Cullis provides a governance layer designed for autonomous AI agents operating in regulated industries, with a focus on compliance, identity, and auditability. It addresses the need for robust oversight by enforcing policy and identity controls before large language model (LLM) or Model Context Protocol (MCP) tool calls are executed. The platform is self-hosted and LLM-agnostic, allowing organizations to maintain control over agent governance regardless of the underlying AI or agent stack.
Key features of Cullis include per-agent cryptographic identity using x509 certificates and SPIFFE IDs, policy enforcement prior to LLM or MCP tool execution, and a tamper-evident, hash-chained audit trail that can be externally verified by auditors or regulators. The system supports standards such as RFC 9449 (DPoP), RFC 8705 (mTLS client certificate binding), and optional RFC 3161 timestamp authority anchoring. Policy enforcement is compatible with OPA bundles or a built-in domain-specific language, and per-principal scopes allow granular control over agent actions. The audit chain records every event, including authentication, enrollment, messages, tool calls, and LLM tokens, supporting regulatory requirements such as those outlined in the EU AI Act and DORA.
Cullis is delivered as a self-hosted container, with deployment modes that fit various organizational needs: it can act as the primary AI gateway, sit in front of an existing AI gateway, or function as a sidecar for control plane-only operations. This flexibility allows integration with agent stacks such as Claude Agent SDK, OpenAI Agents SDK, LangGraph, CrewAI, and Ollama, without altering core governance primitives. The system is designed to operate underneath any agent stack, ensuring that identity, policy, and audit mechanisms remain consistent even when switching model providers.
0. Cullis is built for organizations in regulated sectors, particularly those needing to demonstrate compliance, maintain transparent audit trails, and enforce strict policy and identity controls for autonomous AI agents.
cullis-connector is an Infrastructure & Backend product. It focuses on enabling secure, federated agent-trust networking and identity bridging for local MCP clients. It is built as an open-source project for developers building agent-based systems. cullis-connector is open source under the FSL-1.1-Apache-2.0 license. The product ships for the web, the command line, and API, and it can be self-hosted.
Behind cullis-connector is Cullis Security, and the product first shipped in 2026. Development happens publicly on GitHub with 1.1k commits in the last 90 days. Key capabilities include MCP server, agent federation, and identity bridging. It exposes integrations via an MCP server and a public API.
Latest indexed changes and source events
Other apps tracked under the same category.