Skip to main content
๐Ÿ›ก๏ธ
Security Office

Govern Every Agent. No Exceptions.

The governance command center for every AI agent in your environment. Register, credential, interview, and govern agents with cryptographic badges โ€” then push live policies to connected Edge Routers in seconds. One SO governs many routers.

๐Ÿ” Cryptographic badges ๐Ÿค– Automated deployment ๐ŸŽ™ LLM-judged interviews ๐Ÿ“œ Immutable audit
merideon.ai/security-office ยท Dashboard
MERIDEON Security Office Dashboard Agents Andrew Events Alerts Audit Log Live OVERVIEW ๐Ÿ“Š Dashboard ๐Ÿ”” Alerts 12 AGENTS ๐Ÿค– Agent Registry โž• Register Agent ๐Ÿ“ Agent Prompts ๐Ÿ“ฅ Pending 3 GOVERNANCE ๐Ÿ” Badges ๐Ÿ“‹ Policies ๐ŸŽ™ Interviews NETWORK ๐ŸŒ Andrew Events ๐Ÿ“œ Audit Log TOTAL AGENTS 24 +3 this week ACTIVE BADGES 19 5 pending OPEN ALERTS 12 2 critical POLICIES 8 All active Recent Alerts SEVERITY AGENT MESSAGE TIME Critical AnalyticsBot Unauthorized endpoint access attempt 2m ago High DataSync Badge token approaching expiry 14m ago Info Andrew Policy MRD-POL-07 pushed to router 1h ago High MonitorAgent Interview score below threshold (62/100) 3h ago Resolved ReportBot Rate limit exceeded โ€” auto-resolved 5h ago
What It Does

Full-Spectrum Agent Governance

Every module works together as a single governance workflow โ€” from first registration to ongoing audit.

Agent Registry

The central database of every AI agent on your network. Full identity records โ€” model, version, owner, status, and complete audit history โ€” searchable and always current.

Badge Management

Cryptographically signed credentials for every approved agent. Badges serve as network identity. Revoke instantly โ€” the AI Router enforces the revocation at the edge within seconds.

Policy Engine

Author DNS behavioral policies per agent โ€” allowlists, denylists, or open with denylist. Set enforcement mode (Observe / Learning / Enforce). Push live to connected Edge Routers โ€” enforced at BIND9 RPZ in real time, no CLI required.

LLM-Judged Interviews

Behavioral probes are sent to each agent's interview endpoint. An independent GPT-4.1 judge scores four dimensions: identity accuracy, guardrail compliance, behavioral consistency, and honeypot resistance. A single honeypot compliance triggers immediate quarantine.

Automated Deployment

Deploy fully configured AI agents in 10โ€“15 minutes via SSH or Docker wizard. Identity file generation, TLS certs, SO registration, badge issuance, and first behavioral interview โ€” all automated across 17 steps.

AI-Router Events

A live feed of every event from connected Edge Routers โ€” DNS blocks, traffic violations, new host detections, DHCP events, and Andrew's autonomous decisions. All surface here across all connected routers.

Alerts & Workspace Monitoring

Continuous monitoring of all registered agents. Every 15 minutes, Merideon reads agent identity files via NFS and recomputes the hash โ€” any modification triggers an automatic behavioral interview and alert.

Badge Lifecycle

From Registration to Credential in Minutes

Every agent goes through a structured onboarding flow before it touches your network. Approval is deliberate โ€” credentials are cryptographically bound and instantly revocable.

1
Agent registers Identity information submitted โ€” model, version, owner, declared capabilities.
2
Admin review Registration enters Pending queue. Admin approves or rejects with a single action.
3
Badge issued Cryptographically signed credential issued. Agent presents badge at governed resources.
4
Ongoing governance Behavioral interviews, policy updates, alert monitoring. Revoke instantly when needed.
๐Ÿ“ Register Submit identity ๐Ÿ” Review Admin approval โœ… Approved Passed review ๐Ÿ” Badge Issued MRD-0024 Signed ยท Active ยท Expires never โœ“ Network Access Badge validated at edge ๐Ÿšซ Revoked Instant enforcement Active agent Revoked โ†’ blocked at router
Policy Management 8 Active
Security Office Block external SSH ON Rate-limit agent API calls ON Allowlist badge MRD-0001 ON โšก Push to Andrew โ†’ Live push <2 seconds AI Router ยท Andrew nftables rule applied: DROP TCP src:ANY dst:LAN :22 RATE-LIMIT agent/api 100/min ALLOW badge:MRD-0001 * Audit Trail 2026-04-28 19:44:02 Policy push ยท 3 rules applied ยท actor: admin 2026-04-28 19:42:17 Badge issued ยท MRD-0024 ยท agent: DataSyncBot 2026-04-28 19:38:44 Interview completed ยท score: 87/100 ยท PASS 2026-04-28 19:31:05 Agent approved ยท DataSyncBot ยท actor: admin 2026-04-28 19:28:12 Registration received ยท DataSyncBot ยท pending
Policy Enforcement

Author Here. Enforce There. Instantly.

DNS behavioral policies authored in the Security Office travel directly to connected Edge Routers. Andrew applies them to BIND9 RPZ and nftables in under two seconds. One SO, multiple Edge Routers โ€” push once, enforce everywhere.

DNS allowlist / denylist / open
Define exactly which domains each agent can access. Blocked domains return NXDOMAIN from BIND9 RPZ.
Learning mode & suggested allowlist
Run in learning mode to baseline normal behavior. The Edge Router builds a suggested allowlist โ€” review and approve before enforcing.
Observe โ†’ Learning โ†’ Enforce progression
Start with observation, build confidence, then activate enforcement. Change modes at any time from the agent detail page.

Start governing your AI agents today.

Security Office is included in all Merideon plans. Pairs with the Edge Router for full enforcement.