Clay Seal is a control plane designed for AI agents, focusing on runtime security and action-level oversight. Unlike traditional systems that grant broad, session-long permissions to agents, Clay Seal evaluates and approves each agent action as it occurs, preventing unauthorized or unsafe operations in real time. This approach addresses the risk that AI agents, once granted access, might be manipulated into misusing their permissions during a session.
The platform consists of three modular components—capabilities, identity, and receipts—each of which can be adopted independently. The capabilities module issues single-use tokens for specific actions, blocking any attempt to reuse, alter, or present invalid tokens. The identity module requires agents to prove their runtime environment before receiving credentials, with these credentials being short-lived and tied to the agent’s unique key, rendering stolen tokens ineffective. The receipts module creates signed, tamper-evident records of every permitted and blocked action, including the policy under which the action was executed. These records are cryptographically linked, making post-hoc alterations detectable and enabling external verification by auditors or customers.
Clay Seal is built on open standards such as SPIFFE/SVID, Biscuit tokens, Ed25519 signatures, RFC 6962 Merkle proofs, SCITT, C2SP, OIDC, MCP, AWS Nitro attestation, and OpenTelemetry. This standards-based approach ensures that action receipts can be independently verified without reliance on Clay Seal’s own infrastructure. The platform is intended for teams and organizations deploying AI agents that interact with sensitive domains, including financial transactions, source code, customer data, internal operations, and cloud infrastructure.
Delivery is via a software stack that can be integrated at different levels, allowing organizations to adopt only the components that address their immediate needs. The platform is currently onboarding design partners through a waitlist process.
Clay Seal sits in PulseGate's AI & ML category. It focuses on preventing AI agents from performing unauthorized or unsafe actions by enforcing runtime security and granular permissions. It is built as a B2B product for AI platform operators and developers deploying autonomous agents. The product ships for the web and the command line.
Clay Seal first shipped in 2026. Development happens publicly on GitHub with 1 commits in the last 90 days. PulseGate's similarity index finds few close equivalents — Clay Seal occupies a relatively distinct niche. Key capabilities include action approval, audit logging, and permission scoping. Access is currently waitlist-only.
Latest indexed changes and source events
Show HN: Runtime security enforcement and capability scoping for agents discovered by the PulseGate indexer
Other apps tracked under the same category.