Skip to main content
Agent0 is the autonomous remediation layer that sits on top of any CSPM. You connect two things — read-only GCP and a GitHub App on your IaC repo — and the agent triages your cloud findings (suppressing noise, ranking by org context) and opens real fix PRs in your own repository. It does not replace your scanner, your graph, or your detection engine. It picks up findings and does the one thing those tools leave to humans: write the correct fix, in your code, as a pull request you review.

The two connections

Connect GCP (read-only)

Apply a least-privilege Terraform module. 0Labs impersonates a read-only scanner SA — keyless, no credentials stored.

Connect GitHub

Install the Agent0 GitHub App on your IaC repo. The only mutation we ever make is a pull request.

The trust headline

This is the whole security model, stated plainly:

Read-only scanning

Zero write verbs in the granted role. You can diff the exact permission set before you apply it.

PR-only mutation

The only change we ever make is a GitHub pull request. Merge ≠ apply — your CI plans, your pipeline applies.

Keyless

No credentials stored. Short-lived impersonation you revoke by removing one IAM binding.

Metadata-only egress

We read config via read-only APIs. No disk snapshots, no object or database contents.

Where to go next

Quickstart

The 5-minute happy path, end to end.

Permissions

The full, exact read-only permission set.

Security & trust

Keyless model, egress boundaries, subprocessors.