What is Interven?
Inline policy + risk firewall for AI agent tool calls.
Interven sits between your AI agents and the upstream APIs they call (Slack, GitHub, Salesforce, Jira, Stripe, AWS, internal services, anything HTTP). Every governed call is normalized, classified for secrets and PII, run through policy and risk signals, and gets one of four outcomes:
| Decision | Meaning |
|---|---|
| ALLOW | Forward to the real API. |
| DENY | Block with a structured error; raise an incident if needed. |
| REQUIRE_APPROVAL | Pause, surface to a human analyst in the Console, then continue in the same conversation turn once approved. |
| SANITIZE | Redact sensitive fields, then forward (or return the redacted body). |
Why teams use Interven
- Drop-in for any framework. LangChain, LangGraph, CrewAI, OpenAI Assistants,
MCP-based agents (Claude Desktop, Cursor, Cline), Claude Code, Browser Use,
GitHub Copilot Coding Agent, OpenClaw, or the raw
/v1/scanHTTP API. Five lines of code per integration โ and zero code for SaaS agents you don't control. - Protect agents you can't modify. Salesforce Agentforce, HubSpot Breeze, Zendesk AI, Intercom Fin, and other vendor-hosted agents are governed via destination-side proxy (Inbound Routes) โ point the agent at Interven, Interven scans then forwards with stored credentials.
- Human-in-the-loop on writes. When the agent wants to do something sensitive, it pauses; an analyst clicks Approve in Slack / Discord / Teams / Telegram or the Console; the agent finishes โ same turn, no retry needed.
- Built-in detection. 20+ secret patterns, PII (email/SSN/card), and PHI (MRN/NPI/DEA/ICD-10/CPT/MBI/DOB) classifiers fire before the payload leaves your network. Six free threat-intel feeds catch known-bad URLs and IPs.
- Per-agent trust scoring. Trust degrades after policy violations and recovers on clean behavior โ agents under scrutiny get tighter rules automatically.
- Ephemeral credentials. Mint single-use, scope-restricted
iv_eph_*keys with a TTL for one-shot agent actions or short-lived demos. - Policy you can actually write. Match by tool, operation, data class, body content, or external principal. Edit in a wizard, raw JSON, or as YAML in git.
Get started
Quickstart โ first scan in 5 lines
Pick your framework
Protect a SaaS agent (no code)
Gateway CLI (zero code)
Concepts
API reference
Pricing & access
Self-serve sign-up is open at app.intervensecurity.com/signup. Free tier includes 1,000 scans/month โ no credit card. Paid tiers start at $19/mo. See pricing for the full plan comparison or email sales@intervensecurity.com for enterprise / self-hosted / BAA needs.