The Physical Interface of Intelligence
In the Myrmex ecosystem, intelligence lives in the cloud. Centurion orchestrates, Perseus strategizes, and Hydra integrates—but none of this is possible without a physical presence in your infrastructure. That presence is the Myrmex Endpoint Agent. Think of it as the Body to the AI’s Mind: while the cloud-based agents process data, reason about threats, and plan responses, the Endpoint Agent provides the Eyes (telemetry), Hands (execution), and Nervous System (secure communication) necessary to perceive and interact with the real world.
One Binary, Two Operational Modes
The agent’s versatility comes from its ability to operate in two distinct modes. A simple configuration switch transforms its role in the Multi-Agent System (MAS), enabling different capabilities for different specialized agents.Endpoint Mode
Enabling Perseus
When deployed on workstations and servers, the agent becomes the technical arm of Perseus. It monitors every syscall, process, and file operation, streaming normalized telemetry to the platform. When Perseus decides action is needed—isolating a compromised host, terminating a malicious process, or quarantining a suspicious file—the agent executes these commands with surgical precision.Key Focus: Device-level protection, real-time telemetry, and local autonomous reflexes.Collector Mode
Enabling Hydra
When deployed on strategic gateway servers, the agent transforms into a bridge for Hydra. It centralizes logs from firewalls, switches, and cloud platforms via Syslog or API ingestion. More importantly, it acts as an SSH and API proxy, allowing Hydra to execute commands on network devices and cloud environments that don’t support direct agent installation.Key Focus: Integration gateway, log aggregation, and remote device orchestration.Why a Unified Binary?
Traditional security tools require different installers, different configurations, and different management workflows for different roles. Myrmex takes a different approach.Simplified Operations
Simplified Operations
You deploy the same binary everywhere. Whether it’s a developer’s laptop or a critical gateway server, the installation process is identical. The agent’s role is determined by a simple configuration parameter, not by which installer you downloaded.
Consistent Behavior
Consistent Behavior
Because the same codebase powers both modes, you get consistent security guarantees, encryption standards, and update mechanisms across your entire fleet. No version mismatches, no compatibility issues.
Flexible Deployment
Flexible Deployment
Need to repurpose a device? Switch the agent from Endpoint to Collector mode (or vice versa) with a configuration change. No reinstallation required.
Technical Deep Dives
Understand the engineering that makes the Agent the perfect enabler for AI-driven security orchestration.Capabilities Matrix
Eyes & Hands
Explore the full technical capability matrix: from Kernel Syscall Interception (Visibility) to Process Termination (Execution) and SSH Tunneling (Gateway). See exactly what primitives the agent exposes to the AI.Data Flow Architecture
The Translation Layer
Learn how the agent transforms chaotic, high-volume OS events into structured, normalized signals. Understand the pipeline: Acquisition → Normalization → Local Heuristics → Orchestration → Execution.Secure Communication
The Nervous System
Deep dive into the TLS 1.3 encrypted channel that streams telemetry up to the platform and receives orchestration commands down. Understand buffering, compression, and offline resilience.Agent Lifecycle
Zero-Touch Updates
Learn how the agent maintains itself. From Universal Installation to Atomic Auto-Updates and Fail-Safe Rollbacks. Understanding how we keep your security current.Core Principles
The Myrmex Endpoint Agent is built on three foundational principles that distinguish it from traditional endpoint tools:1. Intelligence Lives in the Cloud
The agent doesn’t try to be smart locally. It doesn’t have complex rule engines or signature databases. Instead, it focuses on perfect data collection and deterministic execution. The intelligence—the pattern recognition, the threat correlation, the strategic planning—happens in the cloud where Centurion has access to global context, threat intelligence, and organizational history.2. Local Autonomy for Critical Moments
While the heavy thinking happens in the cloud, the agent maintains autonomous reflexes for immediate threats. If a process starts encrypting thousands of files (ransomware behavior), the agent can intervene immediately—even without internet connectivity. These local heuristics are lightweight, focused, and designed to buy time until the cloud “Mind” can formulate a comprehensive response.3. Universal Compatibility
From Windows XP to the latest macOS, from legacy OT environments to modern cloud instances, the agent runs efficiently on minimal hardware. It supports:- Windows: XP/2003 (legacy mode), 7/2008R2+, 10/11, Server 2012+
- Linux: RHEL/CentOS, Ubuntu, Debian, Fedora, Arch, and derivatives
- macOS: 10.13 (High Sierra) and later
From Thought to Action
The journey from a user’s question to a system change follows a rigorous pipeline that ensures safety and predictability.- The Request: You ask Centurion to perform a task (e.g., “Investigate this host”).
- The Plan: Perseus or Hydra creates a plan using available capabilities.
- The Validation: The platform validates permissions and injects encrypted credentials.
- The Execution: The command is delivered to the Endpoint Agent for local execution.
- The Feedback: The result is normalized and returned to the AI for final analysis.
Compliance and Data Governance
The Myrmex architecture is built for highly regulated environments where data sovereignty is paramount.- Zero Persistence Principle: Credentials and tokens are held in-memory only during execution. They are never written to disk on the agent or exposed to the AI layers.
- Encrypted Everything: All data in transit is secured with TLS 1.3 and AES-256-GCM.
- Auditability: Every AI-driven action is logged with full context (Who, What, Why, and the Resulting Output).
- Data Neutrality: Myrmex processes the “Intelligence” of the event, while the raw, sensitive data stays within your controlled infrastructure.
Ready to deploy your first agent? Check the Installation Guide for step-by-step instructions.
What Makes It Different?
Unlike traditional EDR/XDR agents that try to be autonomous security products, the Myrmex Endpoint Agent is designed from the ground up as an orchestration interface. It doesn’t compete with your existing security stack—it enables the AI to orchestrate it.The agent’s true power isn’t in what it does alone, but in what it enables Centurion and the specialized agents to accomplish across your entire infrastructure.