Security infrastructure for AI agents

Your AI can do almost anything.
Clevername decides what it's allowed to.

AI agents are powerful, fast, and autonomous. They also take actions in your name — sending emails, submitting forms, accessing files, making purchases. Clevername is the security and governance layer that sits between your agents and the world.

Start for free View on GitHub

✓

Sandboxed executionAgents run in isolated containers. No host access.

✓

End-to-end encrypted keysAES-256-GCM. Your API keys never stored in plaintext.

✓

Human approval layerRisky actions pause until you approve from any device.

✓

Full audit trailEvery decision logged with context, forever.

✓

MCP-verified allowlistOnly approved tools, scopes, and actions.

✓

ARCP + ANCP protocolsStandard interfaces for cross-agent coordination.

Four pillars

01Minion

Secure browser automation. Without the risk.

Minion is a containerized browser agent. It navigates the web, fills forms, scrapes data, and executes workflows — inside a Docker-isolated environment with a scoped network, read-only filesystem, and zero access to your host machine.

When Minion wants to take an irreversible action — submit a form, make a purchase, post publicly — it pauses and asks. You approve or reject from your phone. The container is destroyed after every task. No residue. No persistence.

Docker-isolated per task

Network domain allowlist

Read-only filesystem

Approval gate on risky steps

LangChain + browser-use

Full session audit log

minion — container:a7f3d

▸ task received: "research competitor pricing and compile report"

→ launching isolated browser context

→ network scoped to approved domains only

→ filesystem: read-only sandbox

→ navigating: competitor-a.com/pricing

→ navigating: competitor-b.com/pricing

⚠ action requires approval: submit contact form

→ paused — awaiting human decision

✓ approved via mobile

→ compiling report to memory store

✓ task complete — container destroyed

02Shared Memory

One memory. Every client. Every device.

Your AI agents share a persistent memory store. Claude Code remembers what n8n built. Your iOS app knows what your desktop session learned. Nothing gets lost between context windows, restarts, or client switches.

Memory is scoped, searchable, and version-controlled. Agents can read, write, and query memory — and you can view, edit, or delete any entry from the dashboard.

memory store — live connections

◆Claude Code

project_architecturereading

◆Claude Desktop

user_preferencesconnected

⬡n8n workflows

automation_statewriting

⬡LangChain agents

research_cacheconnected

◉iOS app

approval_historysynced

◉Web dashboard

project_architecturereading

03Approvals + Protocols

Agents ask. Protocols connect. You decide.

When an agent wants to take a risky action — deleting files, sending emails, executing code — it calls the Clevername approval API. You get a push notification. Approve or reject in one tap. The agent waits.

For cross-agent coordination, Clevername implements ARCP (Ad-Response Control Protocol) and ANCP (Ad-Network Control Protocol) — standard interfaces that let your agents communicate, discover each other, and coordinate tasks at scale.

ARCP

Ad-Response Control

› query

› render_opened

› discover

› receipts

› register_client

› metrics

ANCP

Ad-Network Control

› search

› ranking_explain

› check_approval

› create_auction

› submit_bid

› get_stats

Integrations

Claude Coden8nLangChainTypeScript SDKREST API

04TrueInbox

Prove your emails are human-sent.

AI phishing emails increased 1,265% last year. TrueInbox lets you prove you wrote yours. Solve a one-click CAPTCHA — clevername signs a cryptographic stamp tied to that exact moment. Paste it in your email as a badge or plain-text link.

When your recipient clicks it, they see a verified page: your name, masked email, the timestamp of the challenge, and the cryptographic proof. No bot can fake it. No AI can replicate it.

Try TrueInbox →

Add your sender profileName + email. Verified once. Reused forever. 10 seconds to set up.

Solve the CAPTCHAOne click. Takes a second. Clevername signs a cryptographic stamp tied to the exact moment.

Paste the badgeHTML badge or plain-text link. Recipients click it for verified proof — name, masked email, timestamp.

Security architecture

Keyless auth

GCP Workload Identity Federation. No stored service account keys. No static credentials.

Encrypted at rest

AES-256-GCM for all provider API keys. Encrypted before storage. Decrypted only in memory.

MCP verification

Every tool call validated against an approved scope list. No capability creep.

Immutable audit log

Every approval, rejection, and agent action logged with full context. Searchable indefinitely.

Bring your own keys or use ours

Connect your own OpenAI, Anthropic, or Gemini API keys and pay at cost — or use Clevername's managed access for a flat rate. Either way, keys are encrypted end-to-end and never stored in plaintext.

BYOK

Your keys. Your cost. Full encryption at rest.

Managed

We handle keys + billing. Flat monthly rate.

Early access

Your agents are running. Is the security layer on?

Free to start. No credit card. Bring your own API keys or use managed access.