I
Imara
Request access →
Agent Identity · Real-time Governance · Cryptographic Audit · CISA/NSA Aligned

Agents act.
Imara decides
if they should.

The governance kernel for the agentic era. Every agent has a cryptographic identity, every intent is policy-checked before it executes — not logged after.

Request access See how it works
LIVE · Imara Governance Feed
Outbound Payment Agent$12,500 wire → Acme Vendors LLCALLOWED2ms
Bulk Payroll AgentPayroll run outside approved windowBLOCKED1ms
Transaction Fraud DetectorTX-8821 scored: low riskALLOWED3ms
FX Rate AgentOverride FX rate to 1.42 manuallyBLOCKED1ms
Claims ProcessorCLM-8821 GP consultation approvedALLOWED2ms
AML MonitorStructuring alert: $9,800 ×8 depositsBLOCKED4ms
Inbound ReconcilerSWIFT MT103 $45,000 — matchedALLOWED2ms

DNA IDs

Agent identity

10/10

CISA/NSA controls

6+

Cloud providers

< 1 ms

Ledger write p99

The question enterprises are asking

“How will I know what my agent was doing?”

The question every enterprise is asking right now.

Industry answer

“We'll give you a report.”

After the fact. Batch. By the time you read it, the agent already moved the money, sent the email, or called the API four hundred times.

Imara's answer

Blocked before it happened.

Every intent intercepted at the kernel boundary, before any execution. Live feed. Full audit trail. No report needed because nothing bad got through.

Cloud-agnostic · works with any S3-compatible object store

A
AWS S3
G
Google Cloud
Z
Azure Blob
C
Cloudflare R2
M
MinIO
Any S3-compatible

How it works

Identity in. Proof out.
Every time.

Imara wraps every agent action in a four-stage pipeline — register, classify, enforce, and chain — so no intent escapes the audit trail.

01

Agent registers

An agent declares its identity, owner, jurisdiction, capabilities, and system prompt. It receives a DNA ID and enters PENDING state — it cannot act until a human approves it.

02

Intent arrives

The agent submits a natural-language intent to the Imara kernel. The kernel classifies the intent and checks it against the agent's declared capability bounds.

03

Policy decides

Permitted intents execute. Blocked intents are rejected before any API call, payment, or state change fires — with the reason written to ledger at the moment of decision.

04

Chain anchors

Every outcome is hashed over its content plus the previous entry's hash, then replicated to your cloud store. The audit trail is complete, immutable, and independently verifiable.

Cryptographic audit chain

Tamper the chain.
The math will tell.

Each ledger entry is hashed with SHA-256 over its full content plus the previous entry's hash. A single bit change anywhere in history cascades into every downstream hash — making forgery detectable by any party with read access, including regulators.

  • SHA-256 over payload + previous hash
  • Chain-head stored on S3 for independent verification
  • Portal shows broken-at entry with diff view
  • No trusted intermediary required to verify
View chain verifier
#1

Agent registers: Outbound Payment Agent

prev: 000000000000

OKa3f9c2d8e1b4
#2

Intent: initiate $12,500 wire transfer

prev: a3f9c2d8e1b4

OKb7e1a4f2c9d3
#3

Intent: override FX rate to 1.42 manually

prev: b7e1a4f2c9d3

Blockedc8d3b6e1f2a4
#4

Intent: query payment status TX-8821

prev: c8d3b6e1f2a4

OKd1a9e5c3b7f2

Chain intact · 4 entries · head: d1a9e5c3b7f2…

Imara Ledger

A

AWS S3

G

Google Cloud

Z

Azure Blob

C

Cloudflare R2

M

MinIO

Any S3-compatible

All endpoints speak s3:// — switch providers without changing your code

Cloud agnostic

Your cloud.
Your rules.

Data sovereignty requirements differ by jurisdiction. Imara exposes a standard S3-compatible replication layer so your audit trail lands in the cloud region your compliance team approved — not ours.

  • S3-compatible API — no SDK changes required
  • Per-tenant bucket isolation
  • Replication runs async, never on the hot path
  • Local ledger is always the source of truth
  • Meets data-residency and sovereignty requirements

Platform capabilities

Not a sandbox.
A conscience.

Sandboxing limits where agents run. Imara governs what they are allowed to intend.

Agent DNA Identity

Every agent carries a cryptographic DNA ID, a declared owner, a parent-child lineage, and explicit capability bounds. You always know who an agent is, who authorised it, and whether it is still trusted to act.

Intent Interception

The kernel intercepts every agent intent before execution. Blocked actions never reach an API, payment rail, or database — the policy check happens at the kernel boundary, not the application layer.

Prompt Injection Defence

A heuristic scanner inspects every intent for role-override patterns, jailbreak keywords, exfiltration commands, and embedded instruction markers. Suspicious content is quarantined before any downstream execution.

Behavioural Anomaly Detection

Per-session profiling tracks action history, out-of-role requests, policy escalation probes, and read→network exfiltration sequences. Fatal anomalies terminate the session and cascade-kill all child agents.

Network Isolation Enforcement

An HTTP CONNECT proxy enforces per-agent outbound allowlists on every kernel. Kernel ≥ 6.7 also applies Landlock v4 TCP rules at the syscall layer — two independent enforcement points.

Multi-Agent Cascading Trust

Parent agents sign child spawn requests with Ed25519. Children inherit a capability subset — never more than the parent holds. Revoking a parent cascade-terminates every descendant in the lineage tree.

Real-time Governance Feed

Watch every decision as it happens — allowed, blocked, or escalated — with classification, latency, and policy reason. Not a report tomorrow morning. Live, at decision time.

SHA-256 Hash Chaining

Every ledger entry cryptographically links to the previous one. Tamper any record and the entire downstream chain breaks — giving auditors mathematical proof of integrity without a trusted intermediary.

Cloud-Agnostic Ledger

Replicate to AWS S3, Google Cloud, Azure Blob, or Cloudflare R2 — whatever your risk team approved. Data sovereignty built in. Switch providers without changing a single line of runtime code.

CISA · NSA · Five Eyes

Secure deployment of
AI agents. Covered.

The CISA/NSA/Five Eyes joint guidance on deploying AI agents securely defines ten controls. Imara implements all ten — in the kernel, not as a checklist bolted on after.

10 of 10 controls implemented
01

Agent Identity & Authentication

Ed25519 DNA IDs — cryptographic identity declared at registration, verified on every call.

02

Least Privilege & Capability Bounding

Declared capability set enforced at the kernel; child agents can never exceed parent permissions.

03

Human Oversight & Approval Workflows

High-risk intents escalate to human approvers; the kernel blocks execution until explicit approval arrives.

04

Immutable Audit Trail

SHA-256 hash-chained ledger written at decision time — allow or block — replicated to your cloud store.

05

Prompt Injection Defence

Heuristic scanner detects role-override, jailbreak, exfiltration, and embedded instruction patterns in every intent.

06

Behavioural Anomaly Detection

Per-session profiling flags out-of-role actions, escalation probing, and storage→network exfil sequences.

07

Network Isolation

HTTP CONNECT proxy + Landlock v4 TCP rules enforce agent outbound allowlists at two independent layers.

08

Multi-Agent Trust & Spawn Signing

Parent signs child spawns with Ed25519; cascade termination propagates to all descendants on revocation.

09

Credential & Secret Isolation

Ambient credential scrubber strips API keys, tokens, and secrets from every agent subprocess environment.

10

Secure Supply Chain

Agent registry enforces owner declaration, system-prompt hash, and jurisdiction — signed at registration.

Reference: CISA/NSA/ACSC/NCSC/CCCS/GCSB/NCSC-NZ joint guidance — “Deploying AI Systems Securely” (2025). Talk to us →

Built for oversight

A portal made for
compliance teams.

Compliance teams and regulators shouldn't need to SSH into a server. Imara ships a dedicated portal with fleet-level visibility across all agents and organisations, chain integrity checks, and blocked intent timelines — read-only, zero trust dependency required.

  • Live fleet dashboard — all organisations in one view
  • Per-agent audit trail with full intent text and policy reason
  • Blocked action timeline — what was stopped and why
  • Chain-head verification — detect tampering instantly
  • Date-range export for formal submissions
  • Multi-tenant isolation — no cross-tenant data leakage
Open portal Verify a chain
imara.internal/fleet

Agent Fleet

Agents: 15
Active: 10
Blocked: 34
Alerts: 1
CA

CapitalPay Orchestrator

Stratus Capital

ACTIVE
BU

Bulk Payroll Agent

Stratus Capital

REVOKED
AM

AML Monitor

RiskShield AI

ACTIVE
KY

KYC Document Validator

RiskShield AI

PENDING

Jurisdiction ready

Proven in markets where
compliance is not optional.

Imara was built in the strictest regulatory environments on earth. Every audit trail is independently verifiable — if your regulator can read S3, they can verify your chain.

Region

Africa

POPIASouth Africa

Protection of Personal Information Act

FSCASouth Africa

FSP conduct & reporting requirements

CBNNigeria

AI & digital finance guidelines

FCCPCNigeria

Consumer protection compliance

RBZZimbabwe

Digital payment audit requirements

BOZBotswana

Fintech regulatory sandbox

SARBSouth Africa

Prudential authority standards

CMAKenya

Capital markets oversight

Region

International

SEC 17a-4(f)United States

WORM electronic records retention

GDPR Art. 30European Union

Records of processing activities

MiFID IIEuropean Union

Transaction reporting & audit trail

ISO 27001International

Information security controls

SOC 2International

Trust services audit evidence

PCI DSSInternational

Cardholder data audit trail

DORAEuropean Union

Digital operational resilience

Basel IVInternational

Operational risk data requirements

Don't see your jurisdiction? The audit chain is standard SHA-256 — any regulator with S3 read access can verify independently. Talk to us →

Private deployment

Request
early access.

Imara is in private deployment with a select group of organisations and regulators. We're working directly with compliance and engineering teams to shape the governance standard for AI agents in production.

  • EnterprisesDeploy AI agents with provable governance from day one — identity, policy, and audit trail built into the runtime.

  • FintechsShip AI-driven payment and decision features with a compliance record that satisfies regulators without custom tooling.

  • RegulatorsAudit any supervised organisation without site visits — just S3 read access and the chain verifier.

  • Compliance teamsGenerate evidence on demand for SOC 2, ISO 27001, and jurisdiction-specific submissions.

Response time

1 business day

Every enquiry is reviewed by an engineer, not a sales bot.

The governance kernel for the agentic era

Not a sandbox.
A conscience.

Imara gives every agent a cryptographic identity, a policy boundary, and an immutable audit trail — enforced at the kernel level before anything executes.

Request access How it works