Three tiers · One engagement at a time
How Watch works.
Watch is structured in three tiers. Start with a free Snapshot - no authorization required, no scanning, no risk. Step up to a signed Assessment when you need the full picture. Add continuous monitoring to stay current.
Passive, public-surface observation only - no scanning or exploitation without signed authorization. The Snapshot tier requires no engagement, no account, no authorization.
Free passive Snapshot
Passive, public-surface observation of your MCP server or agent endpoint. No scanning, no exploitation, no signed authorization required. A quick read of what's exposed before we go deeper.
Passive, public-surface only. No scanning or exploitation without signed authorization.
Authorized deep Assessment
A signed, authorized engagement that goes below the surface. Tool abuse paths, prompt injection vectors, data exfiltration risks, and OWASP Agentic Top 10 coverage - mapped and remediated.
Requires signed authorization. Report maps every finding to OWASP Agentic Top 10 and NIST IR 8596.
Continuous posture monitoring
Ongoing watch over your agent's attack surface. New tool registrations, schema changes, configuration drift, and emerging OWASP Agentic findings - all surfaced before they become incidents.
Subscription. Alerts on posture changes. Quarterly posture report.
OWASP Agentic Top 10
The OWASP Agentic Top 10 defines the most critical security risks for AI systems: prompt injection, tool misuse, excessive permissions, data exfiltration vectors, and more. Every Watch finding is mapped to the relevant OWASP Agentic category so you and your customers’ security teams speak the same language.
- -LLM01:2025 - Prompt Injection
- -LLM02:2025 - Sensitive Information Disclosure
- -LLM06:2025 - Excessive Agency
- -LLM08:2025 - Vector and Embedding Weaknesses
- -...and more
NIST IR 8596
NIST IR 8596 is NIST’s guidance specifically on AI agent security - a framework for understanding and mitigating the risks unique to autonomous AI systems. Assessment reports align findings to NIST IR 8596 sections, giving you the evidence that enterprise and government procurement teams expect.
- -§4 - Threat identification
- -§4.2 - Prompt injection threats
- -§5 - Risk mitigation
- -§5.1 - Least privilege for agentic systems
- -...full section mapping in Assessment report
What is the OWASP Agentic Top 10?
The OWASP Agentic Top 10 is a list of the most critical security risks specific to AI agents - prompt injection, tool misuse, excessive permissions, and more. Watch maps every finding to these categories so you and your customers can speak the same language as their security teams.
What is NIST IR 8596?
NIST IR 8596 is NIST's guidance on AI agent security - a framework for understanding and mitigating the risks specific to autonomous AI systems. Assessment reports map findings to NIST IR 8596 alongside OWASP Agentic to give you the evidence that enterprise and government customers expect.
Is the Snapshot really passive?
Yes. The Snapshot observes your MCP server's public surface - tool schemas, exposed capabilities, configuration visible without authentication - and does nothing that could be considered scanning or exploitation. No authorized engagement is required. For deeper testing, the Assessment requires a signed authorization.
Do you need access to my production system?
The Snapshot needs only the public URL of your MCP server or agent endpoint. The Assessment and Watch are authorized engagements and are scoped with you before any work begins - what access is needed and what is out of scope is agreed in writing first.
What does 'source-available' mean for the collector and scanner?
BSL (Business Source License) and FSL (Functional Source License) are source-available licenses - the code is readable and auditable by anyone, but commercial use is restricted without a commercial license. For a security tool, being able to read the code that runs inside your environment is the trust feature. The control plane is proprietary.