Teams rush to deploy agents but have no way to audit what agents actually did, especially during off-hours incidents
A lightweight SDK and dashboard that captures a full audit trail of agent actions, decisions, and side effects. Provides compliance reports, anomaly detection, and post-incident replay for agent behavior
Subscription based on log volume and retention period
The pain signals are real and getting worse. Teams deploying agents in production have zero visibility into what agents actually did, especially during incidents. The 3am scenario is visceral — when an agent makes a bad API call or corrupts data off-hours, there's currently no replay or audit capability. Regulated industries literally cannot deploy agents without this, blocking adoption entirely. The pain is acute but still emerging (not yet at 9-10 because many teams haven't hit production agent scale yet).
TAM is substantial but still forming. Estimated $2-4B addressable market by 2028 for AI governance/compliance tooling. The immediate serviceable market is engineering teams at regulated mid-to-large companies (finance, healthcare, government contractors) deploying AI agents — roughly 10,000-50,000 organizations globally. At $500-5,000/month average, that's $60M-$3B SAM. Not a 9 because the market requires agent adoption to mature first, and many orgs are still in pilot phase.
Compliance is a must-have budget line item, not a nice-to-have. Regulated companies already pay $50k-500k/year for audit and compliance tooling (Vanta, Drata, etc.). When the alternative is 'we cannot deploy agents at all' or 'we fail our SOC2 audit,' the willingness to pay is high. SRE teams also have established budgets for observability (Datadog, PagerDuty). This fits squarely into existing purchasing patterns.
A solo dev can build MVP in 4-8 weeks. Core is an SDK that wraps agent actions (function calls, API requests, tool use) and ships structured logs to a backend. MVP dashboard shows timeline of agent actions, basic filtering, and export. Use existing infra: ClickHouse or Postgres for storage, simple React dashboard, Python/JS SDK. The hard parts (anomaly detection, compliance report templates) can come post-MVP. The SDK integration pattern is well-understood from APM tools like Sentry/Datadog.
This is the key insight: existing tools (Langfuse, LangSmith, Arize) are built for DEVELOPERS debugging prompts and traces. None of them serve the COMPLIANCE persona — auditors who need to prove what agents did, generate regulatory reports, and replay incidents. The gap is not in trace collection (that exists) but in governance workflows, compliance reporting, anomaly detection on agent actions (not just outputs), and side-effect tracking. Nobody owns the 'agent audit trail for regulated companies' positioning.
Natural subscription model tied to log volume and retention — exactly like existing observability tools (Datadog model). Compliance requirements are ongoing, not one-time. As companies deploy more agents, usage grows automatically. Retention requirements in regulated industries (7 years for financial services) create very long customer lifecycles. Expansion revenue is built-in as agent usage scales.
- +Clear compliance-driven buying urgency — regulated companies MUST have this to deploy agents
- +Strong competition gap — existing observability tools serve developers, not auditors/compliance teams
- +Natural land-and-expand with usage-based pricing tied to agent volume growth
- +Regulatory tailwinds (EU AI Act, NIST AI RMF) creating mandatory demand
- +Validated pain from real practitioner signals — not hypothetical
- !Langfuse or LangSmith could add governance features — they have the install base and would just need a 'compliance tab'
- !Market timing risk: if enterprise agent adoption stalls or moves slower than expected, the TAM shrinks near-term
- !Enterprise sales cycle for compliance tooling is long (3-6 months) — runway must account for this
- !SDK integration requires buy-in from engineering teams who may already have observability tooling and resist another SDK
- !Fragmented agent frameworks (LangGraph, CrewAI, AutoGen, custom) mean maintaining many integrations
Open-source LLM observability platform providing tracing, prompt management, and evaluation for LLM applications and agents
ML and LLM observability platform for monitoring model performance, drift, and traces in production
Tracing, evaluation, and monitoring platform tightly coupled with the LangChain ecosystem for debugging and testing LLM apps
LLM evaluation and observability platform focused on hallucination detection, guardrails, and quality monitoring
AI safety and evaluation platform providing automated red-teaming, hallucination scoring, and compliance checks for LLM outputs
Python SDK with decorators/wrappers that capture agent actions (tool calls, API requests, decisions, side-effects) with minimal code changes. Ship logs to a hosted backend. Simple dashboard with: (1) timeline view of agent action history, (2) search/filter by agent, action type, time range, (3) export to CSV/PDF for auditors, (4) basic alerting on anomalous action patterns (e.g., agent made 10x more API calls than usual). Target one framework first (LangGraph or CrewAI) and one compliance persona (SOC2 for SaaS companies). Skip anomaly detection ML — use simple threshold-based alerts for MVP.
Free tier: 10k events/month, 7-day retention, 1 project → Pro ($99-299/month): 1M events, 90-day retention, team access, basic compliance reports → Enterprise ($1k-5k/month): unlimited events, multi-year retention, custom compliance templates (SOC2, HIPAA, ISO), SSO, dedicated support, anomaly detection. Add-on: compliance report generation ($500/report or included in Enterprise).
8-12 weeks to first paying customer. Weeks 1-4: build SDK + basic dashboard. Weeks 5-6: beta with 3-5 teams from DevOps/SRE communities. Weeks 7-8: iterate based on feedback, add compliance export. Weeks 9-12: convert beta users to paid, begin outbound to regulated companies. First enterprise deal likely 4-6 months out given sales cycles.
- “The governance and measurement pieces are the ones that bite teams hardest”
- “nobody thinks about how to audit what they actually did at 3am”
- “block orgs from going beyond the demo phase”