SPNT

Agent Control (ZASTAPNIK)

Agents act. Make sure they only do what they are authorized to.

AI agents and Model Context Protocol (MCP) tools are now executing real actions inside production environments — reading data, calling APIs, modifying infrastructure. They are a new, fast-growing attack surface that traditional identity and security tooling does not understand.

ZASTAPNIK is SPNT's agentic action layer. While the other modules detect and reason, ZASTAPNIK governs the agents and MCP tools that take action — and writes every decision to the same substrate that powers the rest of the platform.

What ZASTAPNIK governs

  • AI agents. Autonomous and semi-autonomous agents operating against your systems — what they can reach, what they can invoke, and under whose authority.
  • MCP servers and tools. The Model Context Protocol tools agents connect to. ZASTAPNIK inventories them, validates their integrity, and watches for tool poisoning.
  • Agent identities. Every agent is treated as a first-class non-human identity, scoped and revocable like any other principal.
  • Tool invocations. The live stream of tool calls — captured, authorized, and replayed into the graph for investigation.

Agentic threat detection

ZASTAPNIK detects attack patterns unique to agentic systems:

  • Tool poisoning. Malicious or tampered MCP tool definitions that hijack agent behavior through crafted descriptions or responses.
  • Confused-deputy abuse. Agents tricked into using their privileges on behalf of an attacker.
  • Excessive agency. Agents with broader reach or permissions than their task requires.
  • Reachability blast radius. What an agent could touch if compromised, computed over the security graph.

Agent-as-identity

ZASTAPNIK enforces the principle that every agent is an identity. Agents are scoped, attributed, and revocable. Their activity lands on the same risk register as human and service-account identities in NADZOR.

Integration with other modules

  • NADZOR tracks agent identities and machine credentials alongside human identities.
  • PROTIVAI secures the model layer; ZASTAPNIK governs the agents and tools that act on top of it.
  • ISTRAGA investigates agent incidents using captured tool-invocation history.
  • JADRO can run agent reasoning locally so prompts and tool context never leave your environment.
Agent and MCP telemetry is one of SPNT's seven intelligence layers. See How SPNT Works for how it feeds the substrate.