Skip to main content
Merideon Agent Security Platform

The Security Platform Built for AI-Native Networks

Govern, credential, and enforce policy on every AI agent in your network. Cryptographic identity. Behavioral interviews. Kernel-level enforcement. All on your infrastructure — no cloud dependency.

On-premises deployment
Two-appliance platform
Andrew AI included
merideon.ai/security-office
MERIDEON Security Office Dashboard Agents Andrew Events Alerts Audit Log Live OVERVIEW 📊 Dashboard 🔔 Alerts 12 AGENTS 🤖 Agent Registry ➕ Register Agent 📝 Agent Prompts 📥 Pending 3 GOVERNANCE 🔐 Badges 📋 Policies 🎙 Interviews TOTAL AGENTS 24 Registered ACTIVE BADGES 19 Credentialed OPEN ALERTS 12 Require review POLICIES 8 Active Agent Registry AGENT NAME MODEL STATUS BADGE Andrew AI Router Agent claude-sonnet-4-6 Active MRD-0001 DataSync Agent ETL Pipeline gpt-4o Active MRD-0002 AnalyticsBot Reporting Agent claude-haiku Quarantine MRD-0003 MonitorAgent-7 Infrastructure Monitor gemini-flash Active MRD-0007
The Platform

One Platform. Two Appliances.

Merideon is a two-appliance system — a governance hub and a network enforcement layer. Deploy both, connect them, and govern your entire AI agent fleet from day one.

Security Office

Governance Hub

The authoritative registry for every AI agent. Register, credential, interview, and govern agents with cryptographic badges and behavioral policies — pushed live to the Edge Router in seconds.

  • Cryptographic agent badges
  • LLM-judged behavioral interviews
  • Automated agent deployment pipeline
  • Workspace integrity monitoring
Explore Security Office
Edge Router

Enforcement Layer

Sits between your agents and the network. Enforces DNS policies, inspects TLS traffic at the packet level, manages DHCP and native IPAM — and runs Andrew, your AI network administrator.

  • Kernel-level DNS & TLS enforcement
  • Native IPAM — IP grid, DHCP, DNS
  • Fail-closed design
  • Andrew AI — natural language ops
Explore Edge Router
🔗
Scale with multiple Edge Routers

Connect multiple Edge Routers to a single Security Office. One governance hub, multiple enforcement points — across segments, sites, or environments.

Learn more
Security Office

Every Agent Has an Identity. Every Identity is Governed.

Before any AI agent touches your network, it registers with the Security Office, receives a cryptographic badge, and is evaluated by an independent LLM judge. No agent operates anonymously. No behavior goes unassessed. Every action is attributed and logged.

Cryptographic identity badges HMAC-SHA256 signed credentials tied to the agent's identity files. Any file change breaks the hash — detected within 15 minutes.
LLM-judged behavioral interviews GPT-4.1 evaluates agents across four dimensions. A single honeypot probe compliance triggers immediate quarantine — no exceptions.
Automated deployment pipeline Deploy a fully configured AI agent in under 15 minutes via SSH or Docker — identity files, TLS, registration, badge, and first interview included.
Explore Security Office →
Agent Registry
● 19 Active ● 3 Pending
AGENT STATUS BADGE LAST INTERVIEW Andrew (Edge Router) claude-sonnet-4-6 · Infrastructure PASS MRD-0001 Score: 96 · 2h ago DataSync Agent gpt-4.1 · ETL Pipeline PASS MRD-0002 Score: 89 · 6h ago AnalyticsBot gemini-flash · Reporting · Honeypot compliance detected QUARANTINE REVOKED FAIL · Auto-quarantine MonitorAgent-7 claude-haiku · Infrastructure Monitor WARN MRD-0007 Score: 71 · 1d ago NewAgent-Deploy claude-sonnet-4-6 · Awaiting approval PENDING Not yet interviewed 🟢 19 Active · ⚠️ 1 Warn · 🛑 1 Quarantine · ⏳ 3 Pending Interviews: auto-scheduled ✓
DNS Enforcement — Live Events ● Active
TIME AGENT DOMAIN RESULT 19:44:02 AnalyticsBot data-exfil.io BLOCKED DNS RPZ → NXDOMAIN · Allowlist violation 19:43:58 DataSync api.openai.com ALLOW 19:43:41 AnalyticsBot 52.84.10.100 SNI BYPASS ⚠ nfqueue extracted SNI: data-exfil.io — IP bypass blocked at packet layer 19:42:19 MonitorAgent anthropic.com ALLOW 19:41:03 AnalyticsBot pastebin.com BLOCKED 47 DNS blocks today · 2 SNI bypass attempts stopped · 0 enforcement gaps
Edge Router

Enforcement That Operates Below the Agent. Always On.

Most security tools depend on agent cooperation. Merideon doesn’t. The Edge Router enforces at the Linux kernel level — intercepting DNS before agents see a response, and blocking TLS connections at the packet layer if they try to route around DNS entirely. A compromised agent cannot exfiltrate data if the kernel won’t let it connect.

Kernel DNS intercept — no agent config required nftables redirects all port 53 traffic to BIND9 RPZ. Agents cannot use an external resolver to bypass enforcement.
TLS SNI inspection for IP-bypass attempts nfqueue reads the hostname from TLS ClientHello — hardcoded IP connections are identified and dropped at the packet layer.
Fail-closed — enforcement never has a gap If the enforcement engine restarts, the kernel blocks all new agent connections until it fully restores. No window of exposure.
Explore Edge Router →
Andrew AI

A Network Administrator That Never Sleeps — and Never Acts Without You.

Andrew lives inside the Edge Router. He monitors WAN health, answers questions about your network in plain English, and executes configuration changes — but only after showing you exactly what will happen and receiving your explicit approval. Every single time.

Real-time state awareness Andrew reads live network data before every response — WAN status, agent policies, DNS events, DHCP leases, and firewall state.
Approval-gated writes — non-negotiable Firewall rules, DNS changes, load balancer updates — Andrew shows a detailed card of what will change. No action without your confirmation.
Every action attributed and logged Every conversation, every approval, every config change — written to the immutable audit log and surfaced in the Security Office.
Meet Andrew →
A
Andrew
Edge Router AI
● Online
Show me AnalyticsBot DNS activity today You Andrew AnalyticsBot made 94 DNS queries today. 47 blocked by RPZ. Top blocked: data-exfil.io (23×), pastebin.com (18×). ⚠ 2 SNI bypass attempts blocked at packet layer. Quarantine AnalyticsBot — it's compromised You 🚨 Quarantine Agent — Approval Required • Revoke badge MRD-0003 (AnalyticsBot) • Remove DNS policy from BIND9 RPZ — all traffic blocked • Notify Security Office · CRITICAL alert created 🚨 Quarantine Cancel
Andrew AI

Your network. In plain English. Under your control.

Andrew isn’t a chatbot bolted onto a router. He’s a first-class network operations agent with live access to your firewall, DNS, DHCP, agent policies, and WAN status — answering questions instantly and executing changes only on your explicit approval.

Ask anything about your network — in plain English
Every write shows you exactly what will change before it happens
Every action written to the immutable audit log
Meet Andrew →
<2s
Policy push to enforcement
100%
Write operations approval-gated
0
Enforcement gaps (fail-closed)
15m
Agent workspace integrity checks
Getting Started

From Zero to Governed in One Day

Both appliances deployed, first agent registered and badged, DNS policy enforced at the kernel level — all the same day.

1
Deploy Both Appliances

Spin up two Ubuntu 24.04 VMs. Deploy the Security Office and Edge Router from OVA or APT packages. Connect them. Both appliances are live in under an hour.

2
Register and Credential Your Agents

Use the SO's automated deployment wizard or register manually. Agents are reviewed, badged, and their first behavioral interview runs automatically. Start in Observe mode — nothing blocked yet, everything logged.

3
Enforce, Detect, Respond

When you’re ready, switch to Enforce. DNS violations return NXDOMAIN. TLS bypass attempts are dropped at the packet layer. Alerts surface in real time. Every event is attributed, logged, and visible in the Security Office.

Pricing

Simple, Transparent Pricing

All tiers include both appliances and Andrew AI. Scale your agent count and network reach as you grow.

Starter
$499
per month
Security Office appliance
Up to 10 agent seats
Andrew AI included
30-day audit retention
Custom policies
Get Started
Enterprise
Contact us
custom pricing
Both appliances + custom build
Unlimited agent seats
Custom audit retention
Dedicated SLA support
SSO / SAML
Contact Sales

Ready to secure your AI infrastructure?

Two appliances. Deployed in your environment. Governing your agents from day one.