Takeover logo
Takeover
Book demo
SECURITY & TRUST

Built for the security team. Not against it.

An agent that takes action needs a trust layer that matches. Every decision is bounded, every action is logged, and destructive moves require an extra layer of human or voice confirmation.

SOC 2 TYPE II
AUDIT IN PROGRESS · Q2 '27
HIPAA-READY
ARCHITECTURE COMPLIANT
GDPR
EU DATA RESIDENCY · OPTIONAL
ENCRYPTION
AES-256 AT REST · TLS 1.3
PEN TESTED
ANNUAL · LATEST MAR '26
ISO 27001
ROADMAP · Q4 '27
§ 01
THE FEARS YOU ACTUALLY HAVE

Three questions every security review asks. Three direct answers.

We don't hand-wave with marketing language. Each fear is answered with the layered defense, the human checkpoint, and the receipt that proves it works in production.

FEAR 01 · ROGUE ACTION

What if AXON deletes the wrong file?

It can't, without three things going right.

0 unrecoverable actions across 12,847 executions
LAYERED DEFENSE
  • 01
    Critic agent reviews
    Every destructive call is scored before it executes.
  • 02
    Human or voice confirm
    Delete, send, charge, broadcast — never silent.
  • 03
    Reversible by default
    Soft-delete window. One click to restore.
FEAR 02 · IMPERSONATION

What if someone deepfakes my voice?

AXON refuses to act on a voice it doesn't recognize.

Voice-print stays on-device · zero cloud training
LAYERED DEFENSE
  • 01
    Local voice-print match
    Enrolled once. Never transmitted off the device.
  • 02
    Liveness signal check
    Detects synthesized speech. Drops the request.
  • 03
    Re-auth on sensitivity
    High-stakes actions trigger second-factor prompt.
FEAR 03 · PROMPT INJECTION

What if a hostile email tells AXON to leak data?

Content is data. Only the operator gives instructions.

Adversarial test suite · 0 successful escapes · last run 4d ago
LAYERED DEFENSE
  • 01
    Instruction isolation
    Inputs and commands run in separate trust contexts.
  • 02
    Drift monitor
    Reasoning is scored against goal. Halts on divergence.
  • 03
    Egress allow-list
    AXON can only reach pre-approved destinations.
§ 02
THE KILL SWITCH

One click halts everything.

Global pause stops every in-flight agent in 240ms. Scoped pauses isolate one lane while the rest keep working. Every pause carries a reason and a name.

Owners get the master switch. Operators get scoped controls. Both leave receipts. The fastest way to regain certainty when something feels off — and the cheapest insurance you'll buy this quarter.

AXON · ADMIN CONTROL
ali · owner · all rights
GLOBAL · STOP EVERYTHING
Halt all agents.
One click freezes every in-flight action across all six agents. Stages stay queued. Nothing destructive runs. Reversible.
shortcut: ⌘⇧Kmedian halt: 240 msnever used in prod
SCOPED · PAUSE ONE LANE
6 agents · 1 paused
  • FINANCE12 tasks
  • HIRING4 tasks
  • SALES0 tasks · paused by sem · 2h ago
  • CODE8 tasks
  • OPS3 tasks
  • COMMS2 tasks
last pause: sem · sales agent · “deal review window” · 2h ago
§ 03
DEPLOYMENT

Cloud or air-gapped. Your call.

Standard deployment runs against your cloud model provider. Enterprise deployment supports fully air-gapped operation with a self-hosted model (Llama, Mistral) and internal-only MCP servers. Zero outbound traffic.

  • Self-hosted reasoning endpoint
  • Internal-only MCP server registry
  • On-prem audit log + SIEM forwarding
  • MDM-deployable across Mac, Windows, Linux
  • Annual contract, dedicated CSM
DEPLOYMENT TOPOLOGY
YOUR LAPTOP
Native — Mac · Windows · Linux
Takeover
Native shell (Tauri + Rust)
AXON Engine
Planner · Executor · Memory · Audit
MCP PROTOCOL
Open standard — tool integration
Model Context Protocol
The interoperability layer between AXON and every system your team uses
YOUR STACK
Whatever your team already uses
GitHub
Slack
Notion
Stripe
Postgres
+ 500 more via MCP servers, or wrap your own internal API
REASONING MODEL
Yours — cloud or air-gapped
Cloud
Claude · GPT · Gemini
Self-hosted
Llama · Mistral · your fine-tune
§ 04
THE AUDIT LOG

Every action AXON took — in one searchable ledger.

Tamper-evident. SIEM-exportable. Filter by destructive, voice-confirmed, reversed, or rejected by the Critic. Compliance gets answers in seconds, not weeks.

Takeover logo
Takeover·Audit Log · Trust
WORKSPACE
TRUST
EVERY ACTION · EVERY OUTCOME

4,217 events in the last 24 hours

Search actions…
TIMEACTIONTARGETSOURCERESULT
9:14:12POSTmemo to Notionfinance / close / April 2026AXON · ensembleok
9:14:11QUERYNotion APIparent: finance/closeAXONok
9:14:09READStripe balanceacct_1Mz...x4AXON · plannerok
9:14:07READPlaid transactionsitem_4kx2...09fAXON · plannerok
9:13:51SCHEDULErecurring syncweekly · finance.reconAli · voiceconfirmed
9:08:24SENDoffer lettermira.k@gmail.comAli · voicedestructive
9:08:22CREATESalesforce userMira K. · WestAXONok
8:51:03MARK_PAIDinvoice #2026-104Knoz Al-NajahAXON · webhookreversed
8:00:00GENERATEmorning briefingAli · CodeWithAliAXON · routineok
7:42:18DENIEDdelete employee
critic blocked: destructive · requires voice auth
AXONrejected
Showing 10 of 4,217 in the last 24h
Tamper-evident ledger · SOC 2 ready · 4,217 events todayExport · CSV · SIEM forwarding
YOU
AXON, show me every destructive action you took this week.
AXON · ReadyFiltering 4,217 events · destructive only · last 7 days

Want our security one-pager?

SOC 2 status, pen test summary, encryption posture, sub-processor list.

Request the document