With 97% of enterprises expecting a material AI–agent security incident within 12 months and the EU AI Act’s high–risk provisions taking effect this August, the partnership makes runtime governance – a one-line default for the leading TypeScript agent framework.

SAN FRANCISCO, May 4, 2026 /PRNewswire/ — Enterprise AI agents are moving into production faster than the controls built to govern them. In April, the Cloud Security Alliance reported that 82% of organizations had discovered previously unknown AI agents on their networks in the past year, while only one in five have any process for decommissioning them. The EU AI Act’s high–risk provisions, which require continuous monitoring, immutable audit trails, and human oversight for most enterprise agent deployments, become enforceable on 2 August 2026.

Hot off their respective fundraising announcements – OpenBox AI’s $5 million seed round and Mastra’s $22 million Series A, Today OpenBox AI and Mastra announced a partnership designed to close that gap before it becomes the next breach headline. The integration makes runtime governance the default for every agent built on Mastra, the leading TypeScript agent framework – adopted by Replit, Brex, MongoDB, Workday, and Salesforce, with 1.8 million monthly downloads. The entire integration is a single function call.

“Most governance tools ask developers to stop shipping and start plumbing. We built OpenBox so that adding governance takes one line – and from that moment, every tool call, workflow step, and agent decision in your entire Mastra runtime is scored, attested, and auditable.”
— Tahir Mahmood, Co–founder & CTO, OpenBox AI

What the integration does

OpenBox wraps the Mastra runtime end–to–end. Every tool invocation, workflow step, sub–agent call, and inter–agent message is scored against the OWASP AI Vulnerability Scoring System and resolved into one of five verdicts: allow, constrain, require approval, block, or halt. Verdicts return in under 250 milliseconds at the 95th percentile under typical agent workloads. Every action is cryptographically attested and logged. Human–in–the–loop approvals persist across process restarts. PII detection and content moderation run at both ends of every agent call. Enterprises also benefit from compliance–ready dashboards and native support for multi–agent workflows – as applications grow, new tools and agents are governed automatically.

The result, the companies said, is the first agent framework where compliance–grade governance is a one–line default rather than a downstream integration project.

“Our community is shipping production agents at companies that handle real money, real customer data, and real regulatory scrutiny. They’ve been telling us governance can’t be something you bolt on six months after launch. OpenBox was built agent–native – it understands the difference between a business action and an internal HTTP call, renders multi–agent graphs as a single timeline, and governs new tools the moment a developer adds them. That’s the only model that keeps up with how Mastra teams actually build.”
— Abhi Aiyer, Co–founder and CTO, Mastra

Availability

The integration is generally available today for all Mastra developers. Documentation, a quickstart, and a free tier are available at openbox.ai.

About OpenBox AI

OpenBox AI builds trust infrastructure for enterprise AI systems, providing runtime governance, cryptographic audit trails, human–in–the–loop approval workflows, and policy enforcement for autonomous agents. Founded by Asim Ahmad (formerly BlackRock) and Tahir Mahmood (formerly Microsoft), OpenBox combines frontier technical expertise with deep regulatory knowledge. The company announced a $5 million seed round in 2026. Visit openbox.ai.

About Mastra

Mastra is the leading TypeScript framework for building production AI agents, created by the team behind Gatsby. With 1.8 million monthly downloads and used in production at Replit, Brex, MongoDB, Workday, Salesforce, Sanity, SoftBank, and Marsh McLennan, Mastra has raised $35 million in total funding from investors including Spark Capital and Y Combinator. Visit mastra.ai.

View original content:https://www.prnewswire.com/news-releases/openbox-ai-and-mastra-bring-default-runtime-governance-to-every-typescript-agent–as-enterprises-brace-for-an-agentic-security-reckoning-302759944.html

SOURCE OpenBox AI