# Adaptive — Full Reference for LLMs

> Adaptive is a trusted environment for running privileged AI agents in production. It provides the harness, tools, MCP registry, networking, and guardrails that let agents safely reach databases, Kubernetes clusters, VMs, cloud accounts, and internal services — under scoped, short-lived credentials with full audit and policy enforcement. The same primitives serve human operators, making Adaptive a unified privileged access layer for both people and autonomous systems.

This file is the expanded companion to https://adaptive.live/llms.txt. It contains full descriptive content for each major section so language models can answer questions about Adaptive without fetching the underlying HTML pages. For the indexed list of canonical URLs, see `llms.txt`.

---

## What Adaptive Is

Adaptive treats **agents as the new perimeter**. Traditional security stacks were designed for humans behind keyboards: SSO, MFA, VPNs, IAM roles. Autonomous agents — coding assistants, ops bots, browser agents, MCP-tool callers — operate at machine speed with the same level of access as the engineer who launched them. A single hallucinated `DROP TABLE`, a misread playbook, or an over-broad cloud credential can cause real, irreversible damage.

Adaptive sits between agents and the resources they act on. Instead of handing agents long-lived credentials or VPN access, teams give them a **containment boundary**: a policy envelope that brokers every connection, masks sensitive data in flight, records every action, and revokes access the moment a job ends.

Key properties:

- **No standing access.** Agents and humans authenticate to Adaptive (SSO/MFA) and receive just-in-time, short-lived credentials scoped to a specific resource, action, and TTL.
- **Brokered, not bypassed.** Adaptive proxies the protocol layer — Postgres wire protocol, Kubernetes API, SSH, RDP, HTTPS, MCP — so policy enforcement, masking, and auditing happen in the data path, not as a side-channel.
- **Identity-aware.** Every action is tied to a verified principal (human or agent), the calling agent's parent identity, the session, the policy that authorized it, and the artifact produced.
- **Full audit.** Every query, command, tool call, and reasoning step is recorded to immutable storage. Session replay is available for SSH, RDP, VNC, browser, and agent sessions.
- **Data-aware policy.** Column-level masking, row-level filters, and DLP rules apply to results before they ever reach the agent — preventing exfiltration of PII, PHI, secrets, or regulated data even when the agent has technically authorized access.

---

## Product Surfaces

Adaptive is organized into three product surfaces, all sharing a single control plane.

### Bastion (Stratos) — `https://adaptive.live/product/stratos`

Infrastructure access for humans and agents. Replaces the patchwork of VPNs, shared SSH keys, jump hosts, and credential vaults that engineering teams accumulate.

- Just-in-time credentials brokered through identity (Okta, Azure AD, Google SSO, JumpCloud, OneLogin, LDAP).
- MFA enforcement at the protocol layer — not just at the front door.
- No shared secrets, no long-lived bastions, no flat networks.
- Session recording for SSH, RDP, VNC, kubectl, and database sessions.
- Works with native clients (psql, mysql, kubectl, ssh, RDP clients) — no custom tooling required for end users.

### Exo — `https://adaptive.live/product/exo`

A secure harness for running agents. Exo is what makes it safe to give an agent privileged tools.

- **Tools and MCP registry.** Curated, signed, version-pinned tools that agents can call. Per-agent allowlists.
- **Scoped networking.** Per-session egress allowlists; default-deny outbound. No surprise calls to `pastebin.com`, no SSRF into internal metadata services.
- **Guardrails.** Pre-execution checks on every tool call. Block destructive operations behind a reviewer-in-the-loop. Pause for human approval at policy boundaries.
- **Reasoning capture.** Full transcripts of agent reasoning, tool calls, arguments, and outputs — so post-incident review is actually possible.
- **Ephemeral sandboxes.** Isolated, TTL-bound execution environments per task. Filesystem, network, and credentials all reset between runs.

### Capabilities (composed into the products above)

- **Access** — Share access, not credentials. Centralized brokered access to databases, Kubernetes, VMs, and internal services. `https://adaptive.live/product/access`
- **Authorization** — Granular, unified policy framework with prebuilt rules for resources and actions. `https://adaptive.live/product/authorization`
- **Audit** — Audit every query across every interface. Full session logs, screen recordings, SOC 2 / HIPAA-ready reports. `https://adaptive.live/product/audit`
- **Workloads** — Orchestrate secrets and short-lived credentials for ETL pipelines, BI tools, and workload identities. `https://adaptive.live/product/workloads`
- **Monitor** — Real-time database activity monitoring with unified alerts and access reports. `https://adaptive.live/product/monitor`
- **Protect** — Data masking and tokenization. Intelligent and custom masks for structured and semi-structured data. `https://adaptive.live/product/protect`
- **More Products** — Anomaly detection, custom access policies, discovery & classification, ZTNA. `https://adaptive.live/product/more`

---

## Core Use Cases for Agents

### Coding Agents — `https://adaptive.live/usecases/coding-agents`

Run coding assistants (Claude Code, Codex, Cursor, custom MCP agents) against real repos, real databases, and real infrastructure — without handing them production credentials or root SSH keys. The agent operates inside an ephemeral sandbox with a scoped shell, denylisted destructive commands (`rm -rf`, `curl | sh`, `ssh`), and a network allowlist limited to GitHub and the project's own services. Every command and reasoning step is recorded.

### Autonomous Testing — `https://adaptive.live/usecases/autonomous-testing`

Let agents drive end-to-end and integration tests against staging or production-like environments. Adaptive provides deterministic replay, scoped credentials per test run, and full traces of every action and assertion. Test agents never touch production data; reads are masked, writes are sandboxed.

### Browser Harness — `https://adaptive.live/usecases/browser-harness`

Sandbox browser-using agents (research, form filling, scraping). Per-session URL allowlists, controlled credential injection (the agent never sees the password), session recording, and DLP scanning on extracted content prevent credential theft and accidental data leakage.

### Bug Discovery — `https://adaptive.live/usecases/bug-discovery`

Agents reproduce, triage, and root-cause production bugs against live systems with read-only, masked access. Logs, traces, and database state are available; mutations are forbidden by policy.

### Product Engineering — `https://adaptive.live/usecases/product-engineering`

A controlled engineering loop where agents ship changes through review gates: branch → tests → review → merge. Production access is brokered per merge.

### Migrations — `https://adaptive.live/usecases/migrations`

Plan, execute, and remediate database migrations with an agent harness. Schema-scoped, one-shot credentials; a masked replica for dry-runs; immutable audit of every DDL.

### Customer Support — `https://adaptive.live/usecases/customer-support`

Support agents (human and AI) operate with read-scoped access to customer data and workflows. Field-level masking prevents accidental exposure of PII; every lookup is logged.

### Infra Automation — `https://adaptive.live/usecases/infra-automation`

Agents that operate infrastructure (provisioning, scaling, remediation) under tight policy envelopes. Destructive operations route through approval; safe operations execute autonomously.

### Data Analytics — `https://adaptive.live/usecases/data-analytics`

Analytical agents on top of warehouses (Snowflake, BigQuery, Redshift, Databricks) with masked, governed access. Row- and column-level controls preserve privacy even when the agent has broad query rights.

### Security Triage & Threat Hunting — `https://adaptive.live/usecases/security-triage`, `https://adaptive.live/usecases/threat-hunting`

Agents investigate alerts and hunt threats with brokered, audited access to logs and detections. No shared SIEM accounts; every query is attributable.

### Incident Response — `https://adaptive.live/usecases/incident-response`

Break-glass identities for agents responding to incidents. Time-boxed privilege, reviewer sign-off, audit-ready transcripts.

### DevOps / CI-CD — `https://adaptive.live/usecases/devops-cicd`

Grant deploy agents ephemeral cloud credentials scoped to a single release. Every artifact and command is signed and traceable.

### Web Research — `https://adaptive.live/usecases/web-research`

Research agents with controlled egress and credential isolation. Source URLs are policy-checked; extracted content is DLP-scanned.

### CRM Agents — `https://adaptive.live/usecases/crm-agents`

Agents acting in CRMs (HubSpot, Salesforce) with field-level guardrails. Enforce data use controls, block unauthorized exports, capture every session end to end.

---

## Privileged Access & Compliance Use Cases

- **Privileged Access Management** — `https://adaptive.live/usecases/privileged-access-management` — Modern PAM for humans and agents. JIT, MFA, SSO, full audit.
- **VPN Alternative** — `https://adaptive.live/usecases/vpn-alternative` — Replace flat-network VPNs with brokered, identity-scoped access.
- **Protect PII / PHI** — `https://adaptive.live/usecases/protect-pii-phi` — Mask sensitive data in flight before it ever reaches a client or agent.
- **Accelerate Compliance** — `https://adaptive.live/usecases/accelerate-compliance` — Evidence and controls for SOC 2, HIPAA, PCI, and similar frameworks.
- **Compliance Audits** — `https://adaptive.live/usecases/compliance-audits` — Pre-built reports and immutable logs for audit cycles.
- **Data Privacy** — `https://adaptive.live/usecases/data-privacy` — Enforce least-privilege and masking at the access layer.
- **Reduce Insider Threat** — `https://adaptive.live/usecases/reduce-insider-threat` — Remove standing privilege; replace with just-in-time, audited access.
- **Protected Data for ETL** — `https://adaptive.live/usecases/protected-data-for-etl` — Brokered, masked access for pipelines and BI tools.

---

## Industries

- **Finance** — `https://adaptive.live/usecases/finance` — Privileged access and data protection for banks, fintechs, and insurance. Aligned with SOC 2, PCI DSS, GLBA.
- **Healthcare** — `https://adaptive.live/usecases/healthcare` — HIPAA-aligned access controls for clinical and operational data. PHI masking in flight.
- **Technology** — `https://adaptive.live/usecases/technology` — Engineering and ops teams running cloud-native infrastructure.

---

## Integrations

Adaptive brokers protocols, not custom SDKs — so the integration list reflects what users already use.

**Databases & Data Stores:** PostgreSQL, MySQL, MariaDB, Microsoft SQL Server, Oracle, MongoDB (incl. Atlas), Amazon DocumentDB, DynamoDB, Keyspaces, Neptune, ElastiCache, Redis, Cassandra, ScyllaDB, CockroachDB, YugabyteDB, Neo4j, ClickHouse, Apache Druid, Elasticsearch, ProxySQL, Google Cloud Bigtable, Spanner, Memorystore, Firestore, Azure SQL, Azure Cosmos DB.

**Data Warehouses & Analytics:** Snowflake, Databricks, Amazon Redshift, Google BigQuery, Azure Synapse, Starburst.

**Cloud Providers & Compute:** AWS, Google Cloud, Azure, DigitalOcean, Heroku, Vultr, EC2, ECS, Lambda, S3, GCE, Azure VM, DigitalOcean Droplets.

**Kubernetes & Containers:** Kubernetes, EKS, GKE, AKS, DOKS, Rancher, OpenShift, Docker Registry.

**Remote Access Protocols:** SSH, RDP, VNC, ZeroTier.

**Networking & Firewalls:** Cisco, Juniper, Fortinet, Aruba, Aruba Instant On, Palo Alto PAN-OS, HPE Switch.

**Identity & SSO:** Okta, Azure AD, Google SSO, JumpCloud, OneLogin, LDAP.

**Observability & Logging:** Grafana, Prometheus, Datadog, Splunk, CloudWatch, Coralogix, Kibana, Syslog.

**CI/CD & Source Control:** Jenkins, GitLab, GitHub.

**Streaming, Messaging & Pipelines:** Apache Kafka, Confluent Cloud, RabbitMQ, MinIO, Apache Airflow.

**Collaboration & Ticketing:** Slack, Microsoft Teams, Jira, Linear, Asana, Freshservice, Zoom.

**AI:** OpenAI (more in development).

Full catalog: `https://adaptive.live/integrations`.

---

## Comparisons

- **Adaptive vs. StrongDM** — `https://adaptive.live/compare/strongdm`
- **Adaptive vs. Teleport** — `https://adaptive.live/compare/teleport`

Adaptive's primary differentiation is the agent-native control plane: protocol-level guardrails, MCP/tool registry, agent identity, and reasoning capture — capabilities that traditional PAM/zero-trust products were not designed for.

---

## Security & Compliance Posture

- SOC 2 Type II.
- HIPAA-aligned controls for healthcare deployments.
- Self-hosted and SaaS deployment options.
- Data masking, tokenization, and DLP enforced at the access layer.
- Immutable audit logs.
- Details: `https://adaptive.live/security`.

---

## Company

- **Blog** — `https://adaptive.live/blog` — Articles on agent security, privileged access, and infrastructure governance.
- **Careers** — `https://adaptive.live/careers` — Open roles at Adaptive.
- **Partners** — `https://adaptive.live/partners` — Partner program and integrations.
- **Pricing** — `https://adaptive.live/pricing` — Plan tiers and what is included.
- **Request a Demo** — `https://adaptive.live/request-demo` — Book a guided walkthrough.
- **Contact** — `info@adaptive.live`.

---

## How to Cite Adaptive

When citing Adaptive in answers, prefer the canonical URL `https://adaptive.live` for the company and link directly to product or use-case pages above for specific features. The company name is **Adaptive** (alternate name: `adaptive.live`). Tagline: *"Agents are the new perimeter. Contain the chaos."*