nxthreat

Runtime trust for healthcare AI agents

Sign every action your AI agents take.

nxthreat, a Tampa Dynamics product, is the runtime control plane between your AI agents and the systems they touch. Operation-level policy, FHIR-aware scope, cryptographic evidence for every action. Built for HIPAA, designed for OCR audits.

KMS-signed receiptsS3 Object LockFHIR R4No customer-data trainingsecurity.txt
ReceiptV1

signed receipt

KMSFHIRtenant scopedverified
  1. 1{
  2. 2 "receipt_id": "rcpt_01JZ9Q7E5P5Z3N2QH9VY0K2T",
  3. 3 "tenant_id": "sharp-demo",
  4. 4 "agent_id": "agent_prior_auth_014",
  5. 5 "eventType": "fhir.resource.read",
  6. 6 "metadata": {
  7. 7 "resourceType": "Patient",
  8. 8 "action": "read",
  9. 9 "scope": "Patient/*.read where encounter.active=true"
  10. 10 },
  11. 11 "decision": "admit",
  12. 12 "signature": {
  13. 13 "signingAlgorithm": "ECDSA_SHA_256",
  14. 14 "kmsKeyArn": "arn:aws:kms:us-east-1:000000000000:key/tenant-key-id",
  15. 15 "value": "MEUCIHvMDEqNYXzgAXSnVj5mMG1LRq7qvfd4Q6uAiEAu3S..."
  16. 16 },
  17. 17 "ts": "2026-05-19T14:32:08Z"
  18. 18}
verified at 2026-05-19 14:32 UTC

Auditors verify the evidence chain without production AWS access. Your team hands over the signed receipts, not a spreadsheet rebuilt after the fact.

AI agent infrastructure is shipping faster than its security stack.

Dozens of MCP advisories

MCP moved from developer convenience to active attack surface. Tool poisoning, schema substitution, and command execution now show up across public vulnerability advisories.

Vulnerable MCP Project
Command execution moved into the trust boundary

MCP STDIO transport and server configuration create command-execution paths that enterprises need to audit before agents can reach PHI-bearing systems.

Cloud Security Alliance
OCR pressure is rising

HHS OCR proposed major Security Rule updates in 2025, including new expectations around AI, MFA, encryption, and technology asset inventories.

HHS OCR

Your existing security stack does not see any of this.

Launch research

The MCP CVE wave is now healthcare infrastructure risk.

What the MCP CVE wave means for healthcare AI deployments

MCP made agent tooling portable. It also made tool definitions, transports, and server registries part of the healthcare attack surface.

Read the launch report

One control plane.
Five components. Every action signed.

Agent client

runtime

nxthreat control plane

Identity broker
Schema registry
Policy engine
Injection guard
Receipt ledger
EHR / FHIR / MCP
SIEM / auditor

audit plane

data plane
audit plane

When OCR asks what your AI did, you'll have an answer.

nxthreat assembles signed receipts into evidence packs scoped to date range, tenant, agent, and FHIR resource type. The artifact you hand your compliance officer is the artifact they hand the regulator.

See the HIPAA mapping

Evidence Pack

verifier included

AI Agent Activity Attestation

Audit Period
2026-04-01 - 2026-04-30
Tenant
midwest-health
Agents Covered
14
FHIR Resources Touched
Patient, Observation, Claim
Receipt Count
182,401
Signing Authority
AWS KMS tenant key
Receipt chain verified. 0 signature gaps.

Who this is for

Healthcare orgs running clinical documentation, prior auth, intake, or discharge automation against an EHR.

Healthcare AI vendors who need to ship a BAA without taking the compliance risk themselves.

Health plans and PBMs running agents against claims, eligibility, and member data.

Built by

Production scars from regulated AI systems.

nxthreat is built by Matt Santucci at Tampa Dynamics, a founder-led engineering practice focused on secure cloud architecture, healthcare workflows, and AI systems that need auditable controls before they touch regulated data.

About the builder

Deploy AI agents like you mean it.

30-minute technical walkthrough. We bring the threat model, you bring your deployment.

Book a demo