Apple Endpoint Security entitlement
Notarized Apple System Extension
Tamper-evident BLAKE3 ledger
100% local — data never leaves your Mac
Built by Astragar Limited — granted Apple’s restricted Endpoint Security entitlement, the same OS-level framework enterprise EDR tools use.
Detects AI agents
100% on-device
No keystroke capture
Local event chain
BLAKE3 verified
AI agent detected · acting autonomously
↳ terminal write to ~/.zshrc · tied to the agent
File fingerprint changed · /Applications
USB device attached · new identifier
Append-only, mirrored to Keychain — if the chain changes, the evidence shows it.
BUILT FOR THE AGENT ERA
Catches agents by how they act, even when they are renamed, unknown, embedded in another app, or driving your screen instead of the network. If something starts behaving like an autonomous agent, Aeguard flags it.
When an agent spawns a script or shell that touches your files, network, or USB, that activity is tied to the agent that set it off — not lost in the process tree.
Aeguard lines up an agent’s own telemetry against what actually happened on the machine, and flags when the two do not match.
HOW IT WORKS
Baseline
Records a known-good fingerprint of every file with BLAKE3.
Watch
Monitors files, processes, network, USB, clipboard metadata, browser history and AI-agent activity against the baseline.
Verify
Every event joins an append-only, hash-chained log mirrored to the Keychain; tampering shows.
WHAT YOU GET
File integrity monitoring
Process, network & USB
AI-agent visibility (OpenTelemetry)
Tamper-evident hash chain
Search & alerts
Encrypted, off-machine checkpoints
LOCAL BY DESIGN
HOW AEGUARD FITS ASTRAGAR
DRM identifies & values data
VRM quantifies the impact
GRC maps it to regulation
Aeguard closes the loop at the device
Aeguard is the detection module of the Astragar risk platform.
EARLY ACCESS
Download for Mac (Apple Silicon)
