Introduction
Platform Overview
What Daevix is, why it exists, and how it thinks about autonomous AI agents.
Platform Overview
Daevix is an AI agent platform that treats autonomous agents like employees - with real identities, managed workstations, and enterprise security controls.
Where Daevix is today. Daevix runs the control plane and the on-premises enclave as a managed service. You don’t deploy or operate any platform infrastructure - you create and manage agents entirely through the
dvxcommand-line tool. The concepts below describe the full platform model; the parts you operate today are the CLI and your agents.
Vision
Autonomous AI agents are becoming a core part of how organizations get work done. Unlike traditional software - deterministic, scoped, ephemeral - agents are long-running, autonomous, and capable of taking arbitrary action. They can install software, modify configurations, call APIs, write and execute code, and even patch and restart themselves.
This makes them powerful. It also makes them dangerous.
Our thesis: Autonomous AI agents should be treated as autonomous entities, not as programs. Their behavior is more akin to the chaotic, creative, unpredictable nature of humans than to the deterministic nature of software. The infrastructure we give them should reflect this. Treat them like employees - give them the same kinds of identity, workstations, security controls, and access governance that you give to your people.
Design Principles
1. Agents are untrusted
The platform never assumes the agent process is benign. Even if we provide the agent runtime, the agent may be able to modify itself depending on its access level. Security controls exist at the OS, network, and platform level - not inside the agent.
2. Agents get real identities
Not service accounts bolted on as an afterthought. Agents get first-class identities in the organization’s existing identity infrastructure (Okta, AWS IAM, GitHub, etc.), provisioned automatically as part of agent creation.
3. Bring Your Own Compute (BYOC)
Organizations run agents on their own infrastructure. The platform never sees their code, secrets, or data. The platform provides the control plane; the organization provides the compute.
4. Bring Your Own Agent (BYOA)
The platform provides a default agent runtime, but operators can run any agent code. The platform’s security and identity model works regardless of what’s running inside the machine.
5. Meet organizations where they are
Organizations already have security tooling (EDR, SIEM, network inspection), identity providers (Okta, AD), and compute infrastructure (AWS, GCP, bare metal). The platform integrates with these rather than replacing them.
The Agent-as-Employee Analogy
This analogy is central to the platform’s design. When an organization onboards a human employee, they issue an identity, provision a workstation, grant scoped access, install security controls, monitor behavior, and can revoke everything instantly. Daevix does the same for AI agents.
| Human Employee | AI Agent |
|---|---|
| Person | Agent process |
| Laptop / workstation | Agent host (VM, bare metal, container) |
| Admin rights (or not) | Host access level (org policy decision) |
| Corporate SSO account | Agent identity in control plane |
| Okta/AD identity | Provisioned via hooks into same systems |
| GitHub account | GitHub machine user (provisioned via hook) |
| AWS console access | AWS IAM role (provisioned via hook) |
| Corporate laptop image | Base OS image with required controls |
| EDR on laptop | EDR on agent host |
| VPN / network policies | Network controls on agent host |
| Badge revocation on termination | Identity revocation on decommission |
| HR onboarding checklist | Provisioning hooks |
| HR offboarding checklist | Deprovisioning hooks |
The key insight: use the exact same controls on an agent’s machine and on its access as your employees have. The platform doesn’t prescribe a specific access level. Some organizations give employees admin rights on their laptops; others lock them down. The same decision applies to agents.
Core Concepts
| Term | Definition |
|---|---|
| Agent | An autonomous AI entity. Concretely: the agent process running on a machine. The agent is the process, not the machine - just as an employee is the person, not their laptop. |
| Agent Host | The machine (VM, bare metal, container) that an agent runs on. Analogous to an employee’s workstation. |
| Operator | A human who creates, configures, monitors, and controls agents. |
| Control Plane | Central management layer for identity, policy, audit, and configuration. Agents never talk to it directly. |
| Enclave | On-premises component in the organization’s environment. The agent’s sole platform touchpoint - provisions compute, executes hooks, bridges the control plane and your infrastructure. (Daevix operates the enclave for you today.) |
| Identity Bundle | The collection of credentials, certificates, and tokens that constitute an agent’s identity. Delivered to the agent via the enclave at bootstrap. |
| Bootstrap Token | A single-use, time-limited token minted when an agent is provisioned. The agent exchanges it for its identity bundle on first boot. |
| Provisioning Hook | An operator-configured action that fires during agent creation to provision identities in external systems (e.g., create an Okta service account, a GitHub machine user, an AWS IAM role). |
One Agent Per Host vs. Shared Hosts
Most organizations will prefer one agent per host for the same reason they prefer one employee per workstation - clean isolation, simpler security boundaries, clearer audit trails.
However, the platform does not mandate this. Multiple agents can run on the same host, each with their own OS-level identity.
| Model | Pros | Cons |
|---|---|---|
| One agent per host | Strongest isolation, simplest model, clean audit trail | Higher cost, more machines to manage |
| Multiple agents per host | Lower cost, faster provisioning | Shared kernel, noisier audit trail, blast radius of host compromise is larger |