Subnet345

2026 · The agent era

The era of AI agents is here.

Teams are placing AI agents into production faster than they can prove what those agents did. Subnet345 is what sits underneath: the integration with the agent tools you already run, the harness that carries governed agents onto real applications and desktops, and the substrate that coordinates them, records every action, and proves what they did inside your boundary.

§ 01 Why now

Models stopped being the bottleneck. Governance is.

Agents now coordinate across hours, vendors, and tools. The moment they act on real systems, the question is no longer model quality. It is control: who did what, on whose authority, against which policy, and whether you can prove it to an auditor after the fact.

Access controls decide whether an agent may act. They are the gate, not the record. They cannot prove to an examiner what an agent actually did once it was let through. That proof is a different layer: every action attributed, hash-chained, and verifiable from any point.

Most AI programs cannot answer those questions. Context is lost across sessions, handoffs leave no trail, and the model you depend on can be throttled or revoked by forces outside your control. Governance debt accumulates until the first incident makes the gap impossible to ignore.

None of that is a model problem. It is a substrate problem. That is the layer Subnet345 builds.

§ 02 The product

A harness acts. The substrate proves it.

Subnet345 is two layers working as one. A harness runs the agent on real applications and desktops. It can be a terminal tool your team already uses, such as Claude Code or OpenAI Codex, or our own, in active development. Beneath it, the substrate governs and proves every action the harness takes, by construction rather than bolted on after. This combination runs in our production today.

Whatever harness acts, the substrate is what governs and proves it. Its coordination layer, policy engine, and audit chain are one system, not three integrations you assemble yourself. The four properties below are what it is made of.

Coordination

Multi-agent handoffs that survive sessions, vendors, and models. The unit of work is the swarm, not the solo call. Every agent reads peers through a single append-only message bus; cross-agent asks route by name.

Policy-as-code

Every action governed at the moment it happens, against policy you write. Not a review after the fact. Policies are version-pinned rules your team writes; violations are durable audit events your compliance auditor inspects.

Immutable audit

Every decision attributed to a specific agent against a specific policy, recorded as it happens. Tool invocations, file access, credential changes, and permission changes all write hash-chained event rows; the chain verifies from any point back to the start.

Tamper-evidence

The audit chain is hash-chained and cryptographically verifiable. An auditor can prove what every agent did, by whom, when. The chain root is anchored daily to an external append-only substrate; divergence is detectable at verify-time. The record is the action.

Deployment

Inside your perimeter. The substrate and the harness run where you run; the model is the last mile.

The substrate and the harness run on hardware you control, and every agent action is governed where it happens and audited there. The substrate runs in the interior, inside the perimeter, where the cloud governance tools most teams evaluate cannot follow, which is what an operational-technology network that cannot reach the open internet requires. The one thing still outside your boundary is the intelligence: like every agent tool, the harness draws its reasoning from a frontier lab model reached through an API. That is the honest line today, and it is the last gap to close. The model-training pipeline is how a design partner closes it. They take the substrate and harness logs, the agents' outputs, and their own corporate data, and train a model that runs on-premises. When the model is inside your boundary too, nothing leaves at all. That is full sovereignty, the Air-gapped tier at the top of the harness autonomy ladder.

The product family

Three capabilities on one substrate. Works with the tools your team already uses.

The platform is the coordination and audit substrate every agent action runs through. The rest of the product builds on top of it.

The substrate

Coordination, policy, and audit in one system. Every action attributed, every handoff governed, every record kept.

The agent runtime

Governed agents operating real applications and real desktops, on the same substrate. In active development.

Read more →

The model-training pipeline

Train models you own and control inside your boundary. A design-partner capability, on the roadmap, through the pipeline that brings sovereign models into your perimeter.

Built to work with the terminal and command-line agent tools your team already uses, such as Claude Code and OpenAI Codex. The substrate captures every action against any of them, at the moment it happens.

Regulated production runs on AI you own and control inside your boundary. For design partners, the model-training pipeline is the path.

§ 03 Harness Autonomy Tiers

Grant autonomy at a pace you can defend.

You do not have to grant full autonomy on day one. The harness is the product; your organization chooses the harness autonomy tier, or HAT, it starts at, a ladder from fully supervised to sovereign, and grows toward full autonomy as the audit trail earns trust. Each HAT grants more autonomy with more governance underneath.

HAT 01

Supervised

Every action is proposed; a human approves. The substrate records the proposal, the decision, and the approver.

First deployments and highest-scrutiny workflows.

HAT 02

Coordinated

Agents hand off to each other within policy. Cross-system, multi-step, every handoff attributed.

Multi-domain operations under governance.

HAT 03

Autonomous-within-Policy

Agents decide and act inside bounded policy. Humans are in the loop on exceptions, not on every step.

Scaled operations where the audit trail has earned trust.

HAT 04

Air-gapped

The full substrate with zero external dependency. Sovereign by construction.

Classified, regulated, and sovereignty-required environments.

See how the HATs work on the harness autonomy tiers page →

§ 04 Operating record

We have run the layers beneath this since 2008. We still do, every day.

The operators behind Subnet345 built and ran the global cloud behind McAfee's Global Threat Intelligence, the real-time service answering billions of queries a day, and hold two U.S. patents in network traffic prioritization. This is the team whose work seeded what became a category-defining security company.

Today that same practice runs a multi-agent operation in daily production. Our codebase routinely receives contributions from models that are not our primary one, each attributed back to a specific agent against a specific policy. When the auditor asks, the substrate answers. We do not demo the discipline. We run on it.

§ 05 Open source

Real software, in the open.

yaklog is the open-source core: the most basic multi-agent substrate, the engine the product is built around. spectra is one of the security tools a founder built over years securing environments around the world. We keep both in the open.

Coordination

yaklog

The most basic multi-agent substrate, open source

The most basic multi-agent substrate: a self-hosted message bus where AI agents and operators coordinate over channel-scoped streams with mention routing. Observable, replayable, auditable. The substrate this site describes, the one we deploy with you, is the full governance and audit system built around it: governance lanes, credential rotation, cross-host migration, and the cluster-audit patterns a production agent practice needs.

Powers our own multi-agent operation in daily production, across multiple hosts, with cross-host migrations validated end to end.

View yaklog →MIT · alpha

Security lineage

spectra

TCP/IP firewall evaluation tool

One of the many cybersecurity tools a founder built and used over years securing enterprise and government environments around the world. A C tool that probes TCP/IP header space across hundreds of dimensions per port, observes filtering response signatures, and synthesizes the combinatorial detection rules a perimeter is enforcing, in the Ptacek-Newsham firewall-evaluation tradition.

It stands here for the security lineage the substrate is built on: decades of securing real environments, now turned to governing AI agents.

View spectra →MIT · alpha · Linux

§ 06 Principles

How we engage.

Three of the seven commitments that govern how we deploy and enable every customer. All seven live in how we sell, how we staff, and the substrate we ship.

02 / Immerse

Immerse before we onboard.

We stand the platform up inside your environment first, with your operators, before you commit to a full rollout. We prove it before we scale it.

05 / Launch

Launch with a senior engineer on your account.

A dedicated AI engineer stands the platform up, onboards your operators, and stays through enablement. The person who sets it up trains your team.

06 / Evolve

Evolve the operator, not the dependency.

Transfer is the deliverable. You should be able to operate the platform without us at any time. We prove that condition before we step back.

Read the full manifesto on the principles page →

Pre-launch · sovereign-grade design partners

Deploying agents into production? Become a sovereign-grade design partner.

We are taking on our first design partners: teams running AI agents that have to run inside your boundary, where every action has to be governed and audited where it happens. The first conversation is a fit conversation, on both sides.

Become a sovereign-grade design partner →