedar policy, then injects the credential and forwards — or blocks.

Step 1

Agent

Claude Code, Cursor, or a custom harness makes a tool call — with no credential of its own.

Step 2

dhvati Gateway

Verifies the employee via your IdP, checks Cedar policy, audits the decision — then injects the credential and forwards, or blocks.

Holds credentials Checks policy Audits every call

Step 3

Vendor

Slack, GitHub, internal APIs, MCP servers — reached only through the Gateway, only with an allowed call.

"Bypass the Gateway and you get no credential — so there's nothing to bypass."

Why dhvati

Built for how enterprises actually run agents.

Harness-agnostic

Works with Claude Code, Cursor, and custom harnesses. Govern the agents you already use — no switch required.

Un-bypassable by design

Credential custody means the Gateway is the only place credentials exist. Going around it yields nothing.

Sovereign & on-prem

Run it in your datacenter or your cloud of choice. No hard dependency on any US cloud provider.

Standards-based

Cedar for policy, OIDC / SAML / SCIM for identity. No proprietary lock-in, nothing exotic to learn.

Who it's for

One control plane, three teams served.

Security teams

Shrink the blast radius

Take vendor credentials out of agent contexts entirely. Enforce least privilege per employee, per tool, per action.

Platform & IT

Enable, don't block

Roll agents out to the whole org with SCIM-provisioned access and policy that follows people through role changes.

Compliance

Prove it, on demand

A complete, queryable record of every agent action and decision — ready for auditors, regulators, and incident review.

Put your agents under governance.

See dhvati govern a live agent's tool calls in a 30-minute walkthrough.

Get a demo Read the docs →