Sielum — AI Agent EDR
Endpoint Detection & Response for AI Agents — visibility and control over every AI coding assistant running in your organization.
What is Sielum?
Sielum is a security management platform that monitors and controls AI agents (Claude Code, Cursor, GitHub Copilot, Amazon Q, ChatGPT) on developer workstations. It gives security and IT teams:
- Visibility — which AI agents are running, which APIs they connect to, which MCP servers they use
- Alerting — policy violations, unknown agents, unauthorized API connections
- Control — enforce allowed/denied tool permissions, block AI API domains via firewall rules
- Compliance — audit log, GDPR data retention, SOC 2 and EU AI Act export reports
Architecture in one diagram
┌─────────────────────────────────────────────────────────────────┐
│ Developer Workstation │
│ │
│ ┌──────────────┐ scan ┌──────────────────────────────┐ │
│ │ AI Agents │ ◄──────── │ Sielum Agent │ │
│ │ Claude Code │ │ (native binary, no Docker) │ │
│ │ Cursor │ └──────────────┬───────�────────┘ │
│ │ Copilot │ │ gRPC + mTLS │
│ │ Amazon Q │ │ port 443 │
│ └──────────────┘ ▼ │
└─────────────────────────────────────────────┼───────────────────┘
│
agents.<host>:443 ─────────┤
<host>:443 ─────────┤
│
┌─────────────▼─────────────┐
│ nginx (TLS + SNI route) │
│ agents.* → backend:9090 │
│ * → REST/SPA │
└─────────────┬─────────────┘
│
┌───────────────────▼──────────────────┐
│ Sielum Server │
│ ┌────────────┐ ┌───────────────┐ │
│ │ REST API │ │ gRPC Server │ │
│ └─────┬──────┘ └───────┬───────┘ │
│ └────────┬─────────┘ │
│ ┌─────▼──────┐ │
│ │ PostgreSQL │ │
│ └────────────┘ │
│ ┌──────────────────────┐ │
│ │ Keycloak (OIDC/SSO) │ │
│ └──────────────────────┘ │
│ ┌──────────────────────┐ │
│ │ Dashboard (React) │ │
│ └──────────────────────┘ │
└──────────────────────────────────────┘
Agents only need outbound port 443 — gRPC traffic is multiplexed onto the same port as the dashboard via SNI routing on agents.<your-host>. Internal port 9090 is never exposed externally.
Quickstart (5 minutes)
1. Sign up
Go to sielum.io and create a free account. You get a 14-day trial with all features and support for up to 3 monitored endpoints.
After submitting the form you receive an email with a magic link. Open it, set a password, and you land directly in your new trial dashboard.
2. Follow the Setup Assistant
On your first login, the Setup Assistant guides you through naming your organization, generating an enrollment token, and installing the agent — all in one flow. See the First Login & Setup guide for a step-by-step walkthrough.
3. Install the agent
The assistant gives you a one-line install command for your endpoint's operating system. For manual installation and platform-specific details, see the Agent Installation guide.
4. Verify
The assistant waits for your first endpoint to connect — usually within a minute. After that, your workstation appears under Endpoints, with detected AI agents under Agents and active API connections under Connections.
Supported AI Clients
| Client | Detection | Config Monitoring | MCP Servers | Enforcement |
|---|---|---|---|---|
| Claude Code | ✅ | ✅ ~/.claude/settings.json | ✅ | ✅ (writes back settings.json) |
| Cursor | ✅ | ✅ .cursor/mcp.json | ✅ | ✅ (removes denied MCP servers) |
| GitHub Copilot | ✅ | ✅ hosts.json | — | via firewall blocking |
| Amazon Q | ✅ | ✅ SSO token cache | — | via firewall blocking |
| ChatGPT Desktop | ✅ | Process-based | — | via firewall blocking |
| Gemini CLI | ✅ | Process-based | — | via firewall blocking |