Secure every AI agent, MCP server, and tool your developers run.
Shomra discovers, scans, and governs the AI agents, MCP servers, and AI tools spreading across your developers and your stack — from the endpoint, to the runtime, to the model — so shadow AI, leaked keys, and prompt-injection never reach production.
No credit card · Install in 60 seconds
$ shomra report ✓ Discovered 8 AI assets across 4 sources ● files-pro FAIL run-shell + leaked GitHub token ● .cursorrules FAIL prompt injection + Stripe key ● added expresss CRIT known-malicious package ● shadow-gpt-key HIGH undeclared OpenAI key in env 3 critical · 2 high — view at shomra dashboard
One platform, the entire AI attack surface
From the developer's laptop to the model and back — every layer an AI agent touches, covered by one governed pipeline.
Best-practice policy, applied in one click
Don't author rules from a blank page. Start from a curated, framework-aligned pack — every rule lands in Monitor mode so you watch the hits before you enforce.
Broad coverage of the OWASP Top 10 for LLM applications.
Stop live keys leaking through prompts, machines, and installs.
Catch injection at the gateway, in tools, and at install.
A safe default posture for every governed MCP server.
Keep personal and sensitive data out of prompts and endpoints.
Lock down what autonomous agents can do at runtime.
Live in minutes, governed for good
Every AI asset in your org flows through the same four-stage pipeline — discovered on the endpoint, scanned in a sandbox, gated before install, and governed at runtime.
Drop one command into your dev environment. The endpoint agent inventories every AI asset and key on the machine — no manual mapping.
A single dashboard scores your AI attack surface, ranks the riskiest findings, and shows exactly where shadow AI and leaked secrets live.
Approve safe servers, block the rest, and let the Dev Gate and runtime firewall screen every install and every tool call — before they ever execute.
From zero to governed in five commands
Sign up free, then copy your dgx_live_… key from the dashboard.
# Sign up at shomra.dev, then copy your key
export SHOMRA_KEY=dgx_live_XXXXXXXXXXXXXXXXXXXXXXXXOne npm install, one init command. The agent enrolls this machine into your org.
npm install -g @shomra/agent
shomra init --key dgx_live_…
✓ Enrolled this machine into your orgScan the machine and print a posture report — MCP servers, rules files, model keys, all of it.
shomra scan
shomra report
✓ 4 assets analyzed — 1 high-severity findingRun the Dev Gate on any file, folder, or the whole machine.
shomra gate .mcp.json
BLOCK · risk 100/100 · leaked AWS key
shomra gate --all --strictHook the local agent runtime and start the LLM guard proxy.
shomra install-hook
✓ Installed the Shomra runtime firewall
shomra llm-proxy --port 4141Start free, scale when you're ready
Every plan includes the endpoint agent, sandboxed scans and the runtime firewall.
For individual developers securing their own AI stack.
- 1 developer
- Endpoint agent on 1 laptop
- 100 MCP / tool scans / month
- Public MCP registry lookups
- Community Slack support
billed annually · 5 dev minimum
For engineering teams putting guardrails around AI adoption.
- Up to 25 developers
- Unlimited MCP & agent scans
- Runtime firewall (10M tokens / mo)
- GitHub / GitLab + IDE integrations
- AI remediation → pull request
- Email support · 1 business day
billed annually · 25 dev minimum
For security teams governing AI across the whole org.
- Unlimited developers & servers
- Runtime firewall (100M tokens / mo)
- SSO / SAML + SCIM provisioning
- Custom policies & role-based access
- SOC 2 report + audit log export
- Priority support · 4h response SLA
For regulated orgs with self-hosted or air-gapped needs.
- Self-hosted / VPC / air-gapped
- Unlimited tokens & scans
- Custom DPA, MSA & security review
- Dedicated CSM + Slack Connect
- 24/7 support with 1h P1 SLA
Prices in USD. No credit card to start.
Get your AI attack surface under control
Discover the shadow AI you can't see, scan the servers you depend on, and govern every agent — in one place.