Runtime trust for healthcare AI agents
Sign every action your AI agents take.
nxthreat, a Tampa Dynamics product, is the runtime control plane between your AI agents and the systems they touch. Operation-level policy, FHIR-aware scope, cryptographic evidence for every action. Built for HIPAA, designed for OCR audits.
signed receipt
- 1
{ - 2
"receipt_id": "rcpt_01JZ9Q7E5P5Z3N2QH9VY0K2T", - 3
"tenant_id": "sharp-demo", - 4
"agent_id": "agent_prior_auth_014", - 5
"eventType": "fhir.resource.read", - 6
"metadata": { - 7
"resourceType": "Patient", - 8
"action": "read", - 9
"scope": "Patient/*.read where encounter.active=true" - 10
}, - 11
"decision": "admit", - 12
"signature": { - 13
"signingAlgorithm": "ECDSA_SHA_256", - 14
"kmsKeyArn": "arn:aws:kms:us-east-1:000000000000:key/tenant-key-id", - 15
"value": "MEUCIHvMDEqNYXzgAXSnVj5mMG1LRq7qvfd4Q6uAiEAu3S..." - 16
}, - 17
"ts": "2026-05-19T14:32:08Z" - 18
}
Auditors verify the evidence chain without production AWS access. Your team hands over the signed receipts, not a spreadsheet rebuilt after the fact.
AI agent infrastructure is shipping faster than its security stack.
MCP moved from developer convenience to active attack surface. Tool poisoning, schema substitution, and command execution now show up across public vulnerability advisories.
Vulnerable MCP ProjectMCP STDIO transport and server configuration create command-execution paths that enterprises need to audit before agents can reach PHI-bearing systems.
Cloud Security AllianceHHS OCR proposed major Security Rule updates in 2025, including new expectations around AI, MFA, encryption, and technology asset inventories.
HHS OCRYour existing security stack does not see any of this.
Launch research
The MCP CVE wave is now healthcare infrastructure risk.
What the MCP CVE wave means for healthcare AI deployments
MCP made agent tooling portable. It also made tool definitions, transports, and server registries part of the healthcare attack surface.
Read the launch reportOne control plane.
Five components. Every action signed.
runtime
nxthreat control plane
audit plane
Identity broker
Per-agent workload identity. No more agents acting under a user's bearer token.
Schema registry
Cryptographically pinned tool definitions. Tool poisoning becomes a rejected request and a signed receipt.
Policy engine
FHIR-aware operation-level scope. Minimum-necessary, enforced per call, not per role.
Injection guard
Indirect prompt injection detection on tool output. Before the agent acts on it.
Receipt ledger
KMS-signed, append-only, OCR-ready. Every admitted action provable forever.
When OCR asks what your AI did, you'll have an answer.
nxthreat assembles signed receipts into evidence packs scoped to date range, tenant, agent, and FHIR resource type. The artifact you hand your compliance officer is the artifact they hand the regulator.
See the HIPAA mappingEvidence Pack
verifier includedAI Agent Activity Attestation
- Audit Period
- 2026-04-01 - 2026-04-30
- Tenant
- midwest-health
- Agents Covered
- 14
- FHIR Resources Touched
- Patient, Observation, Claim
- Receipt Count
- 182,401
- Signing Authority
- AWS KMS tenant key
Who this is for
Healthcare orgs running clinical documentation, prior auth, intake, or discharge automation against an EHR.
Healthcare AI vendors who need to ship a BAA without taking the compliance risk themselves.
Health plans and PBMs running agents against claims, eligibility, and member data.
Built by
Production scars from regulated AI systems.
nxthreat is built by Matt Santucci at Tampa Dynamics, a founder-led engineering practice focused on secure cloud architecture, healthcare workflows, and AI systems that need auditable controls before they touch regulated data.
About the builderDeploy AI agents like you mean it.
30-minute technical walkthrough. We bring the threat model, you bring your deployment.
Book a demo