microtica agents
Start free
Security & trust

You're giving an agent access to production. Here's how that stays safe.

The agent is built around one rule: it can look, but it can't touch. Everything it does is scoped by you, visible to you, and reversible by you.

Read-only by default

The agent gathers evidence — metrics, logs, events, configuration. It never mutates state on its own. Investigation and action are separate by design.

Approve-before-act

When a fix requires a change — a rollback, a config bump — it's proposed in the case and waits. Nothing runs until a human clicks approve.

Scoped access, your keys

You decide which accounts, clusters, and namespaces it can see. Access is granted through credentials you create — and revoke — on your side.

Transparent activity

Every check the agent runs is recorded in the case as it happens. You can watch it work in real time and audit every step afterwards.

How access works

You hold the keys.

AWS Connect with a read-only IAM role you create in your account. You control the policy; CloudTrail logs every call the agent makes.
Kubernetes Connect a scoped service account — limit it to the clusters and namespaces you choose.
Approvals Proposed fixes execute only with your approval, using a separate, explicitly-granted permission — never the read-only role.
Revocation Delete the role or service account on your side and access ends immediately. No agent processes left behind.
Self-hosting Want full control? You can host the app in your own cloud account, so nothing — evidence, credentials, cases — ever leaves your environment.

Questions about your setup?

Talk to us Start free