Production-deployed
Running in hosted stack and supported
Pilot-ready
Works in controlled deployment / design partner
Configurable
Implemented and tested; activate with API keys or operator configuration in SaaS or local deployment
Roadmap
Not available yet
URL & Context Trust Gate
CapabilityStatusNotes
POST /evaluate end-to-end verdict
Pilot-ready
Heuristic-only mode runs without model downloads. 15-min local PoC available.Canonicalisation, querystring redaction, homoglyph / punycode normalisation
Pilot-ready
canonicalize.pySSRF-guarded safe crawler
Pilot-ready
Isolated egress required in production. See scripts/poc/README.md.Heuristic detection ensemble
Pilot-ready
Prompt injection, credential harvest, brand impersonation, zero-width stripping.ML-based detection (DeBERTa, BERT NER, toxic-bert, BART zero-shot)
Configurable
Set TRANSFORMERS_OFFLINE=0 and allow model download on first start.Playwright detonation sandbox (port 8015)
Pilot-ready
Runs in isolated Docker detonation network with no internal route.Google Safe Browsing v4 reputation feed
Configurable
Set SAFE_BROWSING_API_KEY to activate.Microsoft SmartScreen / Defender Threat Intelligence feed
Configurable
Set SMARTSCREEN_TENANT_ID / CLIENT_ID / CLIENT_SECRET.VirusTotal v3 URL reputation feed
Configurable
Set VIRUSTOTAL_API_KEY. Results cached for VIRUSTOTAL_CACHE_TTL_S seconds.Tenant allow / block lists
Pilot-ready
Via GET /policies?tenant_id=…&scope=url-trust-gate on policy service.Evidence writes to audit service
Pilot-ready
POST /events. Retry with exponential back-off (3 attempts). Dead-letter log on final failure for log-aggregation recovery. Gap visible in Prometheus evidence_write_errors_total./health, /ready, /metrics, /pki/public-key endpoints
Pilot-ready
/ready probes detection, policy, and audit before declaring ready. Prometheus text/plain; version=0.0.4.LangChain URL Trust Gate hook
Pilot-ready
sdks/python/cyberarmor/frameworks/langchain_url_trust_gate.pyLlamaIndex URL Trust Gate hook
Pilot-ready
sdks/python/cyberarmor/frameworks/llamaindex.pyRASP Python hook
Pilot-ready
rasp/python/cyberarmor_rasp_url_trust_gate.pyBrowser extension hook
Pilot-ready
extensions/chromium-shared/url_trust_gate.jsEndpoint agent hook
Pilot-ready
agents/endpoint-agent/monitors/url_trust_gate.pyEnforced mTLS between services
Configurable
Set CYBERARMOR_ENFORCE_MTLS=true and provision certs.Redis-backed reputation cache (multi-replica)
Configurable
In-process cache works for single-node. Redis required for multi-replica.OpenAI / Anthropic tool-use URL field wrappers
Pilot-ready
sdks/python/cyberarmor/frameworks/openai_url_trust_gate.py, anthropic_url_trust_gate.py — intercepts tool-call response objects before agent fetch.Kubernetes NetworkPolicy for detonation worker
Roadmap
Compose isolation is in place. K8s NetworkPolicy not yet written.Feedback-driven detection fine-tuning
Roadmap
Evidence and /feedback endpoint exist. Offline trainer not yet built.Control Plane, Detection & Policy
CapabilityStatusNotes
Policy evaluation engine (OPA-backed, Python fallback)
Production-deployed
services/policy/Tenant-scoped policy rules, artifacts, API-key flows
Production-deployed
Detection service — prompt injection, sensitive data, toxicity
Production-deployed
services/detection/PII detection — 16-class regex catalog + 6-class NER
Production-deployed
Regex (SSN, credit card, email, phone, etc.) plus NER for person_name, location, organization, ip_address, url, crypto_address.Redact action enforcement (general policy engine)
Production-deployed
Enforced in AI proxy and endpoint agent (process, network, file monitors). Previously URL-Trust-Gate-only.HMAC content-hash pseudonymization (GDPR / HIPAA)
Configurable
Set CYBERARMOR_HMAC_KEY. Deterministic per-tenant tokens replace redacted values for audit correlation without exposing raw PII.Tenant-specific NER fine-tuning pipeline
Roadmap
Reduces false positives (e.g. SSN classified as organization). Training corpus and offline trainer not yet built.AI provider routing and resolution
Production-deployed
services/response/Agent identity registration and delegation chains
Production-deployed
Audit logs, telemetry, incidents, evidence capture
Production-deployed
services/audit/Compliance engine (14 frameworks)
Pilot-ready
Working API. Expanding coverage with design partners.Production SIEM / SOAR integration workflows
Pilot-ready
Splunk, Sentinel, QRadar, Elastic, Google SecOps, Syslog/CEF.Consumer Surfaces
CapabilityStatusNotes
Endpoint agent (Linux / macOS / Windows)
Pilot-ready
agents/endpoint-agent/Chromium browser extension
Pilot-ready
extensions/chromium-shared/VS Code extension
Pilot-ready
extensions/vscode/Office add-in (Word, Excel, PowerPoint, OneNote, Outlook)
Pilot-ready
extensions/office/Python RASP
Pilot-ready
rasp/python/Go RASP
Pilot-ready
rasp/go/Java RASP
Pilot-ready
rasp/java/Node.js RASP
Pilot-ready
rasp/nodejs/LangChain SDK wrapper
Pilot-ready
sdks/python/cyberarmor/frameworks/LlamaIndex SDK wrapper
Pilot-ready
sdks/python/cyberarmor/frameworks/macOS / Windows kernel sensors
Pilot-ready
kernel/ — verify scope before claiming in demos.OpenAI tool-use URL wrapper
Pilot-ready
sdks/python/cyberarmor/frameworks/openai_url_trust_gate.pyAnthropic tool-use URL wrapper
Pilot-ready
sdks/python/cyberarmor/frameworks/anthropic_url_trust_gate.pyStatus reflects the current codebase and hosted deployment as of May 2026. Pilot-ready capabilities are available to design partners through a controlled onboarding. Configurable capabilities are implemented and tested — activate them with the noted API keys or operator configuration steps in the hosted SaaS stack or your own deployment. Contact us to request access or discuss deployment scope.