c14 · qcontrol-brochure-v5 · index
Runtime control
for AI agents
Your agents read credentials, call APIs, and execute commands — all invisible to your security stack. QControl gives you visibility and enforcement at the moment of decision.
9 sec
An AI coding agent deleted a production database, all backups, and 3 months of customer data in a single API call
PocketOS incident — April 25, 2026
82%
of developers now use AI coding assistants — most with full access to credentials, production configs, and shell execution
GitHub / Stack Overflow Developer Survey 2025
$4.88M
average cost of a data breach — and AI agent incidents bypass every traditional control that's supposed to prevent them
IBM Cost of a Data Breach Report 2024
The Problem
AI agents are the fastest-growing unmanaged surface in your environment.
They inherit every credential on the endpoint
API keys, database tokens, cloud credentials — agents read them all without distinction
They call tools, spawn processes, and make network requests
No approval gate between intent and execution
Your existing security tools see none of this
EDR sees a process. The network sees a TLS connection. Neither knows an agent is driving.
Safety rules in agent configs are not enforceable controls
The PocketOS agent violated every safety rule it was given — then confessed in writing
Platform
See What Agents Do. Control What They Shouldn't.
Discover
Know what's running. Find every AI agent on every endpoint — including the ones embedded in IDEs, browsers, and SaaS tools that never went through IT.
How We Find Them
Process and file signature matching
Embedded runtime detection (agents inside other apps)
Network/kernel-layer signals from partner integrations
What We Track
Agent identity, user, session, endpoint
Model provider, API keys, MCP servers
Every tool call, file read, and outbound connection
Observe
See what agents actually do at runtime — file access, network calls, shell commands, MCP interactions — from inside the process, before encryption.
Three Tiers of Depth
T1: Syscalls, filesystem events, network sockets — any agent, day one
T2: Request/response correlation, OpenTelemetry ingestion
T3: Native agent hooks (Claude Code, Codex) — deepest visibility
Behavioral Risk Signals
Credential access frequency and scope
Outbound destination diversity
Destructive operation patterns
Enforce
Act at the moment of decision. Plugins observe, block, or modify agent actions — then feed context to your existing security stack for smarter enforcement.
Built-In Plugins
Default-deny destination allowlisting
Credential redaction before agent sees content
Trust-score headers on every outbound request
Works With Your Stack
EDR, SIEM, IdP, network firewalls
MCP gateways, LLM gateways
QControl adds context — your perimeter makes the call
What the industry is saying
Real reactions to real incidents
"You should be treating your AI agent like a junior employee. Why would you ever give it access to your production infrastructure?"
"This is why AI agents need a proper governance layer at runtime, not just read-only access. Policy driven access control, time bound grants, approval workflows."
"Rules aren't enough, mechanical gates are the only reliable safety mechanism. Agents ignore rules in the moment. It's on us to gate them."
"If anything, the AI agent is just the trigger; the real issue is system design that allowed a single action to wipe everything."
"This isn't just a bad AI incident — it's a textbook enterprise failure across AI, security, and infrastructure design."
"You can't protect what you can't see. With agents gaining capabilities, visibility is paramount."
One Binary. Minutes to Deploy.
Direct customers get a CLI. Partners get an embeddable engine. Same observation, same plugins.
qcontrol
Single CLI binary. Discovers agents, taps I/O, loads plugins, streams events. Drop it on the endpoint and go.
libqcontrol.h
C library for partners. Same engine, stable ABI. Embeds directly into existing security products.
Your Agents Are Running Right Now
Find out what they're doing — before something goes wrong.