Skip to content
Gamut AI Gamut AI Docs

Agentic stack overview

When AI takes action, calling tools, invoking APIs, running workflows, design-time assessment is no longer enough. The agentic stack extends Gamut governance to AI in action, applying and enforcing policy at runtime and generating evidence from every action.

The core principle

Section titled “The core principle”

Gamut must not become just another agent orchestrator. Its value is trust, governance, explainability, auditability and defensible control. The agentic stack therefore keeps a clean separation of duties:

Gamut AI        = ATF and governance system of record
Gamut Gateway   = ATF runtime policy compliance and enforcement engine
Gamut Claw      = ATF-controlled secure execution layer

Put simply:

Gamut defines the governance policy.
Gateway applies and enforces that policy at runtime.
Claw requests work and executes only through Gateway-controlled paths.
Gamut records what happened.
Gamut AI Governance system of record Agentic CISO Gamut Gateway Policy decision & enforcement ATF runtime Tools, models, data Governed connectors Keys live here, not with agents Gamut Claw / BYO runtime Secure execution layer Think anywhere, act through Gateway policy runtime evidence governed call result requests action
The agentic stack. Gamut AI sets policy and records evidence; Gateway decides and enforces every action; Claw or a bring-your-own runtime executes only through Gateway. Agents never hold credentials or call tools directly.

The three tiers

Section titled “The three tiers”

Gamut AI, system of record

Section titled “Gamut AI, system of record”

Gamut AI remains the authoritative governance platform. It owns the policy truth, assessment truth, evidence truth and reporting truth. The agent register, ATF assessment, tool and data governance and approvals live here, in Agentic CISO.

Gamut Gateway, enforcement

Section titled “Gamut Gateway, enforcement”

Gamut Gateway is the policy decision and enforcement engine. Every agent action, a model call, a tool invocation, a data retrieval, passes through Gateway, which checks it against policy, tenant, assessment, agent identity and approval gates before allowing it, and records the decision.

Gamut Claw, execution

Section titled “Gamut Claw, execution”

Gamut Claw (or a standalone agent service) is the secure execution layer. It requests work and executes only through Gateway-controlled paths. Claw never holds model, SaaS, database or other credentials directly.

Zero-trust by construction

Section titled “Zero-trust by construction”

The defining rule of the agentic stack is that agents never call tools directly. Tools are registered, governed and invoked through Gateway after policy, permission, tenant, assessment and identity checks. Provider keys and credentials live only on the Gateway side, never with the agent.

This is what lets Gamut expose broad tool access, see the connector catalog, without weakening the security model.

Bring your own runtime

Section titled “Bring your own runtime”

You are not limited to Gamut Claw. With the BYO agent runtime, you can run external agent frameworks while keeping Gamut as the trust and enforcement plane. The operating rule is think anywhere, act through Gateway.

How it aligns to the frameworks

Section titled “How it aligns to the frameworks”
  • ATF defines the trust and control model the stack enforces.
  • ACRS scores the capability risk that sets how tightly to govern.
  • MAESTRO models the threats an agent’s capabilities introduce.

Next

Section titled “Next”