✨ 2026 Futuriom 50: Key Findings and Highlights →2026 Futuriom 50: Highlights →2026 Futuriom 50: Highlights →Explore ✨
Govern the blast radius.
Before the breach.
Blast radius is determined by architecture — not by how fast you detect. Each Validated Containment Architecture delivers a lab-tested, partner-validated containment deployment for a specific AI workload type.
Includes insertion pattern, AI-aware SmartGroup model, and baseline policy pack included. Security teams deploy from day one. No application-team compliance required.
The LiteLLM supply chain compromise hit 40,000 environments in 3 hours. The organizations that stopped the exfiltration did not detect it faster — they had architecture that governed every workload communication path before the breach occurred.
Without containment architecture, every AI workload
is an ungoverned blast radius.
Without Containment
With Containment Architecture
Validated Containment Architectures
Contain AWS Bedrock AgentCore
Zero-trust egress for Bedrock AgentCore agents enforced at the network layer. AI-aware SmartGroups dynamically map Bedrock workloads to enforced policy groups. Default-deny MCP egress — each agent declares allowed destinations as policy-as-code. A compromised agent cannot reach a destination that was not explicitly permitted.
Contain Azure AI Foundry Agents
Containment architecture for Azure AI Foundry agent deployments. AI-aware SmartGroups target ai_agent resource types directly — not IP ranges. East-west segmentation prevents agent-to-agent lateral movement. Managed WebGroups auto-update allowed Azure AI endpoints. Every flow logged for compliance and forensics.
Contain Enterprise MCP Infrastructure (Obot)
Policy-as-code containment for Obot-based enterprise MCP infrastructure. FirewallPolicy CRDs let MCP server authors declare network scope at deployment time. Zero-trust egress per MCP server — each tool declares its allowed destinations. Malicious or compromised MCP servers cannot exfiltrate through ungoverned paths.
Contain Enterprise GitHub Pipelines
URL-path scoping for CI/CD and coding agent workloads. Differentiate github.com/acme-corp/* from github.com/* — allow a deployment agent to reach your org while blocking public repos. Blocks runtime package installs from npm, PyPI, and Docker Hub. Supply chain compromise cannot pivot to attacker infrastructure.
Contain Enterprise AI Chat
Production containment for enterprise AI chat deployments. Managed WebGroups govern which LLM providers are reachable — allow or deny by provider with a single policy. AI workload URL categories block file-sharing, paste sites, and unauthorized AI providers by default. Data residency enforced at the network layer.
Contain Enterprise OpenClaw
Network containment for NemoClaw-powered agentic environments. AI-aware SmartGroups segment NemoClaw agent workloads by team, environment, or tag. East-west policy blocks agent-to-agent lateral movement. Instance metadata endpoint blocked by default. Ungoverned outbound paths cannot become exfiltration vectors.
Contain Google Vertex AI Agents
Network containment for Google Vertex AI agent deployments on GCP. AI-aware SmartGroups keyed to Vertex AI agent identities via Cloud Asset Inventory. Default-deny egress governed at the GCP VPC boundary — agents can only reach explicitly permitted destinations. Completes the hyperscaler containment set alongside Bedrock and Azure AI Foundry.
Contain Microsoft MCP Gateway
Azure-native containment architecture for Microsoft MCP Gateway deployments. Per-MCP-server egress scoping keyed to Azure managed identity surface. DCF enforcement at the Azure VNet boundary governs what each MCP server can reach. Pairs directly with the Azure AI Foundry VCA for a complete Microsoft agentic workload containment deployment.
Govern the blast radius.
From day one.
Each Validated Containment Architecture ships with a reference architecture diagram, deployment guide, SmartGroup model, and baseline policy pack — published on GitHub and the Aviatrix docs site. Lab-tested. Deployable the day it ships. Register to be notified when each one drops.