SkyDaemon
Book a demo
Runtime governance · Annex-IV-ready · 104 languages

Govern every AI agent
in production.
End-to-end evidence, by default.

SkyDaemon sits at the prompt and tool-call boundary of every agent in your fleet. We detect 72 AI-specific threats across 12 risk domains, enforce policy in real time, and generate the audit evidence your auditors and regulators ask for — SOC 2, ISO/IEC 42001, NIST AI RMF, EU AI Act Annex IV, HIPAA, PCI, GDPR.

Book a demo Explore the product
0
Threat categories
0
Native integrations
0
LLM providers
0
Languages detected
0
Compliance frameworks
skydaemon-runtime · live demo live
Speaks every framework your engineers already use
LangChain LlamaIndex AutoGen v0.4 CrewAI Anthropic Agents SDK OpenAI Assistants v2 AWS Bedrock Agents Google Vertex AI Strands smolagents Pydantic-AI Haystack 2 DSPy Vercel AI SDK Mastra Spring AI Semantic Kernel LangGraph Letta Phidata LangChain LlamaIndex AutoGen v0.4 CrewAI Anthropic Agents SDK OpenAI Assistants v2 AWS Bedrock Agents Google Vertex AI Strands smolagents Pydantic-AI Haystack 2 DSPy Vercel AI SDK Mastra Spring AI Semantic Kernel LangGraph Letta Phidata
What SkyDaemon does

The runtime governance plane
for production agents

Six capabilities that no single competitor in the cohort ships in one platform today.

🛡

Detect 72 AI-specific threats

Prompt injection, jailbreak, indirect injection, secrets, PII, agent excessive-agency, confused-deputy, denial-of-wallet, sleeper-agents, sycophancy, eval-gaming, supply-chain, kill-chains. Mapped to OWASP, MITRE ATLAS, NIST AI RMF, EU AI Act.

Enforce policy in real time

Custom DSL, 30+ starter templates, three modes (enforce / shadow / log), staged rollout, dry-run simulation. Halt at the proxy, redact in-line, route to a human approver.

📑

EU AI Act Annex IV — one click

Article 11 technical-documentation bundle, sections A–H auto-populated from your inventory, findings, red-team results. Signed manifest. Drops directly into your conformity-assessment file.

🧾

AI Bill of Materials

CycloneDX 1.6 + ML-BOM + SPDX 3.0 export per agent. Models, fine-tunes, datasets, RAG corpora, MCP tools, vector stores, libraries — all with SHA-256 + signed-by attestations.

🔭

Continuous red-team

OWASP LLM Top 10 + MITRE ATLAS coverage. Imports PyRIT, Garak, Promptfoo, Inspect AI, HELM, AI Verify. SkyDaemon's first-party Algorithmic Red Team uses Claude-as-attacker on your specific system prompt.

📊

Audit-grade evidence

OCSF v1.3 native. Splunk HEC, Datadog, CEF, Sentinel, Falcon, Cortex XSIAM, AWS Security Hub. PagerDuty, Jira, Slack interactive approvals. Drata / Vanta / Secureframe evidence push.

Detection

Every threat the cohort ships — plus seven we ship first.

SkyDaemon's 72-category threat catalog covers the entire OWASP LLM Top 10 (2025) and OWASP ASI (2026) surface, plus the full MITRE ATLAS adversarial-ML matrix. Six categories are uncontested ground:

  • Confused deputy with per-action provenance proof
  • Markdown image exfil — output-channel data exfiltration
  • Prompt-level data residency — GDPR-grade evidence
  • Denial-of-Wallet as a SOC notable event
  • Model-card drift — silent provider-swap detection
  • Composite kill-chains — cross-stage MITRE-ATLAS chains
  • Sleeper-agent activation — Anthropic-2024 failure mode
Browse the threat catalog →
finding.json 
// SkyDaemon emits OCSF v1.3 Detection Findings natively
{
  "finding_type": "prompt.indirect_injection",
  "severity": "critical",
  "detection_score": 0.94,
  "agent_id": "agt_finance_advisor",
  "prompt_sample_sha256": "7f3a...",
  "owasp_llm": ["LLM01"],
  "mitre_atlas": ["AML.T0051.001"],
  "cwe": ["CWE-1426", "CWE-94"],
  "compliance": {
    "soc2": ["CC7.2"],
    "eu_ai_act": ["Art.15"],
    "nist_ai_rmf": ["MEASURE-2.7"]
  },
  "provenance": {
    "source": "rag_retrieval",
    "document": "acme-corp-handbook.pdf"
  }
}
Integrations

Every framework. Every language. Every observability tool.

SkyDaemon ships 25+ language SDKs, native bindings into 31 agent frameworks, auto-instrumentation for 52 LLM providers, and on-write scanning of 39 vector stores.

Findings flow into 16 SIEMs, 10 SOAR platforms, 14 LLM observability tools, 5 ITSM systems, and 8 chat tools — all emitting OCSF v1.3 by default.

  • Auto-instrumentation: OpenAI, Anthropic, Bedrock, Vertex, plus 20+ more
  • Native bindings: LangChain, LlamaIndex, AutoGen, CrewAI, Anthropic Agents, Bedrock Agents, Strands, Haystack, DSPy, Pydantic-AI, Mirascope, Instructor, BAML, Spring AI, Semantic Kernel
  • Observability bridges: Langfuse, LangSmith, Helicone, Portkey, Arize, Galileo, Braintrust, Datadog LLM-O, OpenTelemetry GenAI
See all 110+ integrations →
install.py 
# Drop-in for any LLM client
import skydaemon ; skydaemon.instrument()

from openai import OpenAI
client = OpenAI()

# Auto-instrumented; every call emits a finding
# if the prompt or response trips a detector.
resp = client.chat.completions.create(
    model="gpt-5",
    messages=[{"role": "user",
               "content": prompt}]
)

# SkyDaemon saw the prompt + response, ran 72 detectors,
# mapped any hit to OWASP/MITRE/NIST/EU AI Act,
# and pushed an OCSF event to your SIEM.
Compliance

Audit evidence is the deliverable, not the afterthought.

Every finding ships with full mapping to 11 compliance frameworks. The Annex IV generator produces a single signed ZIP that drops directly into your EU AI Act conformity-assessment file. Auditors stop asking, "Show me the evidence." It's already in their hands.

  • SOC 2 Type II — Trust Services Criteria control mapping
  • ISO/IEC 42001:2023 — full A.5–A.8 control coverage
  • NIST AI RMF 1.0 — GOVERN / MAP / MEASURE / MANAGE
  • EU AI Act Article 11 + Annex IV § A–H — auto-bundle
  • HIPAA Security Rule, PCI-DSS v4, GDPR
  • OWASP LLM Top 10, ASI 2026, AISVS
  • Continuous evidence push to Drata / Vanta / Secureframe / OneTrust
See compliance coverage →
SOC 2
ISO 42001
NIST RMF
EU AI Act
HIPAA
PCI-DSS
GDPR
OWASP LLM
MITRE ATLAS
annex_iv_pack_2026Q2.zip
├─ A_general_description.pdf
├─ B_system_elements.json ← 47 components
├─ C_data_governance.pdf
├─ D_security_robustness.pdf ← red-team results
├─ E_accuracy_metrics.csv
├─ F_risk_management.pdf
├─ G_human_oversight.pdf ← approval queue
├─ H_postmarket_monitoring.pdf
└─ MANIFEST.json (signed)
Why teams pick SkyDaemon

Audit-grade by default.
Engineering-grade in production.

SECURITY ENGINEER

"Wired SkyDaemon into our LangChain stack in 30 minutes. Pulled 12 critical findings on day one — three indirect injections in our RAG corpus we didn't know about."

— Senior Security Engineer, Series B FinTech

CHIEF COMPLIANCE OFFICER

"The Annex IV bundle alone saved us six weeks of manual evidence collection. Our auditor accepted SkyDaemon's signed manifest as primary evidence."

— CCO, Healthcare AI vendor (EU)

SOC ANALYST

"OCSF v1.3 dropped straight into Splunk ES. We get AI findings in the same notable-event view as our EDR alerts. No transformer code."

— Tier-2 SOC Analyst, Fortune 500 retailer

See SkyDaemon on your stack in 30 minutes.

A guided demo on our reference deployment, then a 30-day production trial against your own agents. Onboarding included.

Book a demo See the full product