Aegis

Company

We’re building Aegis the way it should run:
openly, evidence-first, in public.

Aegis is an independent security-infrastructure project for AI agents. We’re building the trust layer we’d want running underneath our own agents — and shipping it before the window closes.
Become a partnerRead the manifesto

Founder

Bingran You

PhD CANDIDATE · UC BERKELEY · AGENT EVALUATION RESEARCH

Bingran builds and benchmarks AI agents at UC Berkeley. He works at the intersection of agent evaluation, deterministic test environments, and applied AI systems. Previous work includes SkillsBench (skill-based agent benchmark), SBTI CLI (offline behavior testing for agents), smolclaw (seeded mock environments) and first-tree (Git-native context layer for agent teams).

Aegis grew out of asking the question: “If I’m going to let an agent operate my computer for hours, what would I want supervising it?”

bingranyou.com·@bingran_bry·github.com/bingran-you·bingran.you@berkeley.edu

Operating principles

How Aegis runs internally — and what that means for partners.

  1. 01

    Evidence over assertion

    We say verifiable, we mean verifiable. Every claim Aegis ships with a reproducer. If we can’t show our work, we don’t ship the claim.

  2. 02

    Open primitives, defensible products

    Attestation schemas, threat catalogs, scoring methodology — all open. Detection models, scaled infrastructure, support — that’s the business. The trust layer is too important for a single vendor to gatekeep.

  3. 03

    Builders, not auditors

    We come from the side that ships agents. We’re building the security layer we wish existed last year. Our customers should feel the difference between a product and a compliance theater.

  4. 04

    Research is a deliverable

    Our threat model, methodology, and benchmark catalog ship publicly. Discovering a new attack class earns the same internal credit as shipping a feature.

Common questions

Is this a company yet?

It’s a research preview. Aegis is being built openly out of UC Berkeley while we calibrate the threat model with early-access partners. Incorporation follows real customer pull, not the other way around.

Who’s on the team?

Day-one work is led by Bingran You — PhD candidate at UC Berkeley, agent evaluation researcher, builder of SkillsBench and SBTI CLI. We’re hiring research-engineering partners who’ve shipped agent infra in the wild.

How is Aegis funded?

Self-funded research preview. We’re open to investors and partners aligned with the open-primitives principle. We’re not optimizing for fundraising velocity.

How does Aegis make money?

Hosted control plane for evidence storage and replay; managed detection models; enterprise support, SOC2 / ISO 42001 evidence packaging; integrations with existing AppSec stacks. Anything that grows the open trust layer is free.

Is Aegis a guardrails framework?

No — see the manifesto. Guardrails sit inside the agent loop. Aegis sits outside. They’re complementary; one doesn’t replace the other.

What is Aegis’ relationship with Endor Labs / Snyk / similar?

Lineage. The reachability-first, evidence-first, developer-first AppSec line is what we’re extending into the agent era. They guard the codebase agents read; we guard the runtime where agents act.

Talk to us

We pick up the phone for security teams running real agents.

Send a note. Tell us what your agents touch, what keeps you up, what evidence your auditor wants. We’ll respond with a proposed first integration in a week.
Join the waitlist← Back to bingran.you