Your environment. Your data. Your controls.
Helium is the operations agent platform from Agens. Workflows run on your devices and inside the environment you approve. The host running Helium cannot read your operational data, Agens cannot read it, and data leaves the perimeter only when an approved workflow requires an external model provider or offload compute resource.
Local by default
Compute runs on your devices and inside the environment you approve. Data is processed where the work already lives, not copied out to a vendor cloud.
Unreadable to the host
The system running Helium cannot read your operational data. Memory, storage, and per workflow keys are isolated from privileged infrastructure roles.
Never read by Agens
Agens employees and operators do not access your operational data. Customer content is never used to train external models.
Compute stays where the work happens
Helium runs locally first. Workflows execute on the device, then inside your environment, and only reach outside the perimeter when the approved workflow requires it. Even at that step, the host running Helium does not read your data.
- 01Default
On the device
The agent observes, decides, and acts on the device where the work already happens. Operational data is processed in place and never copied to a vendor environment.
- 02When the workflow needs it
Inside your environment
When a workflow needs a system you operate, Helium connects from inside your perimeter using credentials and permissions you scope, with the same access controls you already enforce.
- 03Only when you approve it
Approved external compute
When a workflow calls an approved language model provider or offload compute resource, the request travels encrypted, is scoped to the minimum payload, and is recorded in the audit log.
Encryption applied at every layer of the stack
Helium follows the encryption standards your security team already requires. Customer data is protected from the network edge to the application layer, with keys and secrets scoped to your tenant.
- L4
Application payloads
Sensitive payloads passed between Helium components use envelope encryption, so privileged infrastructure roles cannot read workflow content.
- L3
Secrets and credentials
Credentials for connected systems are stored in an encrypted vault, scoped to the agent that needs them, and rotated on a defined cadence.
- L2
Data at rest
Data persisted by Helium is encrypted with AES 256, with keys managed through your KMS or in a customer scoped key hierarchy.
- L1
Data in transit
All traffic between users, agents, and integrated systems travels over TLS 1.2 or higher, with strong cipher suites and certificate validation.
Controls your security team already requires
Helium ships with the access, identity, audit, and isolation controls enterprise security teams expect from a platform that touches operational systems.
Scoped access controls
Every agent operates with the minimum permissions required for its workflow, scoped by role, system, and action type.
Identity and SSO
Helium integrates with your identity provider through SSO and SCIM, so user access follows the same lifecycle process you already enforce.
Approval workflows
Sensitive actions can require human approval, with approvers configured by role, risk level, or system of record.
Full audit trail
Every agent action is logged with the inputs reviewed, the decision taken, and the resulting change, ready for export to your SIEM.
Data minimization
Helium reads only the data required for the approved workflow and discards intermediate context once the action is complete.
Tenant isolation
Customer environments are logically isolated end to end, with separate keys, separate storage, and separate execution context.
What we commit to, in writing
The commitments that guide how Helium handles operational data, applied consistently across deployments and reviewed during enterprise security assessments.
Compute runs on your devices and inside your environment by default.
The host running Helium cannot read your operational data, and neither can Agens.
Data leaves your perimeter only when an approved workflow calls a language model provider or offload compute resource.
When external compute is used, payloads are scoped to the minimum required, encrypted in transit, and never used to train external models.
Every agent action runs under your approvals, permissions, and audit log.
Compliance
Advanced security compliance in progress
Run a security review with our team
We routinely walk through deployment boundaries, encryption, access controls, identity, audit logging, and rollback workflows with enterprise security and governance teams. Share your review framework and we will map Helium to it.