TapPass
Request beta access
PRIVATE BETA 4 of 8 seats open · Request access →

The agent trust network starts with visibility.

TapPass is the runtime governance layer that turns every AI agent call into a classified, scoped, auditable action. So risk, legal and the board can finally trust what's in production.

Start for free Join the private beta
14h agoPII
sales-outreach tried to enrich a customer record with an external API
claude-opus-4 · 3rd attempt today
SlackOps
"Who owns hiring-screener? It's shortlisting on gender-correlated features."
#ai-risk · posted 2m ago
Audit requestDPO
"Can you produce the full log of every agent that saw client X's data in Q1?"
Regulator · reply by Friday
AlertPrompt injection
support-triage executed a tool call it shouldn't have access to
GPT-4o · 08:41
FinanceApproval
Refund of €8,200 auto-issued without human sign-off
finance-approver · yesterday
BoardQ1 review
"Who actually owns AI risk this quarter?"
CRO → CISO → ?
eu.tappass.ai / agents
Agents

12 agents · 4,812 requests · 94 blocked

Live
AgentTierTraffic 24hStatus
support-triageclaude-sonnet · customer ops
Tier 1Healthy
hiring-screenergpt-4o · people
Tier 32 held
sales-outreachclaude-opus · sales
Tier 2Blocked
contract-reviewermistral-large · legal
Tier 2Healthy

The business risk of ungoverned AI isn't theoretical.

1 in 3
AI pilots stall before production, blocked by legal, risk or brand teams who can't sign off on what they can't see
8 weeks
Typical delay before a working copilot reaches customers once a single sensitive-data incident is raised
€40M+
Deal size lost when enterprise buyers ask for an AI governance artifact you can't produce on time

Your team is chasing AI incidents your platform should already be handling. That ends now.

Every Slack thread, every panicked audit request, every manual log-pull. All of it is work TapPass was built to run. Inline, every call, no heroics.

Sofia H.
DPO9d ago
Re: Missing audit log
Still waiting on the full log of every agent that touched a specific case. Could someone please pull this before Friday?
Marco F.
Head of Legal8d agoURGENT
Hiring AI: bias concern
Legal flagged that the hiring-screener auto-ranks on a feature we can't justify under the AI Act. What's our rollback plan?
Ingrid R.
Head of AI RiskSlack · 14:36
#ai-risk
Who owns agent sales-outreach? Customer data just ended up in an external enrichment call. It has been sitting like that for 3 weeks.
Dimitri K.
Compliance lead6d ago
Fwd: Regulator reply
Sorry to bother again. The AP needs breach-notification evidence by Friday or they will escalate under Art. 33.
Laurence N.
Platform lead2d ago
Re: Onboarding agent
Could you please verify this agent has the right capability scope before it goes into production?
2 days overdue
Reminder
Call back Audit prep · regulator response
snooze·dismiss
Anna L.
Board chair1d agoBoard
Quarterly AI review
Can someone tell me, in one slide, every AI agent running in production and who is accountable for each one?
Olivia M.
CISOjust now
Re: Go-live decision for copilot v2
Can we actually trust this? Can it go live? I need a one-line answer and the evidence behind it before I sign the board memo.
Principles

Three commitments that make AI governance actually work.

01

Governance, not dashboards.

Every agent call is classified, scoped and enforced in-flight, not reviewed in a weekly report a week too late.

Inlineevery requestUnder 30msmedian added
02

Built for risk & compliance.

Policy is authored by the people regulators actually call. No engineering tickets. No waiting for a platform roadmap.

No-codepolicy editorFour rolesbuilt in
03

Evidence, on demand.

Every call leaves a signed, replayable trail. Breach notification, audit pack, regulator response: generated in minutes.

72-hourGDPR clockHash-chainedtamper evident
The layer in between

Your core systems store logs.
TapPass runs the governance.

Your SIEM, data warehouse and model providers are built to store.

Not to classify every prompt in-flight, enforce policy inline, scope identities, or stand up a regulator-ready breach response in 72 hours.

  • Risk & compliance teams define policy, no IT tickets
  • AI classifies every request and collects the missing evidence
  • Every agent call is logged, scoped and tamper-evident
  • Connects to your stack via one base URL and your SSO

Your systems stay the source of truth. TapPass runs governance on top, so your team no longer has to.

Agents & copilots
OpenAI · Anthropic · Mistral · Bedrock
12 in prod
TapPass governance layer
Monitor · Detect · Enforce · Harden · Respond
< 30ms
Audit record sealed
ClassifyScopeEnforceSeal
Your systems of record
SIEM · Data warehouse · CRM · SSO
Synced
Features

Everything you need to govern AI agents in a regulated enterprise.

Built around one governance layer. Configurable by risk & compliance. Powerful enough for the most sensitive agent workflows.

INC-2847Blocked
Agentsales-outreach
ClassifierPII · 0.88
OwnerCompliance lead
Evidencepayload hash · classifier trace
INC-2848Resolved
Agenthiring-screener
ClassifierBias · 0.71
OwnerDPO

Messy agent traffic → clean governed cases

Every request and response becomes a structured, owned case. Classifier scores, payload hashes, and decision trails are attached automatically. The case is ready to move forward, or be defended to an auditor.

Customer PII
0.88
Credential
0.72
Cross-client
0.64
Jailbreak
0.07

Data is automatically detected in every call

AI reads every prompt, tool call and response. PII, credentials, cross-client data and jailbreaks. Scored, logged and routed in real time.

No PII leaves the perimeterscope: all
Block
Hiring needs a humanEU AI Act Art. 14
Hold
Redact IBAN & IDsbefore log
Redact

Enforce what's missing

TapPass automatically requests human approvals, redacts sensitive fields, and blocks risky calls. Plain-language rules, shipped like code.

Read CVs
Call GPT-4o
Send emails
External APIs

See what each agent can (and can't) do

Scope identity, not credentials. Know exactly which tools, data and destinations each agent is authorised to reach, at a glance.

OpenINC-2847 · GDPR 3314h left
Blocked at gateway13:42
Notification drafted13:42
3DPO review & send···

When the clock starts, we run it

Every incident drafts its own regulator-ready filing: logs, classifier scores, evidence packaged. A human reviews and sends.

Ingrid R.
Head of AI Risk
CISO · 12 agents
OK
Dimitri K.
Compliance lead
VP Plat · 4 agents
Review
Marco F.
Head of Legal
AI Risk · 7 agents
OK

Route the work, to the owner

Every agent has an owner. Every incident has an escalation path. Every signal lands in Slack or Outlook, not another dashboard.

sandboxclaude code on jane's mac
WRITE/etc/hostsblocked
EXECrm rf ~/Documentsblocked
WRITE./out/report.jsonallowed
NETapi.stripe.comapprove

Local sandbox for coding agents

Every shell, file and network call your coding agent makes on the workstation runs through a per repo policy. Block destructive commands, require approval for outbound calls, keep credentials out of reach.

MCP server · tools exposed
read_customergovernedscope: tenant only, PII redacted on return
search_kbgovernedrate limited, query logged
refund_orderholdrequires human approval above €500
exec_shellblockdenied by policy, not in declared scope

MCP governance for every exposed tool

Agents expose capabilities to LLMs through MCP servers. TapPass sits at the MCP boundary, inspects every tool call, applies scope, redacts returns and writes the decision into the same audit trail as the rest of your agents.

Use cases

Built for the industries AI actually lives in.

Start with one team and one agent. Launch in weeks, not quarters. Expand as you grow.

Financial services

Inline governance for copilots in banking and insurance.

From first customer interaction to approval. Audit every tool call, protect PII before it leaves the perimeter, and stay DORA-ready.

refund approvalsKYC copilotsclaims triage
claims-copilot
TierTier 2
Today1,208 calls
Blocked11 · PII
DORAAligned
Healthcare

Keep patient data where it belongs. Govern every clinical assistant.

Classify PHI in-flight, enforce scope of use, and produce a defensible audit trail for every clinical agent.

clinical triageadmin copilotsPHI redaction
triage-assist
TierTier 3
PHIRedacted · 98%
ConsentPer-call
AuditSealed · EU
Public sector

AI Act readiness without an 18-month programme.

Map agents to the Act's high-risk categories, apply the right controls automatically, and export the compliance pack your auditor expects.

citizen intakegrant scoringhigh-risk mapping
intake-bot
Risk classHigh
Art. 14Human reviewer
Art. 12Auto-log
EvidenceExportable
Legal & professional services

Prove every AI action. Preserve privilege.

Keep privileged content out of third-party models, scope agent access by matter, and maintain a signed, tamper-evident log.

contract diffmatter scopingprivilege guard
contract-diff
MatterScoped
PrivilegeGuarded
Calls312 today
StatusHealthy
Integrations

One layer between your agents and everything they touch.

Plug into the model providers, frameworks and systems your teams already use. No rip-and-replace.

Model providers
OpenAI
Anthropic
Gemini
Mistral
Bedrock
Vertex AI
Groq
Cohere
Agent frameworks & coding agents
LangChain
LlamaIndex
CrewAI
AutoGen
Pydantic AI
Claude Code
Cursor
Haystack
SDKs for Python, TypeScript and Go · See integration docs →
Private beta · invite-only

TapPass is in private beta. Get the first build, not a waitlist email.

We're running a small, hands-on beta with risk, legal and platform teams in banking, insurance and healthcare. No pretend customer quotes. If you're piloting AI agents in production, we'd rather get you on the product.

  • 1
    Weekly build, direct to younew features and policy packs every Friday, shaped by this cohort
  • 2
    Shared Slack with engineeringyour DPO, risk and platform lead in the same room as the team building it
  • 3
    Two-week integration, your EU regionno roadmap tickets, no rip-and-replace. We deploy where you deploy
  • 4
    Locked pricing through GAbeta pricing grandfathered, named support, priority on the public launch
Beta cohort 4/8 seats filled

EU-only cohort · no marketing email · we'll reply within 48h from jens@tappass.ai.

Designed for European risk teams

Built in Europe, shaped by the frameworks your DPO already reads.

Every control below is built against the articles your risk, legal and audit teams live with, so the evidence your agents produce lines up with the documents your regulator expects.

GDPR
Breach response, drafted for humans
Incidents build a notification draft, classifier trace and evidence bundle, shaped against Article 33 and refined with the beta cohort. Your DPO still signs off.
EU AI Act
Controls mapped to the articles
Policies line up with Articles 9, 12, 14 and 17 so the artefacts you configure speak the language your auditor expects. Full high-risk pack lands with GA.
NIS2 · DORA
Sealed audit, scoped identity
Hash-chained logs and per agent capability scoping are live today. ICT third-party reporting lands with GA, shaped by this cohort.
EU deployment
Private, set up with you
Designed to run inside your EU region. Beta cohort deployments are hands-on with our team; self-serve lands with GA.

From first agent in production to governance that runs itself.

Start with one agent. Launch in weeks, not quarters. See the difference. Expand as you grow.

Start for free Talk to the team