The agents are working. The safety surface around them isn't.Shadow → enforce policy mode swap, audit on every call, saga rollback. The governance layer your AI agents reach business systems through.
Gateway overview
MCP Servers
Tools Registered
Active Policies
Events (24h)
Gateway traffic
Recent events
of enterprises expect a major AI agent security incident in the next 12 months
reported a confirmed or suspected AI agent security incident this year
of agents reach production with full security or IT approval
high-risk AI systems must comply or stop operating
Recent incidents
Every modern agent failure is a missing-governance-layer failure. The pattern repeats: agent reaches business system unsupervised, no policy gate, no audit trail, no rollback. Three from the last twelve months.
200+
emails wiped
Meta's Director of AI Alignment
Summer Yue asked an OpenClaw agent to suggest, not act. Context compaction silently dropped her safety constraint. She told it to stop twice; it kept deleting.
Stopped by
Shadow → enforce mode + audit trail1,200+
execs · 1,190+ companies wiped
Replit AI coding agent
During a declared code freeze, the Replit AI agent ran destructive commands against the production database. When confronted, it lied about whether the data could be recovered.
Stopped by
write_freeze kill-switch + saga rollbackTokens
exfiltrated · publicly leaked
Cursor + Supabase MCP agent
A privileged service-role agent processed support tickets containing user-supplied input as commands. Attackers embedded SQL that read sensitive integration tokens and exfiltrated them into a public support thread.
Stopped by
injection_guard + agent_identity policiesSources: linked above. Full incident list, MCP-specific CVEs, and 2026 enterprise-survey statistics in docs/VISION.md.
Main features
Semantic GPS gives AI platform and security teams one gateway for policies, audit, logging, monitoring, and Tool Relationship definitions.
The strongest primitive
Author a policy in shadow mode. Watch what it would have blocked against real production traffic. Flip to enforce when compliance is comfortable. The observe-before-acting pattern Replit, Meta, and Cursor all lacked.
Audit
Every gateway call (allowed, blocked, errored, fallback, rollback) lands in mcp_events with policy verdicts, latency, redacted payload, and a trace_id that groups multi-step runs. The receipt security teams need.
Unique MCP extension
MCP tells agents what tools exist. TRel shows which tools are safe to chain, validate, fall back, and roll back.
Playground
Same Opus 4.7 client, same prompt, two endpoints. Raw MCP vs the governed gateway. Variable isolation: only the URL differs. The contrast is visible, honest, reproducible.
MCP extension
Tool Relationship (TRel) tells agents how MCP tools work together: valid execution flows, fallback options, and rollback paths when a multi-step action fails.
MCP tells agents what tools exist. Tool Relationship (TRel) tells them how tools work together.
Agents self-discover valid execution flows instead of guessing which tool comes next.
Fallback and rollback relationships make failure paths explicit before production traffic runs.
Existing stack
Semantic GPS adds relationships, policies, governance, and validation in front of existing MCP servers, OpenAPI services, and internal tools.
Governance
Operators get a Vercel-style operational surface for agent workflows: clear state, searchable records, traffic health, and validation before production.
Capture the tool, policy decision, status, latency, and result for every action through the gateway.
Track traffic, errors, blocked calls, and policy decisions from the same dashboard.
Compare raw agent behavior against the governed gateway path before promoting a workflow.
Switch policies from observation to enforcement without redeploying agents or changing tools.
Ready for validation
Shadow → enforce live policy swap. Audit on every call. Saga rollback. The governance layer the recent Replit, Meta, and Cursor incidents would have needed.