TachyonicTachyonic
Security runtimes

Security runtimes for AI agents and MCP systems

Start a bounded runtime against your agent, MCP server, or tool-using workflow. Get reproducible findings, signed evidence, and an audit-ready report.

Start a runtimeRead the docs
curl -fsSL https://tachyonic.sh/install | bash
tachyonic login
tachyonic runtime start --target https://your-agent.example.com
tachyonic runtime watch <runtime_id>

Why now

AI risk moved from prompts to actions.

Modern agents read untrusted context, choose tools, call APIs, use delegated credentials, and act across systems. Existing AppSec tools were built for code, packages, and web endpoints. They do not fully exercise the trust boundaries created when an agent turns instructions into actions.

Tachyonic was built for that surface: agents, MCP servers, tool calls, runtime policy, and evidence that survives review.

What you get

From target to signed evidence.

Bounded runtime execution

Every runtime starts with explicit target, region, policy, and budget. Duration, tokens, and spend are capped before the run starts. Network egress is deny-default. Credentialed, destructive, and exploit-class actions can pause for approval before they execute.

Attack coverage for agentic systems

Tachyonic tests prompt injection, tool abuse, MCP trust-boundary failures, permission escalation, sensitive data disclosure, multi-turn manipulation, and implementation flaws in agent infrastructure.

The shipped scanner covers 210 attack patterns across the 168-pattern public taxonomy and built-in offensive modules. The full assessment library expands to 237 patterns where optional enterprise coverage is enabled.

Signed evidence, not just a PDF

Each runtime emits an artifact bundle: findings, payloads, request and response captures, lifecycle events, logs, runtime policy, and report output. Evidence is designed to be portable across security review, remediation, customer assurance, and audit readiness.

CLI, API, and dashboard workflows

Run from the terminal, wire into CI, or manage runtimes from the Tachyonic platform. The same runtime surface supports local testing, hosted runtimes, approval review, artifacts, and reports.

How it works

Three commands from target to evidence.

1. Start.

tachyonic runtime start --target https://your-agent.example.com --region aws-us-east-1

Starts a bounded security runtime in the selected region. Policy, budget, and target are explicit. Returns a runtime ID.

2. Watch.

tachyonic runtime watch <runtime_id>

Follows the runtime until it reaches a terminal state. Shows status transitions and exits cleanly for CI or scripted workflows.

3. Collect.

tachyonic runtime artifacts <runtime_id>

Lists the evidence bundle: findings, report output, request and response captures, logs, and artifact URLs.

Runtime controls

The runtime holds the boundary.

Region-pinned execution

Runtimes execute in selected US or EU regions.

Default-deny egress

Network access follows the runtime allowlist.

Approval gates

Credentialed, destructive, and exploit-class actions can pause before execution.

Budget enforcement

Runtime duration, tokens, and spend are bounded.

Artifact-backed logs

Runtime logs are captured as evidence artifacts.

Signed evidence

Runtime output is packaged and signed for review and audit trails.

For the systems you ship

What Tachyonic tests.

AI coding agents

Before they touch repositories, secrets, or build systems.

MCP servers

Before tools, schemas, and transport boundaries reach production.

Browser and support agents

Before untrusted pages, tickets, emails, or documents become instructions.

Voice agents

Before calls, transcripts, and delegated actions reach production systems.

RAG and tool-enabled applications

Before retrieval, function calls, and actions cross trust boundaries.

Internal agentic workflows

Anything that turns natural language into infrastructure action.

Research proof

Backed by published research.

Tachyonic research has produced 8 assessments, 44+ confirmed vulnerabilities across 6 targets, a source-code-level MCP SDK audit, multiple GitHub security advisories, and public case studies.

Read the researchView the attack taxonomy

Standards

Mapped to frameworks your team already uses.

OWASP LLM Top 10OWASP Agentic and ASI guidanceMITRE ATLAS

Evidence packages are designed to support SOC 2, ISO 42001, EU AI Act readiness, customer assurance, and internal security review. The product does not replace compliance work. It gives teams reproducible security evidence.

Pricing

Start free. Pay by runtime.

Every runtime is priced by scope. Subscribe for a monthly allowance and team features, buy runtimes up front, or pay as you go.

Baseline
$5
Core patterns
Standard
$20
210 patterns
Advanced
$60
Multi-turn + consensus
Comprehensive
$100
Full library + multimodal

Priced by scan scope. EU regions +15%. Start free, then pay as you go or subscribe.

Free

$0
  • Monthly runtime allowance
  • Local scanner and CLI reports
  • Public attack taxonomy coverage
  • Default region

Pro

$99/mo
  • Monthly runtime allowance, then pay as you go
  • US and EU regions
  • Private reports and artifacts
  • 30-day evidence retention

Team

$299/mo
  • Larger allowance, discounted overage
  • Shared findings, reports, and approvals
  • 90-day retention, 5 seats

Enterprise

Custom
  • Committed volume and pricing
  • SSO, RBAC, and audit controls
  • 365-day evidence retention
  • Assessment cycles and remediation review

See full pricing

Start your first runtime.

From install to signed evidence in three commands.

curl -fsSL https://tachyonic.sh/install | bash
tachyonic runtime start --target https://your-agent.example.com --region aws-us-east-1
Get startedRead the docsBook a 15-min call