Runtime trust for healthcare AI agents

Sign every action your AI agents take.

nxthreat is the runtime control plane between your AI agents and the systems they touch. Operation-level policy, FHIR-aware scope, cryptographic evidence for every action. Built for HIPAA, designed for OCR audits.

Book a demo See how it works

signed receiptverified

{
  "receipt_id": "rcpt_01JZ9Q7E5P5Z3N2QH9VY0K2T",
  "tenant_id": "sharp-demo",
  "agent_id": "agent_prior_auth_014",
  "action": "fhir.Patient.read",
  "fhir_scope": "Patient/*.read where encounter.active=true",
  "decision": "admit",
  "signature": {
    "keyId": "arn:aws:kms:us-east-1:000000000000:key/7f0f1c62-8f43-4a2b-9b1c-0b5b2e8f1a42",
    "algo": "ECDSA_SHA_256",
    "signature": "MEUCIHvMDEqNYXzgAXSnVj5mMG1LRq7qvfd4Q6uAiEAu3S..."
  },
  "ts": "2026-05-19T14:32:08Z"
}

Auditors verify the evidence chain without production AWS access. Your team hands over the signed receipts, not a spreadsheet rebuilt after the fact.

AI agent infrastructure is shipping faster than its security stack.

30+ MCP CVEs in 60 days

MCP moved from developer convenience to active attack surface. Tool poisoning, schema substitution, and command execution now show up in public advisories.

Vulnerable MCP Project

43% command execution exposure

Public MCP audits reported command execution paths across a large share of reachable servers. Agents inherit the blast radius of the tools they call.

MCP audit

OCR pressure is rising

HHS OCR proposed major Security Rule updates in 2025, including new expectations around AI, MFA, encryption, and technology asset inventories.

HHS OCR

Your existing security stack does not see any of this.

One control plane. Five components. Every action signed.

Agent client

EHR / FHIR / MCP

SIEM / auditor

nxthreat runtime control plane

Identity broker

Schema registry

Policy engine

Injection guard

Receipt ledger

data plane

audit plane

Identity broker

Per-agent workload identity. No more agents acting under a user's bearer token.

Schema registry

Cryptographically pinned tool definitions. Tool poisoning becomes a rejected request and a signed receipt.

Policy engine

FHIR-aware operation-level scope. Minimum-necessary, enforced per call, not per role.

Injection guard

Indirect prompt injection detection on tool output. Before the agent acts on it.

Receipt ledger

KMS-signed, append-only, OCR-ready. Every admitted action provable forever.

When OCR asks what your AI did, you'll have an answer.

nxthreat assembles signed receipts into evidence packs scoped to date range, tenant, agent, and FHIR resource type. The artifact you hand your compliance officer is the artifact they hand the regulator.

See the HIPAA mapping

EVIDENCE PACK

AI Agent Activity Attestation

Audit Period: 2026-04-01 - 2026-04-30
Tenant: midwest-health
Agents Covered: 14
FHIR Resources Touched: Patient, Observation, Claim
Receipt Count: 182,401
Signing Authority: AWS KMS tenant key

Receipt chain verified. 0 signature gaps.

Who this is for

Healthcare orgs running clinical documentation, prior auth, intake, or discharge automation against an EHR.

Healthcare AI vendors who need to ship a BAA without taking the compliance risk themselves.

Health plans and PBMs running agents against claims, eligibility, and member data.

Deploy AI agents like you mean it.

30-minute technical walkthrough. We bring the threat model, you bring your deployment.

Book a demo