Agent Beacon: Open-Source Telemetry Layer Brings Visibility to AI Coding Agents
Asymptote Labs has released Agent Beacon, an open-source telemetry layer that monitors AI coding agents across developer laptops, CI jobs, and cloud environments, providing security teams with normalized visibility into agent behavior.
Asymptote Labs has released Agent Beacon, an open-source telemetry layer designed to monitor AI coding agents such as Claude Code, Codex CLI, Cursor, and Claude Cowork wherever they run. The tool discovers supported runtimes on a host and normalizes records of agent actions—including file edits, command execution, and external tool calls—into a single JSON event log. This gives security teams a unified view of AI agent activity across local endpoints, continuous integration pipelines, and cloud environments, enabling detection of anomalous or malicious behavior in development workflows.
Agent Beacon works by configuring supported runtimes to export OpenTelemetry data to a local collector. For Cursor, it installs hooks that emit endpoint events covering sessions, prompt submission, tool use, command execution, and file edits. A bundled collector converts the OpenTelemetry logs and hook events into a normalized JSON event log, which can be inspected via a local dashboard or forwarded to customer-managed SIEMs. The software runs entirely locally and does not require an Asymptote account, with configurable retention modes that allow teams to redact sensitive fields like prompt text or command output.
CEO Justin D’Souza positions Agent Beacon as the first comprehensive open-source telemetry layer for AI agents, extending OpenTelemetry standards for generative AI. “The precondition for governance is a visibility layer built on a normalized schema of agent activity across local + CI + cloud agent harnesses,” D’Souza told Help Net Security. He outlined a roadmap toward governance that includes a detection rule standard, a policy layer for real-time controls, and a streaming-first architecture for near-real-time evaluation of agent actions.
D’Souza sees a gap in what existing endpoint detection and response (EDR) tools collect. “Existing EDR tools miss understanding agent behaviour, e.g. what the agent is trying to do, what tools it invokes, what context it uses, and how those actions map to a broader task a user is trying to accomplish,” he said. He named CrowdStrike’s EDR and AIDR products as examples, noting that early design partners already using CrowdStrike are adopting Agent Beacon as a missing visibility layer.
The tool also addresses developer privacy concerns. D’Souza emphasized that security teams need visibility to protect enterprises, but developers must trust that the data is used responsibly. Agent Beacon includes redaction and policy-based controls for sensitive fields like prompts, and limits on which user groups can access the data. The current public build supports agent runtimes across local endpoint, CI, and cloud-agent telemetry paths, but omits kernel and process monitoring, shell history collection, and broad browser or SaaS telemetry.
Written mostly in Go and released under the MIT license, Agent Beacon installs on macOS through a Homebrew tap. Claude Cowork support requires OpenTelemetry export configured by a Team or Enterprise admin in the Claude admin console. The project is available for free on GitHub, and Asymptote Labs plans to build a governance layer on top of the open-source foundation, aiming to make agent activity observable, understandable, and eventually governable across enterprises.