Shadow AI on corporate endpoints.
Claude Code, Copilot CLI, Cursor agents, custom LangChain workflows — they're already running on developer laptops and engineering VMs. Security has no inventory, no policy, and no kill switch.
Runtime AI Command Authority
Govern every AI command.
Govern every AI command.
Before it executes.
DarkGuard is the runtime authority layer for AI agents and developer copilots running inside your organization. Every shell command, every script, every action — intercepted, classified, and authorized at the endpoint. In milliseconds.
Built for the AI tools your teams actually use
The Problem
Four blind spots every enterprise AI deployment hits.
Your developers and operators run AI agents that can read code, write files, call APIs and spawn shells. Most organizations have no way to see — let alone authorize — what those agents actually do at the endpoint.
Shell access without accountability.
An AI agent calls bash or powershell.exe, the OS happily executes. There's no record of which prompt, which model, or which human is responsible — only that the file was deleted.
Oversight is all-or-nothing.
Today's options are blocking the tool entirely or trusting it blindly. Low-risk reads and high-risk writes get the same treatment, so teams either pull the agent or wave everything through.
Regulators want evidence you don't have.
NIS2, ISO 27001, the EU AI Act and ENS all demand traceable, runtime evidence of human oversight over consequential automated actions. Static policy documents don't satisfy any of them.
The Solution
An authority layer between your AI and your endpoints.
DarkGuard installs a lightweight agent on every machine where AI runs. Each command an AI tool tries to execute is intercepted, evaluated against your rules, and either allowed, denied, or escalated to a human operator — in milliseconds, with a full audit trail.
Intercept before execution
Every command an AI agent attempts is captured at the OS layer before it reaches the shell, the filesystem, or the network.
Risk-scored routing
Allow trusted reads. Deny known-dangerous patterns. Escalate ambiguous actions to a named human, in real time.
Sub-millisecond verdicts
Whitelisted actions clear in under 3 ms. Your developers don't notice DarkGuard until something actually matters.
Centralized rule library
One place to define, version and roll out command policies across every endpoint, organization and department.
Live endpoint visibility
Every agent's status, last check-in and recent activity, in one console — across Windows, Linux and macOS.
Audit-grade evidence
Immutable logs of every command, every verdict, every human decision. Export-ready for auditors and regulators.
See it in action
From shadow AI to governed AI in 90 seconds.
Watch how DarkGuard catches a Claude Code agent attempting destructive commands on a developer workstation, escalates the call to the SOC operator, and records the whole exchange.
01 / DEPLOY
Install the agent
Single binary on every endpoint where AI runs. Windows, Linux, macOS. MDM-friendly.
02 / DEFINE
Set your rules
Allow, deny or ask — by command pattern, package, organization or department.
03 / INTERCEPT
Govern at runtime
Every AI-issued command is routed through DarkGuard before it executes.
04 / AUDIT
Prove it
Generate auditor-ready evidence on demand, mapped to NIS2, ISO 27001, EU AI Act.
Inside the console
The control plane your security team has been asking for.
Designed by DARKDATA's incident response operators for the people who actually answer the phone when an AI does the wrong thing.
Executive dashboard
A live read on AI activity across the organization.
One pane of glass for events, denials, denial rates and the rules behind them. Filter by organization, department or endpoint.
- 24-hour and 7-day rolling activity windows
- Top denied commands and most active machines
- Live agent count and rule coverage at a glance
Endpoint inventory
Know exactly which machines run AI — and which don't.
Every onboarded agent reports back continuously. Stale, offline or revoked endpoints are surfaced before they become a blind spot.
- Live, recent, stale and offline status buckets
- Search by hostname, machine ID or IP
- Per-endpoint activity, version and last check-in
Per-endpoint forensics
Drill into any machine. See exactly what its AI did.
Drilldown into any endpoint to inspect denial rate, top denied commands and a full timeline of recent activity by service — Claude Code, OpenCode, custom agents.
- Per-machine denial rate and event volume
- Service-tagged command history (claude-code, opencode, custom)
- Revoke or quarantine an agent in one click
Centralized rule library
Allow, deny or ask. Down to the command pattern.
Author rules with wildcards and pattern matching. Roll them out instantly across every endpoint in scope. Maintain separate rule sets per organization or per department.
- Three verdict types: allow · deny · ask
- Pattern matching for shell commands and package installs
- Pre-built rule packs for common AI agent misbehaviors
Human in the loop
When the rules say "ask", a real person decides.
Ambiguous actions are escalated to the named human authority on duty — directly on their device. Approve in one click, deny in another, with the full command, host and AI context attached.
- Native desktop prompts with full command context
- Routes to the assigned operator, not a shared inbox
- Every decision logged with reviewer identity and timestamp
Multi-OS coverage
Windows. Linux. macOS. One agent, one console.
The same DarkGuard agent runs everywhere your engineers and operators run AI — corporate laptops, build servers, jump hosts, EC2 instances. Revoke any agent in a click.
- Native binaries for Windows, Linux and macOS
- Versioned, MDM-deployable, air-gap-friendly
- Per-agent revocation without redeploy
Compliance, by design
Audit-grade evidence for the frameworks that matter.
DarkGuard ships with a built-in compliance posture — license health, rule coverage, agent liveness and governance — scored continuously and exportable on demand.
Mapped to the controls your auditors actually ask about, by the same operators that already deliver DFIR, SOC and CTI services to leading European cyber insurers.
EU AI Act
Article 14 — runtime human oversight evidence
NIS2
Operational risk management for essential entities
ISO/IEC 27001
A.8 access control & A.12 operations security
ISO/IEC 42001
AI management system — operational controls
ENS (Esquema Nacional de Seguridad)
Spanish public sector security framework
RGPD / GDPR
Article 32 — appropriate technical measures
Why now
The agentic shift has reached the endpoint.
AI agents aren't suggesting code anymore — they're running it. On laptops, on production servers, with your credentials, against your data. The infrastructure to govern them at runtime did not exist. Now it does.
78%
of developers use AI coding tools
And the vast majority of organizations have no inventory of which agents touch which endpoints, let alone what they've executed.
Aug 2026
EU AI Act enforcement deepens
High-risk AI obligations require demonstrable runtime human oversight. Static documentation no longer satisfies the requirement.
∞
shell access is unbounded
Once an AI tool can call bash, the only meaningful control is at the command itself. That's exactly where DarkGuard sits.
Integration & deployment
Slots into the AI tooling and OS estate you already have.
One agent. One console. No vendor lock-in on which AI tool, model or framework your teams choose to use.
AI tools we govern
DarkGuard is agent-agnostic. If it can call a shell, write a file or hit a network endpoint, DarkGuard can authorize it.
Where DarkGuard runs
Single-binary agent for every endpoint. Centralized, multi-tenant console. Your data, your environment, your call.
FAQ
Frequently asked questions.
Is DarkGuard an EDR?
No. EDR products focus on detecting malicious behavior from any process on the endpoint. DarkGuard is purpose-built for one job: governing the commands that AI agents and developer copilots issue, before they execute. It can sit alongside your EDR with no overlap, providing the AI-specific authority layer that EDR doesn't.
How is this different from a guardrails or prompt-filtering tool?
Prompt-filtering tools work on the model's input or output. DarkGuard works on the agent's actions — the actual commands, file writes and network calls that reach your operating system. An action can be technically permitted at the model level and still warrant a human decision because of its impact at the endpoint. That's the gap DarkGuard closes.
Will it slow our developers down?
Whitelisted commands clear in under three milliseconds — well below human perception. Only commands that match an "ask" rule pause for a human verdict, and only if your policy says they should. Most engineering teams report DarkGuard becomes invisible after the first day.
Does DarkGuard read the contents of our files or prompts?
No. DarkGuard inspects the command an AI agent attempts to execute — process name, arguments, requesting service — not the prompts you sent the model or the contents of your repositories. Logging is scoped to what the agent asked the OS to do, with timestamps and verdicts.
Can we deploy on-premise or in our own cloud?
Yes. DarkGuard is offered as managed SaaS, customer-managed cloud (your VPC on AWS, Azure or GCP), or fully on-premise with air-gapped console support. Most regulated customers in finance, healthcare and government choose the latter two.
How does DarkGuard help with the EU AI Act?
Article 14 of the EU AI Act requires that human oversight of high-risk AI systems be effective during use — not merely documented at deployment. DarkGuard generates the runtime evidence regulators ask for: which command was issued, by which agent, against which policy, and which named human approved or denied it. The compliance posture exports map directly to the controls.
Who is behind DarkGuard?
DarkGuard is built and operated by DARKDATA, S.L., a Spanish cybersecurity company specializing in DFIR, SOC operations, threat intelligence and incident response. DARKDATA has delivered cyber-incident response on hundreds of engagements for European cyber insurers and corporate clients. DarkGuard is the productized expression of what those operators wished they had during AI-related investigations.
Get in touch
See DarkGuard against your own AI tools.
Tell us what your teams run and where, and we'll set up a private demo against a representative environment. A real human from DARKDATA will reply within one business day.