Skip to content

Why Lens Agents#

One platform that governs every agent in the organization, without constraining which agents, models, or environments are used.

Any agent, any model, any environment#

  • Three agent modesdesktop AI tools (Claude Desktop, Cursor, Claude Code, Copilot, ChatGPT), external agents built with any MCP-compatible framework (Claude Agent SDK, LangChain, CrewAI, AutoGen, in-house), and managed agents created on the platform — all governed identically. Add the local CLI for air-gapped or CI-bound workloads; same sandbox, same policy engine.
  • Provider-agnostic model layer — integrates with Anthropic and AWS Bedrock today; additional providers are added in response to customer need. Model choice does not affect governance. See Supported Models.
  • Any environment — Lens-hosted SaaS, self-hosted, or cloud marketplace. Data stays where you choose.

Governance applied before, not after#

  • Identity — SSO for users (OIDC), scoped agent tokens for non-human principals. Every action attributed to a real identity in the audit trail.
  • Policy engine — domain allowlisting with HTTP method and URL path restrictions, team and project-scoped, evaluated per request. See policies.
  • Credential isolation — credentials are attached to policies, injected server-side by the sandbox proxy, never visible to the agent process. See credential bindings.
  • Spending controls — active enforcement (not just alerting) at organization, team, and agent level. Budgets are checked before every LLM call. See spending controls.
  • Full audit — every tool call, proxy decision, LLM request, shell command, and sandbox event across seven interaction surfaces. See audit trail.

Isolation that holds when agents misbehave#

  • Kernel-enforced sandbox — privilege dropping, kernel-level network isolation, proxy-mediated egress, privilege-dropped workspace. Enforced identically for managed agents, external agents running inside the sandbox, and local CLI execution. Platform-managed sandboxes also shut down on idle (30 min default) to bound the exposure window. See sandbox.
  • TLS-intercepting credential injection — an ephemeral per-sandbox CA (ECDSA P-256, in-memory only) terminates the agent's TLS, injects credentials, and re-encrypts to the real upstream. Even a fully compromised agent cannot extract credentials because they never enter the agent's process.
  • Default-deny networking — only policy-allowed domains are reachable, enforced at the kernel level.

Purpose-built for enterprise rollout#

  • Operates under Mirantis's SOC 2 Type 1 and ISO 27001 control framework. Mirantis is SOC 2 Type 1 compliant for Lens (K8S IDE) and ISO 27001 certified at the corporate level; Lens Agents is built and operated under the same controls. Annual third-party penetration testing. Vulnerability bounty program through HackerOne. See compliance.
  • PII detection and masking on the LLM proxy — 20+ pattern-based PII types plus optional ML-based named-entity detection. Per-policy configuration, fail-closed by default. Available to select customers.
  • EU AI Act transparency foundation — the controls required for Article 9–17 compliance are in place today.
  • Data sovereignty controlled by deployment choice. Self-hosted deployments send nothing to Lens Agents infrastructure.

What's different about this approach#

Most AI-governance products sit in front of a single agent mode (chat) or a single model provider, and extend governance to other modes through integrations. Lens Agents was built the opposite way: one governance plane first, then three ways for agents to connect to it. A policy you write once applies to a Claude Code session on an engineer's laptop, a LangChain agent running in your AWS account, a managed SRE agent on our platform, and a CLI-run agent in your CI pipeline — without rewriting or re-scoping.

This matters for:

  • Scale — you don't need separate policies, audit systems, or credential stores per agent mode.
  • Consistency — a user who moves from Cursor to a managed agent doesn't leave governance behind.
  • Migration — prospects often begin with desktop tools (governed MCP integration), then introduce external agents, then adopt managed agents. Same identity, same policies, same audit.

The capability pitch, delivered in your stack

This page is the summary. The full story lives in how it works in your environment — your SSO, your clusters, your integrations, your policies. We run that as a guided evaluation.

Talk to us to schedule one.