safety

Autonomous doesn't mean unchecked.

Furl runs with elevated access on your endpoints. We don't take that lightly — and we've architected the platform around the question every security team is going to ask first: what stops this from becoming the next headline?

Book a demo
guardrails.furl · prod · acme-co
ENFORCED
SCOPES · WHERE FURL CAN ACT4 of 7 enabled
os: macos
os: windows
os: linux
cvss ≥ 7.0
cvss ≥ 9.0 only
bu: engineering
bu: finance
group: build-servers
CONFIDENCE THRESHOLDAUTO-EXECUTE ABOVE
0.00.51.0
0.78
APPROVAL GATES · DEFAULT-ON3 ACTIVE
PROD SYSTEMS
Sign-off required
CUSTOM SCRIPTS
Sign-off required
FIRST-TIME
Sign-off required
BATCH ROLLOUT · CVE-2026-1184WAVE 4 / 8
387 / 1,047 done 0 rollbacks

Tools meant to protect you can become the attack vector.

One piece of software took down millions of Windows machines with a single update. Another was used as the entry point for a breach that wiped a Fortune 500 company's data. The pattern is established. Any tool with reach across your fleet is a tool that has to earn trust — every release, every action, every endpoint.

We're asking for that trust. So here's exactly how we earn it.

INCIDENT CrowdStrike · jul 2024
VECTOR
single update
BLAST RADIUS
8.5M endpoints
GUARDRAILS
none
guardrails

You define what Furl can do.
We enforce it.

Scopes

You decide where Furl can act. By OS, by CVSS score, by business unit, by endpoint group. Furl will not touch anything outside the scopes you approve.

scopes.matrix 7 / 15 cells enabled
eng
it
finance
sales
prod-db
macos
windows
linux
approved
off
locked — furl cannot touch

Confidence thresholds

Furl only auto-executes when its confidence in a strategy clears the bar you set. Below that, it asks.

confidence.config AUTO-EXECUTE ≥ 0.85
threshold= 0.85
0.0 · ASK 0.85 · BAR 1.0 · AUTO
// below the bar, furl asks

It authors the primitives.

A check to detect the issue, a strategy to fix it, and a suggested scope — all drafted automatically.

gates.config 3 ACTIVE · DEFAULT-ON
→ strategy: upgrade-libssl on prod-eng
prod systems AWAITS
custom scripts AWAITS
first-time AWAITS
↓ sign-off required

You approve. It ships.

Or you adjust scope, threshold, or approach first. Your call.

batch.config WAVE 4 / 8
rollout= waves(8)
52
104
231
387
387 / 1,047 deployed · 0 rollbacks kill-switch armed
validation

Every fix is checked. Every failure is reversed.

Furl validates before and after every change. If a strategy doesn't land, Furl rolls it back automatically — every time, on every endpoint. You don't find out about a failed remediation from a user complaint. You find out from the audit log, after it's already been undone.

Every action Furl takes — what it did, where, on whose authority, and whether it succeeded — is logged, exportable, and audit-ready.

action.log · #act-44821 · CVE-2026-1184
14:02:11 pre-state captured · libssl-3.0.7 · 1,047 hosts checksum:7af3
14:02:14 strategy auth'd · upgrade-libssl · scope: bu-eng conf:0.91
14:02:18 wave 1/8 · 129 hosts · validation pass 128/129
14:02:21 post-check fail · eng-mac-12 · service stopped err:e_svc
14:02:22 auto-rollback · eng-mac-12 · pre-state restored checksum:7af3
14:02:24 audit log written · signed · acme-co/sec sig:9f4c
128 succeeded · 1 failed · 1 rolled back EXPORTABLE
YOUR AUTONOMY CURVE
Scope · threshold · gates — expanded as efficacy compounds.
0% 25% 50% 75% 100% % AUTOMATED DAY 1 +30D +90D +180D 3% auto 62% auto 87% auto
DAY 1
1 scope · 0.95 threshold · all gates on
+30 DAYS
2 scopes · 0.90 threshold · gates on
+90 DAYS
5 scopes · 0.85 threshold · prod gate on
+180 DAYS
8 scopes · 0.80 threshold · custom gate
earned, not assumed

Trust grows with the program.

Nobody runs Furl on full autonomy on day one. Nobody should. The platform is built so you can start small — a single scope, a high confidence threshold, full approval gates — and expand as the data earns it.

Furl tracks efficacy, validation outcomes, and rollback rates so you can see the program's track record before you widen it. Every customer's autonomy curve is their own.

end useres in the loop

Your team handles exceptions. Furl handles the volume.

When a fix affects an end user — an upgrade, an uninstall, a config change — Furl notifies them through Slack or Teams. They can defer, request an exception, or escalate. Your team only sees what actually needs a human.

furl · slack · #it-furl
FURL today at 14:02

Hi Maya — your laptop has a security update queued: libssl 3.0.7 → 3.0.13. Estimated impact: 30 sec restart. Window: today, 18:00 local.

approve now defer 24h request exception
MAYA 14:04

Defer to 19:00 — I'm in a build.

FURL 14:04

Got it. Rescheduled for 19:00. Your team didn't need to see this.

security posture

SOC 2 compliant. Architected for the threat model we live in.

Every Furl deployment runs under principle-of-least-privilege. Credentials are scoped to the minimum required for each strategy. The platform itself is monitored continuously by the same kind of detection logic it ships.

Audited and current

Annual third-party audit. Report available on request.

Scoped credentials

Per-strategy. Time-bound. Revocable.

Detection on detection

The platform is watched by the same logic it ships.

Every action, signed

What ran, where, on whose authority, and the result.

Book a demo