Protect your business today. Day ends in
CapitalGuard

cg-accessgraph-1.0.0

See the access chain other scanners miss.

CapitalGuard AccessGraph connects each agent surface to what it can read, change, execute, or transfer, the business asset at risk, and the control that should stand between them.

CapitalGuard AccessGraph

Read. Change. Execute. Transfer.

Simulated example
Repository workspaceIllustrative coding-agent policy
ReadCredential-bearing pathsAccount and infrastructure accessBlock
ChangeAuth and billing logicRevenue and account integrityHuman approval
ExecuteLocal commandsDeveloper and repository stateHuman approval
TransferPrompts and logsPrivate context disclosureRedact
Licensed scans generate this map locally from aggregate exposure state without placing secret values in the graph.CGX-8D42-7AC1-55F0

One ownable security record

A scan becomes a baseline the company can keep.

The durable value is not a colorful score alone. It is the linked record of exposure, policy, change, and evidence that becomes more useful after every authorized review.

AccessGraph

Maps agent surfaces, actions, business-critical asset classes, and required controls in one structured record.

Guardprint

Fingerprints aggregate exposure state so a later scan can identify change without publishing repository contents.

Policy artifact

Turns the map into blocked paths, approval gates, redaction rules, and untrusted-instruction boundaries.

Verified history

Keeps score, graph version, policy version, delivery state, and approved verification attached to the review.

Control language

Four controls teams can act on.

CapitalGuard turns exposure into an explicit boundary instead of pretending every risk can be fixed automatically.

Block

Deny access to material that should never enter agent context.

Human approval

Pause high-impact changes and execution until an owner reviews them.

Redact

Keep sensitive values out of prompts, logs, reports, and transfers.

Treat as untrusted

Prevent repository text from silently becoming operating instruction.

Privacy boundary

A fingerprint of state, not a vault of code.

The licensed local scanner generates aggregate category counts and a reproducible Guardprint. Source contents, raw secret values, customer identity, and repository name are not required in the AccessGraph output.

Privacy-safe by default

Aggregate asset-surface counts
Detected agent configuration categories
Installed control state
Versioned local Guardprint
Previous-to-current drift status

Start the baseline

Make AI-agent access visible before it becomes liability.

Compare Three Licenses