For security
Isolated, ephemeral sandboxes with no tokens on the box. Per-user scoping. Ingress/egress rules. Real-time compliance checks. Real-time malicious behavior prevention.
Block access outside a user's scope
| Risk | Nori agents | Local agents |
|---|---|---|
| Access |
Isolated sandbox only
The agent never sees the host machine. Work stays inside an ephemeral session |
Anything on the laptop
Files, keys, browser sessions, email—the agent can reach whatever the user can |
| Setup |
Secure by default
Scopes, ingress/egress rules, and compliance checks ship with the environment |
Hard to lock down correctly
Per-machine policies, drift, and exceptions make a secure local setup extremely hard |
| Credentials |
No tokens on the box
Short-lived, scoped credentials never enter the session machine |
Secrets live on the box
API keys and tokens sit on disk, waiting to walk out with the laptop |
Define what each person and team can reach. Every session only gets the access its role is granted—nothing more.
Credentials stay short-lived and scoped. Work stays inside the session. Nothing sits on a laptop waiting to walk out the door.
Every session and every action is logged and searchable. Answer what ran, where, and on whose behalf—before the incident review.
Legal and regulatory asks are stopped immediately—before the agent answers. Credit decisions, medical advice, and other regulated acts stay with licensed humans.
Just @nori. It ships.