How Tyr compares
At-a-glance
| Tyr | NemoClaw | Guardian Shell | AgentSight | Falco / Tetragon | |
|---|---|---|---|---|---|
| Kernel-level enforcement (eBPF) | ✅ | ❌ | ❌ | ❌ | ✅ |
| AI-agent semantic layer | ✅ | ✅ | ✅ | ✅ | ❌ |
| TLS / LLM traffic inspection | ✅ | ❌ | ❌ | ✅ | ❌ |
| Multi-environment (laptop + server) | ✅ | ❌ | ❌ | ❌ | ✅ |
| Centralized control plane | ✅ | ❌ | ❌ | ❌ | ✅ |
| Hot-reloadable policies fleet-wide | ✅ | ❌ | ❌ | ❌ | ✅ |
| Open source | ✅ | ❌ | ✅ | ✅ | ✅ |
Category notes
AI-agent observers (NemoClaw, AgentSight, Guardian Shell)
These focus on semantic layers: parsing LLM requests, tracking agent state, sometimes adding approval flows at the SDK level. They’re valuable for LLM-call instrumentation, but:
- They live in userspace — a
subprocess.Popen("curl …")is invisible to them. - Most target a single runtime (Python, Node).
- None provide kernel-level enforcement.
Tyr complements them rather than replaces them. You can run NemoClaw-style inspection and Tyr enforcement.
General runtime security (Falco, Tetragon)
Built for cloud-native workload protection. They’re excellent at:
- Detecting shell spawns in containers, suspicious file access, privilege escalation.
- Running as Kubernetes DaemonSets.
But they have no AI-agent awareness — no concept of “this process is Cursor”, no LLM SNI tagging, no per-agent-type policies.
Tyr borrows Tetragon’s eBPF + LSM approach and adds:
- AI process fingerprinting (executable, cmdline, TLS SNI).
- Cedar policy engine with per-agent-type overlays.
- Opinionated LLM traffic capture.
- A web UI + CLI built for AI-agent ops.
Policy-as-code (OPA, Cedar standalone)
Cedar itself is the policy engine Tyr uses. Tyr wraps it with:
- A YAML authoring layer so operators don’t have to write Cedar directly.
- A central store, versioning, diff, rollback, assignment model.
- Kernel bindings: YAML path rules compile to eBPF map entries for in-kernel checks.
When not to use Tyr
- macOS-only hosts today — the agent is Linux-only until the EndpointSecurity port ships.
- You need per-function interception inside a specific LLM framework. Tyr is kernel-level — if you need Python-level hooks inside LangChain, an SDK layer is the right tool.
- You already have Tetragon/Falco and don’t need AI semantics. Tyr overlaps in kernel capture; the value-add is the AI layer.
→ Next: Quick start · Architecture