Agent Visibility Beyond the Endpoint
Why enterprises need an open system of record for AI agent activity across endpoints, CI, sandboxes, and hosted runtimes
Where we started
Agent harness sprawl is breaking the old visibility model.
Agents now execute across IDEs, terminals, CI pipelines, sandboxes, and hosted runtimes, leaving security teams with fragmented records of what happened.
At the same time, many agent security products lock activity data into proprietary schemas and vendor-controlled platforms.
At Asymptote Labs, we believe every enterprise should own its system of record for AI agent activity. And so we chose a different path: open-source infrastructure that gives enterprises a normalized, portable record of AI agent activity.
That became Agent Beacon: an open-source telemetry layer for security and IT teams that need visibility into what AI agents are doing across their environment.
Where we are today
Today, Beacon supports:
Telemetry capture from 12+ coding and knowledge worker agent harnesses including Claude Code, Cursor, Codex, OpenClaw, and more.
Log forwarding to 8+ enterprise SIEM systems like Datadog, Splunk, CrowdStrike Falcon, and others.
1-click MDM deployments via integrations with platforms including Jamf and Fleet.
The response from the security community has been incredible.
In just ~2.5 weeks since launching our OSS, Agent Beacon crossed >100 GitHub stars, saw 890 unique GitHub cloners and reached 5,616 clone events
But the response has gone beyond GitHub metrics.
Enterprise adoption: Regulated enterprises are already exploring Agent Beacon as infrastructure they can adopt, operate, and route into their existing security workflows.
Security community feedback: Dozens of security leaders have reached out personally over LinkedIn and email with feature and integration requests as they adopt the OSS.
Community validation: Our OSS even drew the attention of the team at Elastic, and we were invited to give a live demo of Beacon at Elastic HQ to the local San Francisco security engineering community!
The community made one thing clear: teams want agent visibility they can inspect, own, and route into the security systems they already use.
Where we’re going
Agent Beacon is expanding beyond local agent harnesses into the environments where agents increasingly run: CI pipelines, cloud sandboxes, ephemeral build containers, and hosted runtimes.
As agents become part of the enterprise execution path, visibility needs to follow them wherever they act. Agent Beacon captures and preserves activity across those surfaces:
From endpoints to execution environments: Track activity across IDEs, terminals, CI jobs, sandboxes, and hosted runtimes.
Built for ephemeral agents: Preserve telemetry even after the runtime disappears.
One record across surfaces: Normalize prompts, tool use, file edits, commands, and agent actions into a consistent activity record.
Our view is simple: the visibility layer for AI agents should be open.
Enterprises need to inspect how activity is captured, decide where telemetry goes, and retain ownership of the record. Agent Beacon provides that open-source foundation.
If you’re a security engineer, detection engineer, or security leader responsible for understanding AI agent activity, we’d love your perspective.
Try the repo, tell us what agent activity your team needs to see, help us shape the open standard for agent telemetry.
Agent visibility should be a shared foundation, not a closed silo.
This is the infrastructure layer AI agents have been missing. Buckle up 🚀
the harder problem is the offline case. Gemma 4 runs on 16GB with no API, no endpoint, no log. your system of record doesn't get a connection request. reviewable-by-design is the only answer.