Talona: Enterprise

Security on every layer.

Isolated runtime

Each agent runs on its own Fly Machine with a dedicated filesystem and network. The kernel boundary keeps tenant data fully isolated, with zero shared infrastructure between agents.

Learn more

fra.fly.io

data-agent

running

iad.fly.io

sales-agent

running

syd.fly.io

ops-agent

running

lhr.fly.io

mkt-agent

running

Encrypted secrets

256-bit encryption at rest. Tools get substituted values at the wire, so the model and the trace never see raw secrets.

Learn more

At rest

SLACK_TOKEN: enc("Q2k4...")

↓

In prompt

{ token: "$SLACK_TOKEN" }

↓

At the wireredacted in trace

{ token: "xoxb-•••" }

Audit-ready by default

Every tool call lands in OpenTelemetry traces with secret values stripped before export. Approval policy gates risky calls before execution.

Learn more

span · tool.call82ms

args: {

token: [redacted]

to: "#eng"

body: [redacted]

}

approved by user200 OK