Research Project: This is a free AI research project. No warranties, SLAs, or company associations. Learn more

GA · Brainstorm / MSP

Not RMM with AI features.
An autonomous managed machine.

39 AI agents run inside an OODA loop, gated by ChangeSets, recorded in a tamper-evident evidence chain. Every alert triages itself. Every remediation simulates first. 93% of incidents close auto-heal — the 7% that escalate include the full reasoning chain.

Open dashboardSee the 39 agents →
14:23:41.082ISOLATE_ENDPOINT· ed25519:a83f9b2c…committed14:23:38.917TICKET_TRIAGE· ed25519:8f24c1e9…auto14:23:36.451PATCH_APPLY · cis-1.3.2· ed25519:e74b8a02…committed14:23:33.218CONNECTOR_REFRESH · crowdstrike· ed25519:5d39c041…auto14:23:30.984EVIDENCE_VERIFY · chain head· ed25519:91f0a4bb…verified14:23:27.762DISABLE_ACCOUNT · breach-list match· ed25519:c812d57e…approved14:23:25.451SENTINEL_PROBE · anthropic-api· ed25519:38d4f290…ok14:23:22.108CHANGE_SIM · ROLLBACK_POLICY· ed25519:b51da3c8…dry-run14:23:41.082ISOLATE_ENDPOINT· ed25519:a83f9b2c…committed14:23:38.917TICKET_TRIAGE· ed25519:8f24c1e9…auto14:23:36.451PATCH_APPLY · cis-1.3.2· ed25519:e74b8a02…committed14:23:33.218CONNECTOR_REFRESH · crowdstrike· ed25519:5d39c041…auto14:23:30.984EVIDENCE_VERIFY · chain head· ed25519:91f0a4bb…verified14:23:27.762DISABLE_ACCOUNT · breach-list match· ed25519:c812d57e…approved14:23:25.451SENTINEL_PROBE · anthropic-api· ed25519:38d4f290…ok14:23:22.108CHANGE_SIM · ROLLBACK_POLICY· ed25519:b51da3c8…dry-run

/ 01 — the loop

Six phases. Every signal. No scripts.

Every telemetry event, customer ticket, security alert, and capacity signal enters the same Observe → Orient → Decide → Simulate → Execute → Learn cycle. The brain reasons over context; the policy gate evaluates risk; the executor applies a ChangeSet and signs the evidence record.

Outcomes feed back into the orienter. Patterns compound. The next iteration is sharper than the last — without the operator writing a single playbook.

39

AI agents

31

sentinels

5

BIS subsystems

6

ChangeSet templates

56

CIS safeguards

93%

auto-heal rate

<30s

detect → contain

evidence chain

/ 02 — the roster

39 agents. Three tiers. Every one MCP-exposed.

Core agents drive the OODA loop. BIS agents specialize in business intelligence subsystems. Specialized agents handle domain-specific operations. Each registers capabilities through the platform contract — drive any of them from Claude Code, brainstorm CLI, or the in-product /console.

Orienter

Context assembly from signals + history

Decider

Proposes ChangeSets within policy guardrails

Executor

Applies ChangeSets, signs evidence records

PolicyGate

OPA evaluation, risk tiering, rate limits

EvidenceKeeper

Chain integrity + Merkle verification

Narrator

Human-readable prose for every decision

IncidentLead

Per-tenant incident orchestration

AlertCorrelator

Multi-signal de-duplication + grouping

RunbookCaller

Selects + invokes ChangeSet templates

TenantOps

Tenant lifecycle + entitlement management

FleetSync

Edge agent distribution + posture verification

AuditQuery

Cursor-paginated audit-chain reads

CapabilityRegistry

MCP tool catalog + version management

HealthAggregator

Sentinel-grid roll-up to /status

IdentityGuard

Operator-action attribution + scope

KeyEnvelope

KMS wrap/unwrap + key rotation

RetryQueue

Idempotent retry with exponential backoff

NotificationRouter

Operator paging via channel preferences

ChangeSetSimulator

Dry-run execution producing resource diffs

OperatorConsole

HAI-chat surface + God-mode tool exposure

IdentityExposure

Breached credentials + dark-web monitoring

AttackSurface

CIS benchmark execution + EASM mapping

RiskPropagation

Graph-based blast modeling on incident

InsurancePosture

Carrier questionnaire automation

BYODRisk

Per-endpoint exposure scoring

BackupIntegrity

Snapshot hash verification + restore drills

ComplianceEvidence

Per-framework evidence aggregation

CapacityPlanning

Workload forecast + resource trajectory

vCISOReporting

Quarterly executive posture briefs

PatchOrchestrator

CIS-aligned patch installation

EmailQuarantine

Inbound message classification + pull

HelpdeskTriage

Ticket classification + auto-resolve

RMMConnector

Multi-vendor RMM normalization

EDRAggregator

Cross-EDR alert correlation

LicenseAuditor

SaaS license usage + reclamation

SaaSDiscovery

Shadow-IT detection via OAuth + DNS

NetworkDrift

Per-tenant overlay configuration drift

TenancyBoundary

Continuous RLS boundary verification

ForecastAccuracy

Decision-quality regression on outcomes

/ 03 — the grid

31 sentinels. Always probing.

The sentinel grid is the platform's continuous observability layer. Every vendor connector, every AI provider, every intelligence source, every edge endpoint is probed on a schedule. State rolls up to /status and per-tenant detail surfaces inside the MSP dashboard.

/ 01

Platform

7 sentinels

API health, DB latency, NATS lag, ALB, ECS, Keycloak, KMS envelope.

/ 02

Vendor

8 sentinels

RMM, EDR, IDP, ticketing connectors. Per-vendor probe + sample-call latency.

/ 03

AI

6 sentinels

Anthropic, OpenAI, Google, xAI, Perplexity, Mistral. Hourly known-answer benchmarks.

/ 04

Intelligence

5 sentinels

Threat feeds, CVE bulletins, dark-web monitors, breach databases, ransomware leak sites.

/ 05

Fleet

5 sentinels

Endpoint check-in rates, agent heartbeat, OS update lag, EDR coverage, config drift.

/ 04 — the mutation gate

No destructive op without simulation.

Every mutation flows through the ChangeSet engine. Intent → simulation → diff → policy control → execution → evidence. Rollback is tested before commit. Below: an example ISOLATE_ENDPOINT trace.

01

Intent

Decider proposes one named ChangeSet template with args.

ISOLATE_ENDPOINT { endpoint_id: "e_8a4f", reason: "lateral movement detected" }
02

Simulation

Dry-run returns the exact resource diff.

edr.endpoints[e_8a4f].state: active → quarantined
03

Diff

Blast radius computed against tenant scope.

scope: 1 endpoint · cross-tenant: false · reversible: yes
04

Control

OPA policy gate. Risk tier evaluated. Rate limits checked.

tier: high · autopilot: allow · rate: 3/10 in window
05

Execute

Apply. Sign evidence. Chain into the audit trail.

evidence.id: ev_a83f9b · prev: ev_a83f9a · sig: ed25519:...

/ 05 — the spectrum

Autonomy is tunable, not binary.

Per-tenant autonomy lives on three tiers. Same agents, same evidence chain — different gates on what auto-executes vs what asks the operator first. Move tenants up or down the spectrum as trust accrues; the audit chain captures every change.

/ tier 01

Supervised

Operator approves every action.

Auto-execute

  • ·Read-only queries
  • ·Inventory probes
  • ·Sentinel health checks

Operator review

  • ·Ticket creation
  • ·Endpoint isolation
  • ·Policy changes
  • ·Credential rotation

/ tier 02

Guarded

Low-risk auto. Anything risky escalates.

Auto-execute

  • ·Read-only queries
  • ·Inventory probes
  • ·Ticket triage & enrichment
  • ·Connector token refresh
  • ·Patch installation (CIS-aligned)

Operator review

  • ·Endpoint isolation
  • ·Mass account changes
  • ·Cross-tenant operations

/ tier 03

Autopilot

Policy-granted. Critical actions still gate.

Auto-execute

  • ·Read-only queries
  • ·Inventory probes
  • ·Ticket triage & enrichment
  • ·Connector token refresh
  • ·Patch installation
  • ·Endpoint isolation (ChangeSet)
  • ·ROLLBACK_POLICY (ChangeSet)

Operator review

  • ·Cross-tenant operations
  • ·Identity-system mass changes
  • ·Billing-surface mutations

/ 06 — vs traditional RMM

Different architecture. Not different features.

Reasoning

Traditional RMM

Scripted runbooks. Fixed conditional logic.

Brainstorm MSP

OODA loop on every signal. Brain reasons over context.

Mutation safety

Traditional RMM

Direct execution. Rollback is a recovery procedure.

Brainstorm MSP

ChangeSet simulation first. Rollback is a precondition.

Audit trail

Traditional RMM

Logs exported at audit time. Best-effort retention.

Brainstorm MSP

Evidence chain is the data structure. Replayable from any cut point.

Tenancy

Traditional RMM

API-layer scoping. Cross-tenant bugs possible.

Brainstorm MSP

RLS at the database layer. Cross-tenant architecturally impossible.

Autonomy posture

Traditional RMM

On or off. One global setting.

Brainstorm MSP

Three tiers (supervised, guarded, autopilot). Per-tenant.

/ 07 — operator surfaces

Authenticated. Driveable.

Every operator surface exposes the runtime, evidence chain, and ChangeSet log for that view. Sign in once; drive any tenant.

Dashboard

operator

Live tenant health + agent state.

Agents

operator

Edge fleet, distribution, posture.

Incidents

operator

Alert correlation + ChangeSet trail.

Sentinels

operator

31-sentinel grid, live state.

Clients

operator

Tenant directory + entitlements.

Console

operator

HAI chat + God-mode tools.

Full agent gallery →Sentinel grid →CIS map →Case studies →

Sign in. Drive a tenant.

Pick a demo tenant, trigger an incident, watch the OODA loop close, query the evidence chain. No demo gauntlet — just operate.

Open dashboardStart trial