[AI Security]

The security platform
for the agent era.

AI now lives everywhere your people work and moves faster than any security team can follow. Discover, secure, and govern every AI tool, code assistant, agent, and MCP server. See everything, control anything, stay ahead of whatever ships next.

[Vision]

Your biggest threat is no longer an attacker. It's your own AI. Agents leak secrets, bypass controls, and expose sensitive data, not through malice, but through unsupervised use. Legacy security wasn't built for this. Bastion is.

[Control]

From blind spot to full control.

It starts with seeing what is really happening, then deciding exactly what is allowed. Switch on controls the moment you are ready. No rule-writing, no guesswork.

ChatGPT
modelChatGPT
DeepSeek
modelDeepSeek
Hermès
agentHermès
Claude Code
clientClaude Code
mcprogue-db-mcp

01

Shadow AI is everywhere.

Discover every tool, agent, and MCP your team uses in hours, including the ones no one approved.

02

People sign in with personal AI accounts.

Keep company data on company accounts. Personal ChatGPT and Claude logins are blocked on managed devices.

03

A new agent appears overnight.

The moment a new agent or client emerges, Hermès, OpenClaw, or whatever ships next, Bastion detects it and holds it until you approve.

04

Coding agents can reach anything.

Draw hard lines around what agents can touch. No SSH keys, no production, no tools you never sanctioned.

05

Risky models keep slipping in.

Block any model across the company in a single move, from the browser to the terminal.

06

Too many surfaces to watch.

Browser, desktop, IDE, terminal, MCP. One proxy covers them all.

[Platform]

One module. Total control.

Every prompt your company sends flows through a single intelligent layer on the device. Nothing to integrate. Nothing leaves your network.

bastion proxy — liveMDM managed

INTERCEPTED REQUEST → api.openai.com

AWS_ACCESS_KEY_ID=[redacted]

db_password=[redacted]

SSN 483-29-****blocked

Filtered request forwarded

AI Firewall

Every prompt, API call, and tool call is inspected in real time. Secrets, source code, and PII are redacted before they leave the device, in under 5ms. Invisible until someone crosses a line.

Engineering
bastion — access control

Models

Claude
OpenAI
Mistral
DeepSeek

Data Types

Secrets
Source Code
Architecture
Financials

Fine-grained access control

Decide exactly who can use which AI, with which data, on which surface. Enforced automatically by team, role, and data type.

SOC 2SOC 2
ISO 42001ISO 42001
EU AI ActEU AI Act

Managed policy engine

A catalog of pre-built policies, authored and kept current by our security team. Approve what fits, customize what you need, and get audit-ready evidence for ISO 27001, ISO 42001, the EU AI Act, and SOC 2 automatically.

[Managed]

Managed by our threat intelligence team. Always current.

The AI landscape changes every week: new agents, new clients, new attacks. Define your own rules and policies whenever you need them, while our threat intelligence team maintains a managed ruleset that keeps detecting new threats as they emerge. Your policies stay current without you lifting a finger. Approve once, stay protected as the world changes.

new detection

[Coverage]

A full layer of protection across every surface

Wherever your team meets AI, Bastion has a purpose-built layer of security for it.

Model security

Inspect every prompt to every model. Redact secrets and block models you have not approved, from OpenAI to DeepSeek.

Learn more
GPT-4oGPT-4o
ClaudeClaude
CursorCursor
CopilotCopilot
GeminiGemini
DeepSeekDeepSeek
WindsurfWindsurf
MistralMistral
Claude CodeClaude Code
Meta AIMeta AI
GPT-4oGPT-4o
ClaudeClaude
CursorCursor
CopilotCopilot
GeminiGemini
DeepSeekDeepSeek
WindsurfWindsurf
MistralMistral
Claude CodeClaude Code
Meta AIMeta AI
GeminiGemini
DeepSeekDeepSeek
WindsurfWindsurf
MistralMistral
Claude CodeClaude Code
Meta AIMeta AI
GPT-4oGPT-4o
ClaudeClaude
CursorCursor
CopilotCopilot
GeminiGemini
DeepSeekDeepSeek
WindsurfWindsurf
MistralMistral
Claude CodeClaude Code
Meta AIMeta AI
GPT-4oGPT-4o
ClaudeClaude
CursorCursor
CopilotCopilot
WindsurfWindsurf
MistralMistral
Claude CodeClaude Code
Meta AIMeta AI
GPT-4oGPT-4o
ClaudeClaude
CursorCursor
CopilotCopilot
GeminiGemini
DeepSeekDeepSeek
WindsurfWindsurf
MistralMistral
Claude CodeClaude Code
Meta AIMeta AI
GPT-4oGPT-4o
ClaudeClaude
CursorCursor
CopilotCopilot
GeminiGemini
DeepSeekDeepSeek

MCP security

Risk-score every MCP server before it connects. Detect rogue servers and block unverified connections.

Learn more
bastion proxy — mcp monitorlive

Active MCP Connections

github-mcp v2.1.0 approved

slack-mcp v1.4.2 approved

rogue-db-tool v0.3.1EXPOSED: DB_PASSWORD

file-reader v1.0.0scope: /etc/passwd

2 servers blocked by policy

Browser security

Protect the AI your team uses in the browser, where most of the company works. Stop data leaks to ChatGPT, Claude, and any web chatbot.

Learn more
ChatGPT5

My deploy keeps failing with AccessDenied on S3. Here are my creds, what's wrong?

AWS_ACCESS_KEY_ID=[REDACTED]
AWS_SECRET_ACCESS_KEY=[REDACTED]

AWS key redacted by Bastion DLP

I won't store those credentials. AccessDenied usually means the IAM policy is missing s3:PutObject for that bucket, not a bad key. Check the role's attached policy.

Makes sense. How do I scope that policy to just one bucket?

Ask anything

AI client security

Secure every coding agent and AI client: Cursor, Claude Code, Hermès, OpenClaw. Block unapproved clients and limit what agents can touch.

Learn more
bastion proxy — supply chainlive

AI Tool Risk Assessment

@anthropic/sdk v4.1.0score 96
openai v5.2.1score 94
tiktoken v2.0.3owner changed
langchain-ext v0.9.1malicious
mcp-client v0.5.2unverified
1 quarantined, 2 flagged for review

[Trust]

Works everywhere. Leaks nothing.

LLM & platform agnostic

Works with every AI model, code assistant, and platform. No vendor lock-in. Bastion adapts as your AI stack evolves.

  • >Every major LLM: OpenAI, Anthropic, Google, Meta, Mistral, DeepSeek
  • >Every code assistant: Cursor, Copilot, Windsurf, Claude Code
  • >Browser extensions, IDE plugins, API integrations, MCP servers
  • >Future-proof: automatically detects new AI tools as they emerge

Privacy by design

Detection runs locally on the device. Nothing leaves your network by default, and logging is opt-in and yours to control.

  • >Detection engine runs locally on the endpoint
  • >Nothing leaves your network by default
  • >Request and response logging is opt-in, off until you turn it on
  • >Your intellectual property stays yours

Transparent AI proxy

All AI traffic flows through Bastion's transparent proxy with negligible latency. Teams never notice it's there.

  • >Around 100ms at P99, invisible against multi-second AI responses
  • >Real-time inspection of prompts, responses, and tool calls
  • >Works across browser, IDE, CLI, and API traffic
  • >Coexists with your VPN and DNS proxy, one-click install and removal

[Deployment]

Enterprise-ready from day one.

Live in an afternoon. Dependable for years.

BastionBastion
JamfJamf
IntuneIntune
FleetDMFleetDM
NinjaOneNinjaOne
JumpCloudJumpCloud

Deploy with any MDM

Fleet-wide deployment via any MDM solution. Push Bastion to every endpoint in your org instantly. No manual installation, no vendor lock-in.

Claude CodeClaude Code
GeminiGemini
ChatGPTChatGPT
CursorCursor
WindsurfWindsurf
Custom

Manage via MCP

Configure and manage Bastion directly from your AI tools via the Model Context Protocol. Review policies, check inventory, and adjust settings without leaving Claude, Cursor, or Windsurf.

DatadogDatadog
SplunkSplunk
SentrySentry
SentinelSentinel
GrafanaGrafana
ElasticElastic

Stream to your SIEM

Built on OpenTelemetry, so your AI signals flow into Splunk, Datadog, or Sentinel when you need them.

[FAQ]

Frequently asked questions

It acts. Visibility is the first hour. From there, you switch on controls that redact, block, and shape AI use in real time, automatically.

Rarely. Instead of blocking, you can redact: a secret is replaced with 'redacted' before the prompt leaves the device, so the model still answers and your team keeps working. And every rule can start in monitor-only mode, so nothing is blocked until you decide to enforce it.

No. Bastion runs as a local proxy on the device and coexists with VPNs and DNS proxies like TwinGate. It deploys and removes in one click through your MDM, so you can test it safely alongside your current setup.

AI calls made from inside Docker can hit a certificate issue passing through the proxy. We exclude those flows with header rules so they are never blocked, and we tune the rules with you during rollout.

Our threat intelligence team authors and ships new detections and rules as tools emerge. You never have to chase the landscape yourself.

Yes. Bastion governs the browser, the IDE, the terminal, agents, and MCP servers through one proxy. Tools that watch only agents miss the browser, where most of your company works.

Approve your rules once and Bastion maintains them. Most teams spend about an hour a week, never a day.

It's configurable. Bastion's detection engine runs locally on the endpoint, so by default we don't store, log, or transmit your actual prompt content to our servers. You decide whether prompt logs are stored or not, so you can keep everything local or turn on logging when you need an audit trail. Your intellectual property stays yours.

[Get Started]

See every AI in your company. Then take command.

Discover every tool, agent, and MCP server your team uses in under an hour, then switch on the controls that matter most.