OpenACA Cloud · hosted

Know every agent stack across your org.

Engineers adopt agents, plugins, and MCP servers faster than security can track them. Cloud aggregates every endpoint's Agent BOM into one hosted view, then continuously re-checks it against new advisories.

Request access → See the OSS scanner
OpenACA Cloud dashboard — org-wide inventory of agent components from each asset's latest BOM, with vulnerability and posture rollups per component
Org-wide inventory — every agent component from each asset's latest BOM.

Built on open source

  1. 1

    Run

    Endpoints run the open-source openaca scanner — locally or in CI.

  2. 2

    Sync

    The openaca remote sync uploads each endpoint's Agent BOM.

  3. 3

    See

    Security gets one hosted view of every agent stack across the org.

Agent BOM history

Every scan, retained

One timeline per asset — every Agent BOM from every endpoint, kept for as long as you need it.

Drift detection

See what changed

Diff an agent stack between any two points in time. New MCP server, bumped plugin, removed skill — caught.

Policy

Your org's rules, everywhere

Define the allowlists, blocklists, and evidence-level thresholds that encode your org's risk tolerance — evaluated across every endpoint, not one scan at a time.

Findings dashboard

Triage across the org

Advisories and posture for the whole org in one view, attributed to the component that introduced them.

Continuous monitoring

Findings stay current

Cloud continuously re-checks every stored Agent BOM against new advisories — a component you already run that turns vulnerable later surfaces here, with no re-scan or re-upload.

Export

Into your workflow

CSV / JSON for SIEM ingest, GRC reporting, or whatever your security stack already runs on.

Now onboarding design partners

OpenACA Cloud is live with early teams. Design partners get direct input on the roadmap, early access, and pricing locked in before general availability.

Request access →