For the engineering leader

Your engineers use Cursor and Claude Code. You don't have a CISO yet.

Northbeams is the AI governance layer for the company you're about to be. On-device classification. MCP Gateway. No MITM cert in employee laptops. Built by engineers, for engineers.

Book a 30‑min call → See the MCP Gateway →

FOUNDER ACCESS ● NO PROXY ● NO MITM CERT ● API ACCESS

01 / The 90-second version of the problem

It's Thursday afternoon.

Scenario

Your senior engineer just pasted production AWS credentials into Claude Code to debug a Lambda timeout.

You don't know which engineer.
You don't know what else they pasted.
You don't know if it's still sitting in a model's context window somewhere.

Tomorrow your enterprise customer's security team asks you for SOC 2 evidence on AI tool usage.

You have nothing.

You can buy a browser DLP. It will not see Claude Code. It will not see Cursor. It will not see Claude Desktop. It will not see the MCP server your engineer wired up last week so the agent can pull production logs without asking. It will catch the marketing intern pasting a contract into ChatGPT, which is helpful, but it is not the thing keeping you awake.

Northbeams is the layer for what your browser DLP misses. Engineers, agents, MCP, CLI. The four surfaces where the real source code and the real secrets are moving.

02 / Install in ten minutes

One browser extension. One desktop app. Done.

Walk a team of fifty laptops in an afternoon, MDM-deploy two hundred over coffee on Monday. The desktop app ships the extension with it; engineers don't manage two installs. There is no proxy to configure. There is no root certificate going into your employee trust stores. Your senior engineers will not rebel against this install, because there is nothing in it to rebel against.

What it looks like the day after install

Open the dashboard. You see every AI tool every laptop has touched, sorted by risk. You click "apply recommended policy" on the GitHub MCP and the Stripe MCP. You name three high-risk browser tools and set them to "warn." Engineers keep working. You go back to whatever you were doing before someone asked about AI governance.

03 / What CTOs actually want to see

Granularity is trust. Surveillance is not.

On-device classification and redaction.Prompts and MCP arguments are classified and redacted in the browser and on the laptop. Tool name, hostname, timestamp, risk class, and a redacted snippet reach our servers. The original prompt body does not. We can't read it if you ask us to.
Real-time prompt redaction.Credentials, PII, source code, and customer data are masked before the prompt leaves the laptop. An API token becomes [REDACTED:apiKey]. A customer email becomes [REDACTED:email]. Claude or ChatGPT receives the redacted prompt. You receive the audit log. Pilot live on Sentinel since 2026-05-24.
Jailbreak and prompt-injection detection."Ignore previous instructions", DAN-style overrides, prompt-injection in pasted documents. Flagged in the incident feed as a separate event category. Useful when an engineer pastes a customer-supplied document into Claude without thinking.
Image and PDF OCR. Ten languages.An engineer screenshots a customer record and pastes it into ChatGPT. The extension OCRs the image in-browser, runs the classifier, and catches the leak. Works in English, French, German, Spanish, Portuguese, Japanese, Chinese, and three more.
No MITM cert. No proxy.We don't intercept TLS. We don't ask your team to trust a root certificate. We read connection metadata and process names instead. Your engineers won't be writing a Slack thread about how the security team broke curl.
Allow / warn / block, per MCP tool, per method.Block stripe.create_refund, warn on github.delete_branch, allow postgres.query but redact secrets in arguments. Per-server. Per-tool. Per-method. Strictest action wins.
Audit log you can grep.Signed CSV exports. Per-user attribution across browser, desktop, CLI, MCP. Plays nicely with Splunk, Datadog, or anything that reads JSON over HTTPS.
API access.If you want to script it, you can. Pull discovery reports as JSON. Push policy updates. Wire it into your existing CI gates. We are not the platform that hides behind a UI.
Daily catalogue refresh.An automated scraper opens a PR every day with new AI tools we've found in the wild. 320+ catalogued today, +25 to 50 per week. The catalogue stays fresh without humans curating it.

04 / Built by engineers, not marketers

What an MCP gate looks like from the inside.

This is the actual resolution path for an MCP tool call. The agent waits at Gate.Resolve() while policy and content checks run on-device. Strictest action wins.

// sentinel/internal/mcp/proxy/proxy.go (excerpt)
func (g *Gate) Resolve(ctx context.Context, call ToolCall) Decision {
    // 1. tool-name policy: did the admin block this method?
    p := g.policy.ForTool(call.Server, call.Tool)

    // 2. content policy: classify arguments on-device,
    //    redact secrets before forwarding to the MCP server.
    c, redactions := g.classifier.Inspect(call.Arguments)

    // strictest action wins (block > warn > allow)
    return Decision{
        Action:      strictest(p.Action, c.Action),
        Redactions:  redactions,
        Reason:      explain(p, c),
        AuditEvent:  buildAuditEvent(call, p, c),
    }
}

If you want to read the rest, we'll show it to you. Founding partners get a code walkthrough on the kickoff call.

05 / The compliance gift you don't have time to build

The thing enterprise sales keeps asking you for.

Your AE walks into a Series-A renewal. Customer security team sends a 200-line questionnaire. One of the questions is "describe controls in place for employee use of generative AI." You have 48 hours.

With Northbeams installed, the answer is a one-page export from the dashboard with per-user activity across all four AI surfaces, signed audit logs, mapped to SOC 2 CC6.1 / CC7.2 and EU AI Act Article 4. You attach it, you send it, your AE closes the renewal.

This is not a feature we built for fun. It is the thing that makes your next enterprise deal close two weeks sooner.