Agentic Security
Definition. “Agentic” is an overloaded word. At Noxtica it has three distinct, honest meanings — and all three are shipped. This page is the umbrella that ties them together: how the AI Assistant, MCP, Know Your Agent, and the risk-action engine each express one of those meanings.
One thing agentic never means here: software autonomously changing your systems. Noxtica does not mutate your infrastructure. The reads are calibrated and explainable; the actions are policies you write.
The three meanings
1. We operate agentically
There is a built-in AI assistant that helps operators run the console. It works inside the operator session, server-side, with budget caps and audit logging on every action. In Phase 1 its tools are read-only — it can list and summarize your configuration and recent activity, but it does not change anything on its own.
This is “agentic” in the sense of an operator copilot: it helps a human run Noxtica faster, never instead of them. See AI Assistant.
2. You integrate agentically
Noxtica exposes a read-only Model Context Protocol (MCP) server so your own external AI agents can read Noxtica — policies, rules, alerts, risk distribution — over JSON-RPC, using scoped, rate-limited, audited bearer tokens. It is opt-in per tenant.
This is “agentic” in the sense of your agents reading us. The integration is strictly read-only: your agents can see what Noxtica knows, but they cannot write to Noxtica or act through it. See MCP Integration.
3. We police the agentic web
Know Your Agent governs which AI agents and bots you allow or deny per tenant, integrated with Web Bot Auth, and the risk-action engine carries out the policy — challenge, block, or tarpit — based on device risk, agent verdicts, URL patterns, and IP reputation, with shadow mode and a risk-actions dashboard.
This is “agentic” in the sense of defending against the agentic web: as more traffic becomes autonomous software, you need to govern which of it you trust. See Know Your Agent and Browser Security.
How the pieces compose
| Meaning | Component | What it does |
|---|---|---|
| We operate agentically | AI Assistant | An operator copilot inside the console — read-only tools, budget caps, audit. |
| You integrate agentically | MCP | A read-only server so your agents can read Noxtica over JSON-RPC. Opt-in. |
| We police the agentic web | KYA + risk-action engine | Govern which agents you trust; enforce the policy you set. |
Each is distinct. The assistant is how we help you operate. MCP is how your agents read us. KYA is how you govern which agents reach your site. None of them autonomously changes customer systems.
Where we’re headed
Today the scoring engine is static and operator-tuned: operators tune policies and thresholds with full control. Self-calibration and feedback loops are on our roadmap — see Calibration for the forward-looking detail. Everything described above as a present-tense capability is shipped today.
Read deeper
- AI Assistant — the operator copilot, in depth.
- MCP Integration — the read-only integration surface, in depth.
- Know Your Agent — the defensive agent registry.
- Browser Security — the risk-action engine that enforces policy.
- Calibration — calibrated reads, and where the roadmap is headed.