🎉 Free Forever for Developers ⚡ 5-Minute Quickstart

ACT: Agent Capability Tokens

OAuth for AI Agents — Fine-grained permissions, runtime enforcement, complete audit logs. The security layer that prevents unauthorized AI actions before they happen.

Try in 5 Minutes See Live Demo

Trusted by developers building production AI agents

Trusted by developers at leading AI & tech companies

OpenAI

Anthropic

Google

Microsoft

What is ACT?

ACT (Agent Capability Tokens) is the authorization and security layer for AI agents and LLMs. Just like OAuth protects user data, ACT protects against unauthorized AI agent actions.

Every AI agent gets a capability token that defines exactly what it can and cannot do. No more hoping your AI agent stays within bounds — ACT enforces permissions in real time, logs every action, and lets you revoke access instantly.

👤

OAuth protects users

Controls what apps can do with user data

→

🤖

ACT protects from agents

Controls what AI agents can do with your systems

Complete AI Agent Security

Fine-Grained Permissions

Control exactly what each AI agent can do with capability-based access control.

Complete Audit Trails

Track every action your AI agents take with immutable, compliant logs.

Instant Revocation

Revoke AI agent access globally in real-time with zero latency.

Framework Agnostic

Works with any LLM, AI framework, or backend system seamlessly.

Built on Security-First Principles

Permissioned by Default

No AI agent operates without explicit security grants. Zero-trust model for agent authorization.

Observable by Design

Every action is logged with full context for compliance, debugging, and security analysis.

Revocable in Real Time

Instantly withdraw agent permissions when needed, with no propagation delays.

How It Works — At a Glance

ACT sits between your AI agent and your APIs, enforcing permissions in real time

🤖

AI Agent

GPT-4, Claude, Custom

Request + ACT Token

🛡️

ACT Gateway

✓ Validate Token

✓ Check Policy

✓ Log Audit

Allow / Deny

🔌

Your API

Database, Email, Files

How AI Agent Security Works

4-step process to secure your LLMs and autonomous agents

Register Your AI Agent

"GPT-4 Customer Support Bot"

Define Security Policies

Specify exactly what actions the AI agent is permitted to perform

Actions: ["read", "list"]
Resources: ["api://crm/*"]

Issue Capability Token

Generate a cryptographically signed capability token (JWT) for the agent

eyJhbGciOiJSUzI1NiIs...

Enforce & Audit

Every AI agent action is validated against policies and logged for compliance

ALLOWED ✓ read
DENIED ✗ delete

System Architecture

Your Application

AI Agent / Backend Service

API Request + Token

ACT Gateway

Validate Token ✓

Check Policies ✓

Log Audit Trail ✓

ALLOW / DENY

Your API

Customers, Orders, Data

🚨 Real Examples: What ACT Prevents

Without proper authorization, AI agents can take dangerous actions. Here's what ACT stops:

❌

Email to External Domain — BLOCKED

Agent tried to send email to [email protected]

Policy: Only @yourcompany.com allowed

Action: Request denied, admin notified

Audit: Logged with full context

❌

SQL Query Exceeding Row Limit — BLOCKED

Agent attempted SELECT * FROM users (1M+ rows)

Policy: Max 1,000 rows per query

Action: Query blocked, data protected

Audit: Anomaly flagged

❌

Filesystem Access — BLOCKED

Agent tried to execute code with fs.readFileSync()

Policy: No filesystem access granted

Action: Execution prevented

Audit: Security event logged

❌

DELETE Request — BLOCKED

Agent hallucinated and tried DELETE /api/customers/all

Policy: Read-only access

Action: Deletion prevented

Audit: Critical alert sent

✓

Read Customer Data — ALLOWED

Agent requested GET /api/customers/12345

Policy: Read access granted

Action: Request allowed

Audit: Normal activity logged

✓

Create Support Ticket — ALLOWED

Agent created POST /api/tickets

Policy: Create ticket allowed

Action: Request allowed

Audit: Action tracked

⚡ 5-Minute Quickstart

Get up and running with ACT in minutes

Sign Up & Get API Key

Register at www.acttokens.com

Get your API key from the dashboard

Create an Agent

POST https://api.acttokens.com/v1/agents
Authorization: Bearer {your-api-key}

{
  "name": "Customer Support Bot",
  "description": "Handles customer inquiries"
}

Define a Policy

POST https://api.acttokens.com/v1/policies
Authorization: Bearer {your-api-key}

{
  "name": "Read-Only CRM",
  "actions": ["read", "list"],
  "resources": ["api://crm/*"]
}

Issue a Token

POST https://api.acttokens.com/v1/tokens
Authorization: Bearer {your-api-key}

{
  "agentId": "agent-123",
  "policyId": "policy-456",
  "expiresIn": 3600
}

Enforce Permissions

POST https://api.acttokens.com/v1/enforce
X-Api-Key: {your-api-key}

{
  "token": "{capability-token}",
  "action": "read",
  "resource": "api://crm/customers/123"
}
// Returns: { "allowed": true }

View Audit Logs

GET https://api.acttokens.com/v1/audit
Authorization: Bearer {your-api-key}

// Returns full audit trail of
// all agent actions

Start Free Now View Integration Guides

Why Use ACT?

Security First

Fine-grained permissions prevent unauthorized actions

Full Audit Trail

Every action is logged with who, what, when, and why

Instant Revocation

Revoke access globally in real-time if agent misbehaves

Framework Agnostic

Works with any AI framework, LLM, or backend system

Time-Limited Access

Tokens expire automatically after set duration

Compliance Ready

Meet regulatory requirements with detailed logging

Why AI Agent Security Matters

As LLMs and autonomous agents take real-world actions, you need a robust control plane that keeps AI capability aligned with your security policies and compliance requirements.

Reduce AI agent security risk without slowing down automation
Unify authorization across multiple AI agents and LLM providers
Enforce governance and compliance without custom integrations
Meet regulatory requirements with immutable audit logs
Maintain control over autonomous AI in production environments

🎯 Live Demo — See It In Action

Try ACT enforcement in real-time

Scenario Setup

Agent: Support Bot

Allowed Actions: read, list

Blocked Actions: delete, update

Email Constraint: Only @yourcompany.com

✓ ALLOWED GET /api/customers/123

✓ Action 'read' is in policy

✓ Token is valid

✓ Resource matches pattern

❌ BLOCKED DELETE /api/customers/123

❌ Action 'delete' not in policy

🚨 Audit log created

🔔 Admin alert sent

❌ BLOCKED POST /api/email (to: [email protected])

❌ Email domain not in allowlist

🚨 Potential data leak prevented

🔔 Security team notified

✓ ALLOWED GET /api/customers (limit: 100)

✓ Action 'list' is in policy

✓ Row limit within constraint

✓ Request processed

❌ BLOCKED GET /api/customers (limit: 10000)

❌ Exceeds maxRows: 1000

🚨 Bulk export prevented

🔔 Anomaly detected

Want to try it yourself?

Start Free — No Credit Card

Simple, Transparent Pricing

Choose the tier that fits your deployment stage

Free Sandbox

Free

Perfect for getting started

1 agent
500 actions/month
3 policies
7-day audit logs
community support

Start Free

POPULAR

Starter

$49.00/month

Plus applicable taxes

For small teams

Up to 5 agents
50,000 actions/month
Unlimited policies
30-day audit logs
EMAIL support

Start Now

Add-ons: $10/agent

RECOMMENDED

Growth

$299.00/month

Plus applicable taxes

For growing organizations

25 agents
500,000 actions/month
90-day audit logs
Rate-limit controls
IP allow/deny lists
PRIORITY support

Start Now

Add-ons: $5/agent

Secure Your AI Agents Today

Join thousands of developers building production AI with ACT's security layer.

🎉 Free Forever for Developers ⚡ 5-Minute Setup 🔒 No Credit Card Required

Get Started Free

Or try the live demo