Arcane
Roadmap

What we're building.

We ship with speed & thought, then work with users to build out what they care about most.

Shipped

What design partners can use today

  • Composite identity binding (user · agent · workload)
  • Task-bound credential issuance
  • Inline policy evaluation via SDK or transparent proxy
  • MCP-aware proxy enforcement for tool servers and internal APIs
  • Policy proposal queue from observed agent traffic
  • Self-evolving policies with human approval before promotion
  • Signed, chained decision log
Iterating

What we're hardening with design partners

  • Evidence export packs for audit and security review
  • Control-specific evidence mapping for SOC 2, ISO 27001, and internal reviews
  • Reviewer workflows for accepting, editing, and rejecting proposed policies
  • Deployment playbooks for VPC-native and self-hosted environments
Later

What moves up as demand becomes clear

  • Self-serve workspace setup for smaller teams and developers
  • Public SDK packaging and examples
  • Expanded policy templates for common agent stacks
  • Richer integrations with SIEM, ticketing, and GRC systems
  • Third-party security audit
  • Self-hosted control plane GA