2026 · The agent era
The era of AI agents is here.
Teams are placing AI agents into production faster than they can prove what those agents did. Subnet345 is what sits underneath: the integration with the agent tools you already run, the harness that carries governed agents onto real applications and desktops, and the substrate that coordinates them, records every action, and proves what they did inside your boundary.
§ 01 Why now
Models stopped being the bottleneck. Governance is.
Agents now coordinate across hours, vendors, and tools. The moment they act on real systems, the question is no longer model quality. It is control: who did what, on whose authority, against which policy, and whether you can prove it to an auditor after the fact.
Access controls decide whether an agent may act. They are the gate, not the record. They cannot prove to an examiner what an agent actually did once it was let through. That proof is a different layer: every action attributed, hash-chained, and verifiable from any point.
Most AI programs cannot answer those questions. Context is lost across sessions, handoffs leave no trail, and the model you depend on can be throttled or revoked by forces outside your control. Governance debt accumulates until the first incident makes the gap impossible to ignore.
None of that is a model problem. It is a substrate problem. That is the layer Subnet345 builds.
§ 02 The product
A harness acts. The substrate proves it.
Subnet345 is two layers working as one. A harness runs the agent on real applications and desktops. It can be a terminal tool your team already uses, such as Claude Code or OpenAI Codex, or our own, in active development. Beneath it, the substrate governs and proves every action the harness takes, by construction rather than bolted on after. This combination runs in our production today.
Whatever harness acts, the substrate is what governs and proves it. Its coordination layer, policy engine, and audit chain are one system, not three integrations you assemble yourself. The four properties below are what it is made of.
Coordination
Multi-agent handoffs that survive sessions, vendors, and models. The unit of work is the swarm, not the solo call. Every agent reads peers through a single append-only message bus; cross-agent asks route by name.
Policy-as-code
Every action governed at the moment it happens, against policy you write. Not a review after the fact. Policies are version-pinned rules your team writes; violations are durable audit events your compliance auditor inspects.
Immutable audit
Every decision attributed to a specific agent against a specific policy, recorded as it happens. Tool invocations, file access, credential changes, and permission changes all write hash-chained event rows; the chain verifies from any point back to the start.
Tamper-evidence
The audit chain is hash-chained and cryptographically verifiable. An auditor can prove what every agent did, by whom, when. The chain root is anchored daily to an external append-only substrate; divergence is detectable at verify-time. The record is the action.
Deployment
Inside your perimeter. The substrate and the harness run where you run; the model is the last mile.
The substrate and the harness run on hardware you control, and every agent action is governed where it happens and audited there. The substrate runs in the interior, inside the perimeter, where the cloud governance tools most teams evaluate cannot follow, which is what an operational-technology network that cannot reach the open internet requires. The one thing still outside your boundary is the intelligence: like every agent tool, the harness draws its reasoning from a frontier lab model reached through an API. That is the honest line today, and it is the last gap to close. The model-training pipeline is how a design partner closes it. They take the substrate and harness logs, the agents' outputs, and their own corporate data, and train a model that runs on-premises. When the model is inside your boundary too, nothing leaves at all. That is full sovereignty, the Air-gapped tier at the top of the harness autonomy ladder.
The product family
Three capabilities on one substrate. Works with the tools your team already uses.
The platform is the coordination and audit substrate every agent action runs through. The rest of the product builds on top of it.
The substrate
Coordination, policy, and audit in one system. Every action attributed, every handoff governed, every record kept.
The agent runtime
Governed agents operating real applications and real desktops, on the same substrate. In active development.
Read more →
The model-training pipeline
Train models you own and control inside your boundary. A design-partner capability, on the roadmap, through the pipeline that brings sovereign models into your perimeter.
Built to work with the terminal and command-line agent tools your team already uses, such as Claude Code and OpenAI Codex. The substrate captures every action against any of them, at the moment it happens.
Regulated production runs on AI you own and control inside your boundary. For design partners, the model-training pipeline is the path.
§ 03 Harness Autonomy Tiers
Grant autonomy at a pace you can defend.
You do not have to grant full autonomy on day one. The harness is the product; your organization chooses the harness autonomy tier, or HAT, it starts at, a ladder from fully supervised to sovereign, and grows toward full autonomy as the audit trail earns trust. Each HAT grants more autonomy with more governance underneath.
HAT 01
Supervised
Every action is proposed; a human approves. The substrate records the proposal, the decision, and the approver.
First deployments and highest-scrutiny workflows.
HAT 02
Coordinated
Agents hand off to each other within policy. Cross-system, multi-step, every handoff attributed.
Multi-domain operations under governance.
HAT 03
Autonomous-within-Policy
Agents decide and act inside bounded policy. Humans are in the loop on exceptions, not on every step.
Scaled operations where the audit trail has earned trust.
HAT 04
Air-gapped
The full substrate with zero external dependency. Sovereign by construction.
Classified, regulated, and sovereignty-required environments.
See how the HATs work on the harness autonomy tiers page →
§ 04 Operating record
We have run the layers beneath this since 2008. We still do, every day.
The operators behind Subnet345 built and ran the global cloud behind McAfee's Global Threat Intelligence, the real-time service answering billions of queries a day, and hold two U.S. patents in network traffic prioritization. This is the team whose work seeded what became a category-defining security company.
Today that same practice runs a multi-agent operation in daily production. Our codebase routinely receives contributions from models that are not our primary one, each attributed back to a specific agent against a specific policy. When the auditor asks, the substrate answers. We do not demo the discipline. We run on it.
§ 05 Open source
Real software, in the open.
yaklog is the open-source core: the most basic multi-agent substrate, the engine the product is built around. spectra is one of the security tools a founder built over years securing environments around the world. We keep both in the open.
Coordination
yaklog
The most basic multi-agent substrate, open source
The most basic multi-agent substrate: a self-hosted message bus where AI agents and operators coordinate over channel-scoped streams with mention routing. Observable, replayable, auditable. The substrate this site describes, the one we deploy with you, is the full governance and audit system built around it: governance lanes, credential rotation, cross-host migration, and the cluster-audit patterns a production agent practice needs.
Powers our own multi-agent operation in daily production, across multiple hosts, with cross-host migrations validated end to end.
Security lineage
spectra
TCP/IP firewall evaluation tool
One of the many cybersecurity tools a founder built and used over years securing enterprise and government environments around the world. A C tool that probes TCP/IP header space across hundreds of dimensions per port, observes filtering response signatures, and synthesizes the combinatorial detection rules a perimeter is enforcing, in the Ptacek-Newsham firewall-evaluation tradition.
It stands here for the security lineage the substrate is built on: decades of securing real environments, now turned to governing AI agents.
§ 06 Principles
How we engage.
Three of the seven commitments that govern how we deploy and enable every customer. All seven live in how we sell, how we staff, and the substrate we ship.
02 / Immerse
Immerse before we onboard.
We stand the platform up inside your environment first, with your operators, before you commit to a full rollout. We prove it before we scale it.
05 / Launch
Launch with a senior engineer on your account.
A dedicated AI engineer stands the platform up, onboards your operators, and stays through enablement. The person who sets it up trains your team.
06 / Evolve
Evolve the operator, not the dependency.
Transfer is the deliverable. You should be able to operate the platform without us at any time. We prove that condition before we step back.
Read the full manifesto on the principles page →
§ 07 Industries
Industries where AI has to be right.
Each sector has its own audit obligations, its own threat model, and its own definition of audit-ready. Financial Services is the first deep brief. The others are open for inquiry.
01 · Deep brief
Utilities & Energy
AI agents near operational technology, under NERC CIP and FERC, where the record has to survive a reliability review. The obligation arrives before the rule does.
Read the brief →
02 · Deep brief
Financial Services
Wealth management, credit and underwriting, client onboarding. The broader governance practices SR 26-2 directs banks toward for agentic AI, plus the EU AI Act and DORA.
Read the brief →
03
Federal & Defense-Adjacent
Federal and federal-adjacent programs operating under classification boundaries, with AI decisions that must be attributable.
Start an inquiry →
04
Research & Scientific Labs
National labs and computing centers running frontier workloads on hardware they govern.
Start an inquiry →
05
Legal & Professional Services
Global firms where client confidentiality is privileged and AI must not compromise it.
Start an inquiry →
06
Creative Studios
Game, film, and post-production studios where AI agents are first-class production participants.
Start an inquiry →
See the full industry overview on the industries page →
Pre-launch · sovereign-grade design partners
Deploying agents into production? Become a sovereign-grade design partner.
We are taking on our first design partners: teams running AI agents that have to run inside your boundary, where every action has to be governed and audited where it happens. The first conversation is a fit conversation, on both sides.
Become a sovereign-grade design partner →