Overview
Netzilo AgentCore Demo
Netzilo is in action protecting publicly exposed AI agents running in AWS Bedrock AgentCore
Netzilo AgentCore Demo

Product video
Overview Netzilo is the runtime security and governance plane for the agentic workforce. As enterprises deploy AI agents on Amazon Bedrock AgentCore and connect them to tools over MCP and A2A, those agents gain the ability to read files, call APIs, move data, and act across systems at machine speed, largely invisible to a security stack built for human users. Guardrails supervise what a model says; Netzilo governs what an agent does. It gives security and platform teams the visibility, control, and evidence to adopt agentic AI safely.
How it works AI Detection & Response (AIDR) records every action every agent takes: tool and skill calls, file reads, network requests, LLM calls, and process activity, as a live, queryable Behavior Graph. Deterministic, human-readable policies (Governance-as-Code) query that graph at runtime to correlate the multi-step chains that single-event tools miss. Three engines work together: a Static Scanner (PII, secrets, known-bad patterns), a Behavior Scanner (graph-aware detection of prompt injection, tool poisoning, privilege escalation, and data exfiltration), and a Kill-Switch that isolates or terminates a compromised agent in under a second, with no human in the millisecond loop.
Key capabilities See - discover shadow AI, unmanaged MCP servers, and agent activity across your environment Detect - catch prompt injection, tool poisoning, and multi-stage exfiltration chains in real time Stop - enforce deterministic policy and kill-switch response at the tool-call level Prove - stream enriched, correlated events to your SIEM and security data lake for audit-ready evidence
Built for AWS AIDR runs inline with Amazon Bedrock AgentCore agents and the MCP servers they call, inspecting and governing every action before it leaves your VPC. It streams enriched events (OpenTelemetry / OCSF) to your SIEM and Amazon Security Lake, authenticates against your identity provider (Okta, Entra ID), and can run fully self-hosted in your AWS account or as a managed service, with no enterprise data routed through third-party infrastructure. Deploy agentlessly via an agent plugin or browser extension in minutes, or with the Netzilo Client for OS-level and arbitrary-agent coverage.
Who it's for Security, platform, and AI teams standardizing agentic AI on AWS, especially regulated enterprises in financial services, healthcare, and technology that need runtime governance, audit-ready evidence, and assurance that autonomous agents stay within policy.
Highlights
- Runtime AI agent security - govern what your AI agents do (tool calls, data, network) across Amazon Bedrock AgentCore and MCP, not just what the model says.
- Real-time threat detection & response - stop prompt injection, tool poisoning, and data exfiltration in under a second, with runtime AI governance built in.
- See every AI agent in your environment. Netzilo AIDR builds a live Behavior Graph of what each agent actually does - tool calls, file access, MCP calls, and network activity across Amazon Bedrock AgentCore - surfacing the shadow AI and unmanaged MCP servers that traditional AI agent security tools never see.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/month |
|---|---|---|
500 users | 500 users subscription | $5,000.00 |
1000 users | 1000 users subscription | $8,000.00 |
Vendor refund policy
All fees are non-refundable except as expressly provided in the Netzilo Terms of Service. On early termination for cause, or where Netzilo is legally required to terminate, prepaid fees are refunded on a pro-rata basis for the remainder of the paid term. Plan changes are prorated at the next billing period. For AWS Marketplace purchases, billing and any eligible refunds are processed through AWS Marketplace
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Netzilo CloudFormation
Netzilo self-hosted server - one-instance deployment. This template stands up a full Netzilo ZTNA stack (management, signal, dashboard, Zitadel identity provider, coturn TURN/STUN, PostgreSQL, and Caddy for automatic TLS) on a single EC2 instance running Ubuntu 22.04 LTS. On first boot the instance pulls the Netzilo container images, provisions your admin account, and obtains a Let's Encrypt certificate for your domain. Prerequisites - complete these before launching: Elastic IP - allocate one in this region (EC2 > Elastic IPs > Allocate) and note its allocation ID (eipalloc-...). The stack associates it with the instance. DNS - create an A record for your domain pointing at that Elastic IP before launching, so Let's Encrypt succeeds on first boot. Network - have a VPC and a public subnet (auto-assigns public IPs / routed to an internet gateway) to launch into. You provide at launch: your domain (FQDN), the Elastic IP allocation ID, admin first/last name, email, and password, and the VPC/subnet. After the stack completes, first-boot provisioning takes a few more minutes; then sign in at https://. Admin credentials are also stored in SSM Parameter Store (see the stack Outputs).
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Netzilo 4.3.361 with AI Edge
Additional details
Usage instructions
Netzilo Server - Usage Instructions
1. Before launching
- Allocate an Elastic IP in this region (EC2 > Elastic IPs > Allocate); note its allocation ID (eipalloc-...).
- Point your domain at that IP - create a DNS A record for your FQDN (e.g. vpn.example.com) > the Elastic IP. Do this before launch so Let's Encrypt succeeds on first boot.
- Have a VPC and a public subnet (auto-assign public IP / internet gateway) to launch into.
2. Launch the stack
Launch via AWS Marketplace (the AMI ID is filled in automatically) and set the CloudFormation parameters:
- Domain (FQDN) - must already resolve to your Elastic IP
- Elastic IP allocation ID - the eipalloc-... from step 1
- Admin email - the initial administrator login
- Admin first / last name - shown in the UI
- Admin password - 12+ chars incl. uppercase, lowercase, number, and symbol
- Instance type - t3.large fits most deployments
- VPC / Public subnet - select from the dropdowns
- Allowed admin CIDR - restrict dashboard/SSH to your range (default 0.0.0.0/0)
- Database mode - container (PostgreSQL on the instance) or external (Amazon RDS)
Acknowledge the IAM checkbox and create the stack.
3. First boot
At CREATE_COMPLETE, the instance provisions itself - pulling images, creating your admin account, and obtaining the Let's Encrypt certificate. Allow a few minutes after the stack finishes.
4. Access
Open CloudFormation > Outputs:
- DashboardURL - https://<your-domain>; sign in with your admin email and password.
- AdminCredentialsConsoleLink - credentials, also stored in SSM Parameter Store.
- SessionManagerCommand - open a shell via SSM Session Manager (no SSH key needed).
5. Administration
- Shell: use SessionManagerCommand (aws ssm start-session --target <instance-id>), or SSH if you supplied a key pair.
- App & logs: under /opt/netzilo; runs as a Docker Compose stack.
Notes
- DNS must resolve to the Elastic IP before launch; otherwise certificate issuance fails - fix DNS and reboot to retry.
- Ports 80/443 and the TURN/STUN relay ports must be reachable (opened by the stack's security group, restricted to your admin CIDR where applicable).
- Ubuntu 22.04 LTS, single instance. For production resilience, back up the EBS volume or use external database mode with RDS.
Resources
Vendor resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.