Saint AI GOVERNANCE
Every AI agent
in your organization.
Accounted for.
Saint is the registry and identity authority for enterprise agentic AI. It doesn't govern what agents do — that's your security team's job. It tells them what's registered, what's approved, and what changed.
You're running AI you
didn't know you had.
The visible layer is what the CIO approved. The invisible layer is everything else: the agent a product manager built in a weekend, the contract review tool legal is quietly using, the prospecting automation the sales team deployed without telling IT.
When something goes wrong — and something will go wrong — the first questions are: what was this, who built it, and what data did it touch?
Those questions currently take weeks to answer. Saint makes them answerable in seconds.
The registry.
Every agent in the organization, in one place. Who owns it. What it does. What data it touches. What models it calls. When it was last reviewed. Not just the ones IT approved — all of them.
The identity.
Every governed agent carries a cryptographic identity: a token issued at approval, or a fingerprint of its approved configuration. Your security tooling asks Saint: is this agent registered and current? Saint answers.
The governance.
Every agent follows a lifecycle: proposed, reviewed, approved, deployed, periodically re-assessed. Every decision is permanent. Every change is documented. Every framework obligation is tracked.
FOR YOUR SECURITY TEAM
Saint answers the question.
Your tools decide what to do.
Saint is not an enforcement engine. It does not sit in your network path. It does not replace your CASB, your SIEM, or your identity platform.
It gives them something they don't currently have: an authoritative answer to "is this agent registered and approved?"
Your SIEM subscribes to Saint's event stream. Your CASB queries the validation API. Your ticketing system receives governance alerts automatically. Saint emits the facts. Your team decides what constitutes an incident.
VALIDATION API
GET /v1/identity/validate X-Saint-Token: {agent-jwt} ─────────────────────────────────── { "valid": true, "agent_name": "Contract Review Agent", "governance_status": "deployed", "risk_tier": "high", "expires_at": "2026-04-17T14:00:00Z" } ───────────────────────────────────
Under 5ms. Signed response. Works with any security tooling.
Agent registry
Every agent registered with a complete technical and governance profile. Any agent, any technology, any vendor. Saint governs the agent, not the framework it was built on.
Cryptographic identity
Token-based identity for all agents. Fingerprint verification for agents built on stable configurations. JWKS endpoint for public key distribution. Standard JWT format — no proprietary client required.
Governance workflow
Proposal, review, approval, deployment, periodic reassessment. Configurable per risk tier. Every decision documented and permanent. Workflows route to legal, security, compliance, or business owners as configured.
Framework compliance
EU AI Act, NIST AI RMF, ISO 42001. Evidence collected at runtime, not assembled before audits. Compliance reports generated as signed PDFs. Gap analysis surfaced automatically.
Telemetry and drift
Behavioral baselines established at deployment. Drift detected when agents deviate — model updates, configuration changes, anomalous patterns. Severity-classified alerts to your SOC.
Shadow agent discovery
When your SOC observes an agent-shaped thing with no Saint identity, they report it here. Saint tracks the investigation and routes it to resolution. The registry becomes complete over time.
CROW BLUE SUITE
Every Crow Blue product — Broadside, Blue Eye, Feather — registers with Saint automatically at install time. Governance profiles are pre-configured. Telemetry is pre-wired. Your Crow Blue deployments are governed from day one with no additional setup.
Agents built through Double Agent engagements are registered in Saint as part of the engagement deliverable. You leave with a governed agent, not just a running one.
What is Double Agent? →Deployment & Licensing
Self-hosted first.
- — Self-hosted (primary) — Saint runs in your environment. The governance database never leaves your infrastructure. Critical for organizations whose governance records are themselves sensitive.
- — Managed (elective) — We host Saint for you. Same software, our infrastructure. Available for organizations that want governance without the operational overhead.
License your way.
- — Subscription — Low monthly fee. Full access. Call-home validation included.
- — Perpetual buyout — One-time payment. Air-gapped build. Yours forever. No ongoing dependency on Crow Blue infrastructure.
Saint validates its own license against Crow Blue's licensing endpoint — the same mechanism it provides to other products. We eat our own cooking.
Ready to account for your agent fleet?
Start with a conversation. We'll assess your current AI footprint and show you what governed deployment looks like in practice.