Logan Kelly
Arthur AI finds and evaluates your agents — but enforcement lands after the fact. Waxell enforces policy before each step runs.

Your security team asks a simple question: how many AI agents are running in this company right now? Nobody has a real answer. Developers spun up agents on AWS Strands and CrewAI without a ticket. A vendor you've used for three years quietly shipped an agent in last month's patch notes. Someone in ops connected an MCP server to a spreadsheet tool over a long weekend. According to McKinsey, 62% of organizations are already experimenting with agentic systems, and 80% report risky behavior from agents already live in production. You can't govern what you can't see — and right now, you can't see most of it.
This is the exact problem Arthur AI was built to solve. Arthur calls itself an Agent Discovery & Governance (ADG) platform, and discovery is genuinely its strongest pillar: a purpose-built inventory system that finds agents you didn't know existed, across clouds and frameworks, and pulls them into one catalog. It's a real capability, and it's one Waxell doesn't try to replicate at the same scope.
But discovery answers "what's out there." It doesn't answer "what happens the moment one of those agents tries to do something it shouldn't." That's a different problem, and it's the one Waxell was built to solve.
TL;DR: Arthur AI is the strongest tool on the market for finding and cataloging agents you didn't know you had — it scans OpenTelemetry streams, MCP servers, network traffic, and cloud APIs to build a living registry, then layers guardrails, evaluators, and alerting on top. Waxell doesn't compete on org-wide agent inventory. Waxell enforces policy before the first step runs inside a given agent's execution — blocking, redacting, or halting in real time, not flagging after the fact. Most engineering teams running production agents need both: Arthur-style discovery to know what's running, Waxell-style enforcement to control what it does next.
What Arthur AI is built for
Arthur's own positioning, read live from its product pages, breaks into three pillars: Agent Discovery (a living inventory of every agent across the org), Automated Governance (structured checks, continuous behavior analysis, policy-based controls), and Continuous Improvement (its Agent Development Lifecycle, or ADLC, framework — deeper evaluations and actionable insights).
The discovery engine is the differentiator. Arthur uses four techniques together: OpenTelemetry telemetry scanning, MCP server monitoring, network-layer traffic analysis, and API-driven discovery against cloud providers like AWS Bedrock and Google Cloud Vertex AI. Combined, they're designed to catch "shadow agents" — agents deployed without going through governance channels — regardless of which of three vectors they arrive from: internal dev teams, new agent-powered vendor tools, or existing software that quietly added agentic features in a routine update. Agents that get caught this way but aren't yet assigned an owner are surfaced as "unregistered," which is a genuinely useful triage signal for a security team drowning in shadow AI.
On top of discovery, Arthur layers governance: customizable guardrails for PII, toxicity, hallucination, and prompt injection; use-case-specific evaluators (a customer service bot and a warehouse inventory agent get different policies); continuous evaluation tied to those use cases; and real-time monitoring with configurable alerts. Arthur describes this as "policy enforcement that scales to thousands of agents" — a fair characterization of a guardrail-and-alerting model, though it's a different mechanism than gating an agent's next action before it executes (more on that below).
Arthur's free tier is also worth noting: the Arthur Evals Engine is open source and free, with PII, sensitive-data, and custom LLM/regex rules built in — a real, no-cost entry point for teams that want to self-serve before talking to sales.
Where Arthur AI falls short for teams that need enforcement, not just visibility
Discovery and governance are different jobs, and Arthur is optimized for the first one. Once an agent is in Arthur's inventory, the platform's governance model is built around detection: guardrails that flag PII or toxicity, evaluators that score outputs, alerts that fire when something crosses a threshold. That's real governance, but it's a fundamentally different mechanism from stopping a bad action before it happens. Nothing on Arthur's own pages describes gating a specific tool call or agent step pre-execution the way a runtime enforcement layer does.
MCP server monitoring is a discovery technique, not an enforcement layer. Arthur is explicit about this in its own published materials: MCP monitoring exists to detect new MCP servers as they appear and flag new agents coming online — it's one of four signals used to build the inventory, alongside OTel, network analysis, and API discovery. It tells you an MCP server exists and something is talking to it. It does not inspect, approve, or block individual tool calls flowing through that MCP connection. If an agent already in Arthur's registry starts calling a tool it shouldn't, MCP monitoring isn't the layer that stops it.
No data-retrieval-layer governance. Arthur's stack covers observability, evaluation, and guardrail-style governance — but nothing in its published feature set addresses what an agent is allowed to retrieve from a data source before that data ever reaches the model, the way Waxell's Signal & Domain capability does. For teams governing agents that touch sensitive data stores, that's a real gap.
GRC-oriented setup overhead. Arthur's positioning leans on structured governance workflows and compliance-driven configuration — a reasonable tradeoff for enterprise security teams, but more setup than an engineering team wants when the ask is "instrument this agent in ten minutes, not a quarter."
What Waxell adds
Waxell doesn't try to out-discover Arthur across an entire enterprise's cloud footprint — that's a genuinely different product built for a genuinely different first question. What Waxell adds is what happens after an agent is known: real-time, pre-execution policy enforcement inside that agent's actual execution trace, evaluated against 50+ policy categories spanning content, cost, privacy, safety, and compliance. The distinction that matters: Arthur's governance model scores and alerts; Waxell's governance plane gates the next step before it runs. If a policy says an agent can't write to a production database without approval, Waxell holds that specific call — it doesn't just log that the call happened and notify someone afterward.
Waxell also ships two-line SDK instrumentation across 200+ frameworks and LLM libraries, hard budget enforcement that stops execution the moment a cost ceiling is hit (not after the invoice arrives), and durable pause/resume for workflows that need to survive a human-approval step without losing state.
Arthur AI vs. Waxell: feature comparison
Capability | Arthur AI | Waxell |
|---|---|---|
Org-wide agent discovery (OTel, network, cloud API) | ✅ Core product pillar | ❌ Not the product's focus |
MCP server monitoring | ✅ Discovery signal only | ⚠️ MCP Gateway governs tool calls, not just detects servers |
Pre-execution policy enforcement (blocks before the step runs) | ❌ Not described in Arthur's own materials | ✅ Core to Waxell Runtime |
PII detection & redaction | ✅ Built into free Evals Engine + guardrails | ✅ Native policy category |
Data-retrieval-layer governance | ❌ Not addressed | ✅ Signal & Domain |
Continuous evaluation / scoring | ✅ Datasets, Continuous Evals, Custom Evals, Human Annotation | ⚠️ Evaluation exists but isn't the primary product angle |
Self-hosted / on-prem deployment | ✅ Self-managed VPC, BYOCloud, on-prem (Enterprise tier) | ✅ VPC deployment available |
Free tier | ✅ Free ($0/mo, 4 use cases) + free open-source Evals Engine | ✅ Free during beta |
SOC 2 | ✅ Listed under Governance > Data Security | ✅ SOC 2 Type II |
Hard budget/cost enforcement (stops execution at ceiling) | ⚠️ Not described as a real-time enforcement mechanism | ✅ Native policy category |
Scenario: an agent nobody registered starts touching a customer database
Say a developer spins up an internal support agent on CrewAI that nobody files a ticket for. Arthur's OTel and network-layer discovery techniques catch it within hours, flag it as unregistered, and surface it in the central catalog — genuinely fast, genuinely useful triage. A security lead assigns it an owner and brings it under a guardrail policy: PII detection, a toxicity check, an eval tied to "did this response resolve the ticket."
Now the agent's next action is to pull a customer's full record from a database to answer a question that only needed the customer's plan tier. Arthur's guardrails will likely catch that the output contains PII once it's generated and flag or redact it. What they won't do is stop the retrieval itself — the query against the data source already happened. A policy enforced at the data-retrieval layer, before the query executes, is the difference between "we caught PII in an output" and "the agent never had unnecessary data in its context window to begin with."
When to use Arthur AI
Reach for Arthur when your first, most urgent problem is visibility: you genuinely don't know how many agents are running across your organization, they're arriving from multiple clouds and frameworks, and you need a GRC-oriented platform with an inventory-first architecture and a free open-source entry point. If shadow agents are the fire you're fighting this quarter, Arthur's four-technique discovery engine is purpose-built for exactly that.
When to use Waxell
Reach for Waxell when you already know which agents matter and the problem is controlling what they're allowed to do — enforcing policy before a risky tool call executes, capping spend before it becomes a surprise invoice, redacting or blocking data at the point of retrieval rather than after generation, and producing an audit trail that shows enforcement, not just detection.
How Waxell handles this natively
Waxell Runtime evaluates every declared policy against the agent's next step before that step runs, using the same policy enforcement engine across 50+ categories — privacy, cost, safety, compliance, and more — with no rebuilds required as policies change. Ready to see it against your own agents? Start free — two-line setup, governance evaluated from the first run.
FAQ
Is Waxell an Arthur AI alternative?
Partially, and it's worth being precise about which part. If your primary need is org-wide agent discovery — finding agents you don't know exist across clouds and frameworks — Waxell isn't built to replace that; Arthur's discovery engine is purpose-built for it. If your need is enforcing policy on agents you already know about, Waxell is the more direct fit: pre-execution blocking and redaction rather than post-hoc guardrails and alerts.
Can I use Waxell and Arthur AI together?
Yes, and the combination covers more ground than either alone. Arthur's discovery layer finds and inventories agents across your environment; Waxell's runtime layer enforces policy on the agents that matter most once they're identified. Teams with a large, sprawling agent footprint often need both: one tool answering "what's out there," another answering "what is it allowed to do."
Does Arthur AI support MCP (Model Context Protocol)?
Arthur monitors MCP servers as one of four agent-discovery techniques — detecting new servers as they appear and flagging new agents connecting to them. That's a visibility signal, not tool-call governance. Arthur's own materials describe MCP monitoring as a way to catch agent activity you didn't know about, not a mechanism for approving, blocking, or fingerprinting individual tool calls made through an MCP connection.
What does Arthur AI's free tier actually include?
Two separate things: the Arthur Evals Engine is a free, open-source, self-serve tool with built-in PII, sensitive-data, and custom LLM/regex rules. Separately, Arthur's hosted Free plan ($0/mo) covers monitoring for up to 4 use cases with unlimited seats and core performance metrics. Both are real no-cost entry points, not lead-gated trials.
Is Arthur AI's policy enforcement the same as pre-execution blocking?
Not based on what Arthur publishes about its own product. Arthur describes "policy enforcement that scales to thousands of agents," built on guardrails, use-case-specific evaluators, continuous evaluation, and real-time alerting. That's a detection-and-alert model — it identifies violations and notifies a team. Nothing in Arthur's published materials describes gating a specific agent step or tool call before it executes, which is the mechanism Waxell Runtime uses.
Sources
arthur.ai/pricing — read live via Chrome, 2026-07-13
arthur.ai/discover-and-govern-agents — read live via Chrome, 2026-07-13
arthur.ai/column/how-to-find-inventory-and-govern-every-agent-in-your-enterprise — read live via Chrome, 2026-07-13; primary source for the MCP-monitoring-as-discovery-not-enforcement distinction
McKinsey agentic AI adoption/risk stats (62% experimenting, 80% risky behavior) — cited via Arthur's own published column, not independently re-verified against the original McKinsey report this pass
Agentic Governance, Explained




