Sielum — AI Agent EDR
Endpoint Detection & Response for AI Agents — visibility and control over every AI coding assistant running in your organization.
What is Sielum?
Sielum is a security management platform that monitors and controls AI agents (Claude Code, Cursor, GitHub Copilot, Amazon Q, ChatGPT) on developer workstations. It gives security and IT teams:
- Visibility — which AI agents are running, which APIs they connect to, which MCP servers they use
- Alerting — policy violations, unknown agents, unauthorized API connections
- Control — enforce allowed/denied tool permissions, block AI API domains via firewall rules
- Compliance — audit log, GDPR data retention, SOC 2 and EU AI Act export reports
Architecture in one diagram
┌─────────────────────────────────────────────────────────────────┐
│ Developer Workstation │
│ │
│ ┌──────────────┐ scan ┌──────────────────────────────┐ │
│ │ AI Agents │ ◄──────── │ Sielum Agent │ │
│ │ Claude Code │ │ (native binary, no Docker) │ │
│ │ Cursor │ └──────────────┬───────────────┘ │
│ │ Copilot │ │ gRPC + mTLS │
│ │ Amazon Q │ │ │
│ └──────────────┘ ▼ │
└────────────────────────────────────────────────────────────────-┘
│
nginx (TLS termination)
│
┌──────────────────▼──────────────────┐
│ Sielum Server │
│ ┌────────────┐ ┌───────────────┐ │
│ │ REST API │ │ gRPC Server │ │
│ └─────┬──────┘ └───────┬�───────┘ │
│ └────────┬─────────┘ │
│ ┌─────▼──────┐ │
│ │ PostgreSQL │ │
│ └────────────┘ │
└─────────────────────────────────────-┘
│
┌────────▼────────┐
│ Dashboard (SPA) │
│ React + Vite │
└─────────────────-┘
Community Edition Quickstart (5 minutes)
1. Clone and generate certificates
git clone <your-repo-url> sielum
cd sielum
bash deploy/certs/gen-dev-certs.sh
2. Configure environment
cp deploy/.env.community.example deploy/.env.community
# Edit deploy/.env.community — set DB_PASSWORD, ADMIN_PASSWORD, JWT_SECRET
3. Start the server stack
cd deploy && docker compose -f docker-compose.community.yml --env-file .env.community up -d
Wait ~10 seconds, then open:
- Dashboard: http://localhost (login:
admin/ yourADMIN_PASSWORD)
4. Build and start the agent
# Build the agent binary
go build -o sielum-agent ./agent/...
# Start with dev config
./sielum-agent start --config deploy/agent-dev.yaml
5. Verify
After ~60 seconds, refresh the dashboard. You should see:
- Your workstation listed under Endpoints
- Detected AI agents under Agents
- Active API connections under Connections
Supported AI Clients
| Client | Detection | Config Monitoring | MCP Servers | Enforcement |
|---|---|---|---|---|
| Claude Code | ✅ | ✅ ~/.claude/settings.json | ✅ | ✅ |
| Cursor | ✅ | ✅ .cursor/mcp.json | ✅ | Stub |
| GitHub Copilot | ✅ | ✅ hosts.json | — | Stub |
| Amazon Q | ✅ | ✅ SSO token cache | — | Stub |
| ChatGPT Desktop | ✅ | Process-based | — | Stub |
Community Edition limits
The Community Edition is free and self-hosted. It supports up to 5 monitored endpoints and uses local username/password authentication.
For larger deployments, multi-tenant use, or SSO integration, see Sielum Enterprise.