Assury.ai provides a runtime control plane (MoCoP) that sits directly in the execution path of AI agents, enforcing policy before actions are executed against tools, APIs, or environments. MoCoP intermediates between agents and their tool interfaces, operating as a pre-execution policy enforcement point rather than a monitoring or detection layer. Each agent action is evaluated using zero-trust principles, including agent identity, privilege scope, intent, and accumulated workflow risk. The platform enforces four autonomy levels (0–3), ranging from read-only access to root-equivalent execution, with controls to prevent privilege escalation. Tools and resources are segmented into security zones to restrict lateral movement across trust boundaries, such as internal systems, external SaaS, and PII-sensitive environments. MoCoP tracks cumulative risk across multi-step agent workflows using a risk graph, enabling correlated risk decisions instead of single-event enforcement. Actions are blocked or paused when risk thresholds are exceeded or when execution paths deviate from policy. Policy enforcement is implemented using Open Policy Agent (OPA) and Rego, supporting just-in-time authorization, tenant isolation, and custom rules. Full execution telemetry is captured via OpenTelemetry, including prompts, tool calls, policy decisions, and outcomes. Audit logs are immutable and exportable to S3 with provenance for compliance and investigation. Human-in-the-loop controls are triggered automatically when agents attempt to cross security zones or approach defined risk thresholds. The platform integrates with existing agent frameworks and provides centralized visibility and control.