Design partner program is open
Hootleash
Contact

The leash · Pillar 01

Define where your autonomous agents are allowed to go.

Boundary Governance is the layer that converts policy memos into runtime physics. Default-allow or default-deny zones - modeled in code, enforced at the agent, audited by design - using NIST-aligned frameworks to map and measure risk before it happens.

Apply for design partnership See the full platform

Why default-deny

The leash starts where the agent's imagination ends.

Most autonomy incidents don't come from a bad model. They come from a competent model in an unsupervised neighbourhood. Hootleash gives every agent a permission boundary as tight as your most senior engineer's IAM role - then lets you widen it deliberately.

  • Permissions issued by capability, not by API key
  • Scoped to identity, time, geography, data class, and dollar exposure
  • Default expiry: 24 hours. Renewal requires evidence of need.
  • Every escalation request is itself an audit-grade event
policies/treasury-fx-rebalance.hl.yamlv 4.2.1 · simulated
leash:
  agent: treasury.fx_rebalance
  zone: default-deny
  allow:
    - currencies: [USD, EUR, GBP, JPY, AUD]
    - counterparties: $tier1
    - hours: 06:00–22:00 ET
  consequence:
    var_24h_99_5: $1.4M
    stop_loss: $250k
  on_breach:
    - throttle: 75%
    - reroute: peer.tier1
    - degrade: read_only
    - halt: human_review(@ricot)
  evidence:
    framework: [EU_AI_Act.Art_15, NIST_AI_RMF.Manage_2.3]

Capabilities

A boundary you can ship like software.

Hootleash treats the leash as a first-class engineering artifact: versioned, testable, observable, and reversible.

Default-deny by design

Every agent starts with zero authority. Permissions are granted explicitly, narrowly, and with an expiration.

Geo, currency, counterparty fences

Block cross-border data egress, sanctioned counterparties, restricted currencies, or unapproved tools at runtime.

Composable boundary graph

Stack policies by org unit, business function, agent class, and individual identity. Inheritance you can read at a glance.

Branch, diff, simulate, ship

Treat the leash like software. Open a PR. Run a 30-day historical replay. Merge when the blast radius is acceptable.

Just-in-time autonomy

Elevate an agent's authority for a precise window (e.g. quarter-close), then drop it. All elevations logged and signed.

Versioned, time-travel safe

Every policy change is sealed in WORM storage. Reproduce the exact leash that was active at 14:32 last Thursday.

Human-readable rationale

Every rule attaches an English-language rationale, owner, framework reference, and review cadence.

Native to every agent SDK

LangChain, AutoGen, OpenAI tools, Anthropic tools, Bedrock action groups - the leash travels with the agent.

NIST AI RMF alignment

Map and Measure activities, pre-modeled.

The Boundary Governance pillar implements every Map and Measure category from NIST AI 100-1 so your team starts from a working baseline, not a blank document.

NIST AI RMF

Govern

GOV 1–6

Roles, accountability, AI policy, supplier oversight

NIST AI RMF

Map

MAP 1–5

Context, AI capability, lifecycle stage, impact, third-parties

NIST AI RMF

Measure

MEAS 1–4

Metrics, evaluation, monitoring, feedback

NIST AI RMF

Manage

MAN 1–4

Risk treatment, prioritisation, response, communication

Ready when you are

Put your most autonomous workflow on the leash.

We'll instrument one agent in your environment, stand up a default-deny zone, and walk your team through how to widen it safely.

Apply for design partnership Talk to us

Pre-launch · design partner program open · early access 2026