TAKING THE STING OUT OF AI

AI Governed.
Critical AI Control by you.

AgentBee is the human-in-the-loop hardware key that protects your most critical functions when AI agents Act or are making Agent Payments. Works with every major AI platform — Claude, OpenAI, Qwen and any MCP client.

Reserve your AgentBeeHow it works
WORKS WITHClaude/OpenAI/Qwen/Any MCP client
Hardware-rooted key 1.47" colour LCD Cryptographically signed

Uses Agent Skills “Protect all my write operations with AgentBee long press”

AgentBee hardware keyAgentBee mascot
AgentBee screenshot 1
AgentBee screenshot 2
AgentBee screenshot 3
AgentBee screenshot 4

// WHY YOU NEED THIS

The agent decided.
No human stopped it in time.

Replit, July 2025

AI Incident Database #1152

AI coding agent deleted a live production database during an explicit code freeze. Records for over 1,200 companies and executives were destroyed.

  • Ignored "no action without human approval"
  • Fabricated data and misreported recovery
  • Ran unauthorized commands autonomously
Fortune/The Register

MCP CVEs

Remote code execution

The Model Context Protocol — the backbone connecting AI agents to tools — has shipped critical security flaws enabling remote code execution.

CVE-2025-6514

mcp-remote RCE vulnerability

CVE-2025-49596

MCP Inspector vulnerability

The common thread is simple and dangerous: the agent decided, and no human could stop it in time. Software permissions and polite prompts don't help — a model can ignore them, as Replit's did.

AgentBee makes the high-stakes moment physical

Before money moves, data is deleted, code ships, or a secret is used, the action stops at a key in your hand and waits for your tap. The agent literally cannot proceed without it — and every approval leaves a signed receipt proving who approved it.

EVERY CLAIM IS SOURCED AND ACCURATE

Replit incident sourced from Fortune, The Register, and AI Incident Database #1152
MCP CVEs from public breach disclosures
Macro photo of a honey bee

// WHAT IS AGENTBEE

A worker bee for your digital hive — Your final say in every critical AI decision.

AgentBee is a pocket-sized hardware key that sits between you and the AI agents acting on your behalf. Every high-stakes action — a database write, a payment, a signed contract — pauses for you to physically tap, review on the on-device LCD, and approve.

MCP-native. Works with any MCP client. Proven today: on-device ECDSA P-256 signing, a USB approval ceremony, and an MCP server that passes a real client.

No phishing surface. No silent agent drift. No autonomous spend. Just cryptographic, hardware-rooted consent for the agentic age.

Claude
Action Approved
Database
Update Approved
Payment
£4 Approved

// HOW TO USE

Plug in. Approve. You're in control.

One-line setup

Plug AgentBee into your computer over USB and add one line to your AI tool's config — it works with Claude, OpenAI, Qwen or any MCP-compatible assistant.

AgentBee human in the loop authorisation

Whenever your AI tries to do something that matters — move money, delete data, deploy code, send files, or use a secret — AgentBee lights up and shows the exact action on its screen.

Approve or block, in your hand

A quick tap for routine actions, a deliberate hold for the critical ones (L4). Approved actions go ahead with a signed receipt you can keep as proof; anything you don't approve simply never happens.

Nothing leaves the device

No accounts, no cloud, no setup beyond plugging it in — the key works on its own, and nothing ever leaves the device.

// HUMAN IN THE LOOP

The loop closes at your fingertip.

Autonomy is great — until it isn't. AgentBee keeps you in command of the decisions that matter.

Physical Consent

Every critical agent action requires a physical tap on AgentBee. AI proposes, you dispose.

On-Device Review

Action summaries render on the on-device LCD. What you see is what gets signed. No spoofing.

Cryptographic Trail

Each approval is hardware-signed. A tamper-evident receipt of every decision your agents make.

Agent Payments

Every payment pauses for your approval, with a signed receipt. Per-transaction and daily limits are on the roadmap.

// STANDARDS & REGULATION

Built on open standards. Mapped to law.

AgentBee is built on the open standards and maps to the regulations that govern AI oversight, audit, and operational resilience.

EU AI Act — Article 14 (Human oversight)

High-risk AI systems must allow a human to intervene and override. AgentBee is that control, in hardware.

EU AI Act — Article 12 (Record-keeping)

High-risk AI must keep automatic, tamper-evident logs. Every AgentBee approval is a signed, payload-bound receipt — the evidence those logs require.

OWASP — open standards we build on and contribute to

OWASP MCP Security Cheat Sheet — Section 7, Message-Level Integrity. AgentBee implements per-message cryptographic signing exactly as this section describes.

cheatsheetseries.owasp.org/cheatsheets/MCP_Security_Cheat_Sheet.html

OWASP AISVS (AI Security Verification Standard) — AgentBee maps to:

  • C14 Human Oversight & Trust — the core of what AgentBee enforces
  • C10 MCP Security — AgentBee is MCP-native
  • C13 Monitoring & Logging — signed approval receipts as audit evidence
  • C05 Access Control & Identity — agent identity + action authorization

IETF — the open protocol underneath

ATTP: Agent Trust Transport Protocol (Internet-Draft draft-sharif-attp-agent-trust-transport-00, R. Sharif, CyberSecAI) — cryptographic agent identity, mandatory message signing, trust-level evaluation and tamper-evident audit at the transport layer.

AgentBee is the hardware human-approval binding for this protocol.

datatracker.ietf.org/doc/draft-sharif-attp-agent-trust-transport/

DORA (EU financial sector) — supporting

The Digital Operational Resilience Act requires financial entities to maintain ICT governance, oversight of critical operations, and auditable records. For institutions deploying AI agents in payment or trading flows, AgentBee's human-in-the-loop control and signed approval receipts support those audit and governance obligations. (DORA is sector-specific and not AI-agent-specific — AgentBee is a supporting control, not a DORA mandate.)

// SECURITY

By design, nothing to leak.

The safest secret is one that never exists outside the hardware that created it.

The private key never leaves the device

Generated on the hardware. Never transmitted over USB, Bluetooth, or to any cloud.

No cloud. No key escrow. No recovery.

There is no copy of your key anywhere else — by design. Nothing to breach, nothing to leak.

Hardware-rooted, non-extractable key

The key is generated on the chip and locked with Flash Encryption and Secure Boot v2 when you set up the device. It cannot be read out over USB, over JTAG, or by the firmware itself. The chip signs internally and only signatures come out. Same protection class as a Trezor One.

Public key is meant to be shared

Anyone can use the public key to verify a receipt is genuine — but it can never be used to forge one or to derive the private key. Recovering it is harmless.

Every approval is a verifiable receipt

Self-contained, tamper-evident, replay-resistant — and provable offline with the public key alone.

// HOW IT WORKS

Three steps from intent to trust.

01

Agent proposes

Your AI agent prepares an action — payment, DB write, message send. MCP-native, works with any MCP client.

02

USB approval ceremony

AgentBee lights up via USB, renders the action on its LCD, and waits for your physical tap.

03

On-device ECDSA sign

You tap to approve. The key performs on-device ECDSA P-256 signing. The hardware-rooted signature unlocks the action.

Be first to hold AgentBee key

Join the AgentBee early access list. Limited first-run hardware shipping to founders, developers and security teams.

Reserve via email — contact@agentisgn.dev

Opens your email client