Platform
OverviewThe engineEvidence & auditEnterprise foundationHuman-in-the-loopGateways
Solutions
AI GovernanceRisk & ComplianceTrust & SafetyEnterprise-ready Code-leak preventionPersonal data & secretsPrompt-injection defenseKeep AI on-policyAgent permissions Healthcare (PHI)EU AI ActNIST AI RMFLegalAgent identity (ERC-8004)
More
Compare ResourcesStandardsSecurityCases AI Control Maturity ModelDecision System MapPrompt injection guidePMI AI standardPet, Cattle, or CrewAgent vs control layer Docs About
Book a demo

Resource · Framework

Pet, Cattle, or Crew

Everyone calls everything an "AI agent." It means at least three very different things, each with its own attack surface. The topology changes. The safety layer does not.

Three architectures

Pet
One instance, one user, elevated privileges

Claude Code, Cursor, and similar coding agents. One instance bound to one user, with access to the file system, the shell, the browser. It holds your SSH keys, your .env files, your database credentials. The blast radius is everything that user can reach.

Cattle
One agent class, a separate instance per user

Support bots and SaaS copilots. The same agent, isolated per user, each with its own memory and permissions. Naturally sandboxed, until a shared vector store or memory backend leaks one user’s data into another user’s session.

Crew
Many agents, different roles, an orchestrator on top

Multi-agent systems built on frameworks like LangGraph or AutoGen. A research agent returns poisoned data, the planner trusts it, the executor acts on it. Nobody verified anything, because each agent assumed the one before it was safe.

Different surfaces, shared threats

Each architecture fails in its own way: a Pet leaks the credentials it holds, Cattle cross-contaminate through a shared backend, a Crew launders a poisoned input through trust between agents. But all three are exposed to the same core threats: prompt injection, PII leakage, emotional manipulation, compliance violations, role drift, and the MCP attacks that come with tool use.

One safety layer for all three

This is why the control layer cannot live inside the agent. Swiftward is a policy engine that does not care whether your agent is a Pet, Cattle, or a Crew: the same rules decide what each one may do, the same enforcement stops the action that violates them, and the same audit trail records what happened. You change the topology as your product grows; the rules, the enforcement, and the evidence stay put. How agent governance works.

Book a demo