Reeve logoReeve

Audit your AI agents, starting at the endpoint.

Reeve scans every machine for the AI agents in use, then shows their software supply chain, the permissions they have, and the information they hold. You get evidence in formats your existing tools already read, ready to drop into your pipeline. Open source, runs locally. Nothing leaves the endpoint.

Get Reeve Enterprise
864 endpoints · scan
0 agents 0 packages in supply chains 0 “always allow” privileges 0 secrets in chat logs
Engineering
Marketing
Finance
HR
Sales
Legal
  • 09:37:52installAn endpoint in sales just installed Claude with a Gong MCP server · 31 npm packages, call recordings
  • 09:37:41always allowhr granted Claude a standing “always allow” on Greenhouse queries · PII exports no longer prompt
  • 09:37:30secreta deploy token surfaced in chat logs on eng-mbp-035 · sitting in agent chat history
  • 09:37:19installAn endpoint in marketing just installed Claude with a Slack MCP server · 47 npm packages, customer threads readable
Every AI agent is its own attack surface: its software supply chain, the permissions it has, the information it holds.

AI agents are everywhere. They must be audited.

The productivity is real. Every department is adopting AI agents at a rapid pace.

What each team’s agents do

Engineering

writes code code review runs tests

Sales

outreach email call prep CRM updates

Marketing

drafts content ad copy campaigns

Finance

invoices forecasting reporting

HR

recruiting onboarding policy Q&A

Legal

contracts research drafting

What every agent stands on

01

AI supply chain

Every agent installs its own software stack. Nobody reviewed it.

MCP servers · connectors · packages
02

Standing privileges

One “always allow” click becomes permanent access.

Shell · database · file writes · CRM
03

Secrets in chat logs

Keys and passwords pasted into chats stay in the history.

API keys · tokens · SSH keys

Reeve scans all three.

Every team is adopting. Almost none of it is governed.

How it works.

One open-source command. A signed report in minutes.

Step 01

Scan

  • AI agents: Claude Desktop, Cursor, Codex, and more
  • MCP servers, connectors, and the packages behind them
  • Standing "always allow" privileges
  • Secrets in chat logs (opt-in)
  • macOS, Windows, and Linux
Step 02

Sign

  • Signed with Sigstore
  • Open formats: CycloneDX + AIBOM
  • Any change breaks the signature. Anyone can verify.
Step 03

Review

  • Flags risky grants, tools, and secrets
  • Policy-as-code: 14 built-in Rego checks, custom coming
Open source. Signed. Drops into the stack you already run.

The same answer, without handing your inventory to a vendor.

Most AI-discovery tools are closed platforms that upload your AI inventory to their cloud. Reeve is the opposite: open, local, and yours.

Reeve

  • Open source. Audit the scanner yourself.
  • Runs on your machine. Your inventory never leaves.
  • Free to start. No sales call, no demo gate.
  • Yours to extend and self-host.

Typical AI-discovery SaaS

  • Closed platform you can't inspect.
  • Uploads your AI inventory to their cloud.
  • Demo-gated, per-seat pricing.
  • Locked to their console.
See everything. Send nothing.

The auditor is coming for the AI layer.

Auditors, regulators, and insurers are all asking the same question about your AI agents.

SOC 2 · ISO 27001

Auditors

  • Already ask for a full inventory of your AI agents
  • What each one connects to, and what it can do
  • No AI checkbox yet, so they map agents to your existing access controls
ISO 42001 · EU AI Act

Regulators

  • ISO 42001 certifies your AI governance today
  • EU AI Act obligations are phasing in now, through 2027
  • Logged actions and human oversight for high-risk agents
NIST AI RMF

Insurers

  • Score your AI governance at renewal
  • A documented inventory earns better terms
  • No proof can mean no cover for agent incidents
Have the list before they ask.

Start free. Scale to the fleet.

The scanner is free and runs on your machine. Reeve Fleet, in early access, adds the company-wide layer.

Available today

Layer 01 · Reeve Scanner

Open source · Apache 2.0 · free

The signed endpoint scanner.

  • The full scan above: inventory, signed evidence, policy checks
  • Runs locally. No phone-home.
  • macOS · Windows · Linux
Get Reeve
Early access · coming

Layer 02 · Reeve Fleet

Self-hosted first · for enterprise

Fleet-wide view.

  • Roll up every endpoint's signed scan into one view
  • Every AI agent across the company, at a glance
  • See what changed since the last scan
  • Export audit evidence: SOC 2 · ISO 42001 · NIST
  • Self-hosted. Your inventory never leaves your network.
Register interest

Reeve Labs.

Live intelligence on the public MCP servers your agents run, so the package that was safe last week doesn't surprise you this week.

Early research · coming
  • Typosquats and impersonator servers, flagged before install
  • Maintainer or ownership changes on a server you already trust
  • Tool descriptions or permissions that change after you approved them
  • Known CVEs in an MCP server or its dependencies
  • Old servers nobody uses anymore, still connected to your accounts
Register interest
Start with the scanner. Grow into the platform.