← Back to all sparks
S

Speakeasy

DEVOPS
Velocity8.8

Speakeasy's Gram is building the governance layer for enterprise AI-coding agents

ai-governancemcpagent-observabilityrisk-policyenterprise-security
Current state
Speakeasy's platform (Gram, plus the Elements line) governs and observes AI coding agents — Claude Code, Codex, Cursor — across an organization. The recent cadence is fast and dense: prompt-guardrail evaluation, risk policies (including flagging personal versus corporate AI accounts), RBAC scopes for who can read whose agent sessions, shadow-MCP enforcement, per-provider cost and usage breakdowns, and OAuth/CIMD plumbing for strict identity providers. Claude Sonnet 5 is now the default in-app model.
Where it's heading
Speakeasy is racing to become the control plane for AI-agent usage in the enterprise: not just connecting agents to tools via MCP, but proving guardrails work before enforcing them, detecting shadow and personal-account usage, attributing cost by provider, and auditing who read which session. The v0.81.0 evaluation workbench — replaying real transcripts through a policy with saved regression sets — signals a shift from static policies to tested, regression-guarded ones. Governance rigor, not raw feature count, is the differentiator being built.
Prediction
Expect deeper policy tooling (more evaluation, regression, and sensitivity controls), broader provider and account-type visibility, and continued MCP-governance hardening as more coding agents enter the enterprise.

Recent moves

  1. 2d ago

    Test prompt guardrails against real chats, flag personal AI accounts, and attach remote MCP servers to assistants

    ⚡ SPARK

    The evaluation workbench is the standout in a dense release: it lets policy authors replay real chat transcripts through a prompt guardrail, see per-message judge verdicts, and save them as regression sets — moving Speakeasy from write-and-hope guardrails to tested ones, alongside personal-account flagging and remote-MCP attachment.

  2. 7d ago

    See AI usage by account type and provider, with clearer cost estimates and a more secure CLI login

    Breaks AI usage and cost down by account type (Team versus Personal) and provider (Claude, Codex, Cursor) and tightens CLI login to PKCE — sharpening the shadow-AI visibility and cost-attribution that anchor the governance pitch.

  3. 8d ago

    Default to Claude Sonnet 5 and share remote session clients across an organization

    Defaults in-app usage and new assistants to Claude Sonnet 5, adds org-level remote session clients, and restricts who can unmask redacted secrets — a mix of model refresh and access-control tightening.

  4. 8d ago

    Claude Sonnet 5 is now the default assistant model

    The Elements-side echo of the same Claude Sonnet 5 default shipped in the Platform release — the identical model-default change surfaced in the Elements line rather than a distinct feature.

  5. 9d ago

    Connect to stricter OAuth providers with outbound CIMD support

    Adds outbound CIMD support so remote session OAuth works with identity providers that require Client ID Metadata Documents — narrow but real plumbing for stricter enterprise auth.

  6. 10d ago

    Edit system role permissions, tune risk detection sensitivity, and tighter shadow MCP enforcement

    Makes built-in admin and member roles editable per org, adds a risk-detection sensitivity slider, and hardens shadow-MCP enforcement against false results — incremental control and accuracy gains across the governance surface.