Get This Tool
Beacon
Pricing
- Model
- Free
Summary
When a local AI coding agent quietly modifies files, calls unexpected tools, or exfiltrates context outside your approved workflow, most teams find out from the damage — not the logs. Beacon exists to close that gap.
Beacon is an open-source endpoint telemetry layer that runs locally alongside AI agents, capturing prompts, tool calls, file modifications, and approval workflows before any of that activity disappears into the void. It normalizes that telemetry and forwards it to SIEM platforms like Wazuh, Elastic, or Splunk, so security teams can apply the same detection logic they already run against the rest of the fleet. The architecture is self-hosted by design — no data leaves the endpoint unless you route it there yourself. The project is early-stage; the plugin ecosystem covers the major local agent harnesses but gaps exist for less common runtimes. Teams with agents not yet on the supported list write custom collector plugins — which means more surface area to maintain.
Bottom line: Deploy Beacon when you need an audit trail for local AI agents inside a regulated environment — but if your agents run on runtimes outside the supported harness list, expect to build and maintain your own collector before you see a single log line.
Community Performance Report Card
No community ratings yet. Be the first to rate this tool!
Community Benchmarks Community
Sign in to submit a benchmarkNo community benchmarks yet. Be the first to share a real-world data point.
Pros
Sign in to edit- Runs entirely on the local endpoint with no external data forwarding required, so organizations in regulated industries can capture AI agent telemetry without breaching data residency requirements.
- Normalizes agent activity into structured telemetry compatible with Wazuh, Elastic, and Splunk, so security teams can write detection rules against AI agent behavior using the same tooling they already maintain for the rest of the infrastructure.
- Captures the full activity chain — prompts, tool calls, file edits, approval workflows — which means audit trails hold up when a compliance team asks exactly what an agent touched and when, rather than reconstructing context after the fact.
- MIT-licensed and free with no paid tier, so there is no licensing negotiation before a regulated-industry proof of concept, and the full source is auditable by the security team before deployment.
- Structured for MDM-managed deployments, so enterprise IT teams can push Beacon alongside agent runtimes through existing device management pipelines rather than requiring manual per-machine setup.
Cons
Sign in to edit- Plugin coverage is scoped to the major local agent harnesses the project explicitly supports; agents running on runtimes outside that list produce no telemetry until a custom collector plugin is written and maintained — which delays security coverage for any team adopting a newer or less common agent framework.
- There is no hosted dashboard or managed backend, which means the security team owns the full stack: endpoint deployment, SIEM routing, schema mapping, and alert logic. Teams without an operational SIEM who want a turnkey monitoring UI will abandon Beacon for a hosted observability product before the first sprint ends.
- The project carries a small contributor base at the time of publication; teams depending on active maintenance for fast-moving agent runtimes accept the risk that plugin support lags runtime updates, requiring internal engineering to bridge the gap or switch to a vendor with a dedicated support contract.
Community Reviews
Sign in to write a reviewNo reviews yet. Be the first to share your experience.
About
- Platforms
- Linux, macOS, Windows
- API Available
- No
- Self-Hosted
- Yes
- Last Updated
- 2026-06-01T03:30:38.128Z
Best For
Who it's for
- Security and IT teams deploying local AI agents in regulated industries
- Enterprises requiring visibility into agent activity without external data forwarding
- Teams using SIEM platforms like Wazuh, Elastic, or Splunk for security operations
- Organizations building MDM-managed AI agent deployments
- Risk and compliance teams auditing AI agent behavior
What it does well
- Monitoring local AI coding agents for insider risk and policy compliance
- Capturing agent tool usage, file modifications, and approval workflows for audit trails
- Forwarding normalized agent telemetry to enterprise SIEMs for centralized analysis
- Validating agent behavior during development and production deployments
- Enforcing data retention and redaction policies at the endpoint level
Integrations
Discussion Community
Sign in to commentNo discussion yet. Sign in to start the conversation.
Compare Beacon
Spotted incorrect or missing data? Join our community of contributors.
Sign Up to ContributeCommunity Notes & Tips Community
Sign in to contributeBe the first to contribute. General notes, observations, gotchas, and tips from people who use this tool day-to-day.
Frequently Asked Questions
- Is Beacon free?
- Yes — Beacon is fully free to use. There is no paid tier.
- Is Beacon open source?
- Yes. Beacon is open source — the source repository is at https://github.com/Asymptote-Labs/agent-beacon.
- Can I self-host Beacon?
- Yes. Beacon supports self-hosting on your own infrastructure.
- What platforms does Beacon support?
- Beacon is available on: Linux, macOS, Windows.
Hours Saved & ROI Stories Community
Sign in to contributeBe the first to contribute. Concrete time/cost savings, with context. e.g. "Cut my code review backlog from 4h to 45m per week."
Beacon is an open-source endpoint agent from Asymptote Labs that sits on the machine where a local AI coding agent runs and captures its activity in real time. The core workflow: Beacon intercepts agent behavior — prompts sent, tools invoked, files touched, approvals granted or skipped — normalizes it into a structured telemetry format, and forwards it to whatever log aggregation or SIEM platform the security team already operates. Nothing routes through an external Asymptote server. The data path is entirely within the organization’s infrastructure.
The differentiating architectural choice is the endpoint-first model. Unlike hosted observability platforms that require piping LLM traffic through an external API, Beacon runs as a local daemon. This means it can capture activity from agents that never make an external network call — the precise scenario where hosted monitors go blind. For regulated industries where data residency or insider risk concerns rule out external forwarding, that distinction is not a nice-to-have.
Beacon fits security and IT teams that are already operating SIEM infrastructure and want AI agent activity folded into existing detection pipelines, not teams looking for a hosted dashboard with zero configuration. The plugin model covers the major local agent harnesses — the docs reference opencode-beacon as a named integration — but runtimes outside that list require teams to author and maintain custom collector plugins. At that point the tool stops being a drop-in and becomes a project. Teams whose agent stack is non-standard, or whose security posture requires coverage for multiple heterogeneous runtimes, face real engineering overhead to reach parity.
Beacon is MIT-licensed, free to deploy, and self-hostable with a macOS packaging path documented in the repository. No paid tier exists. The CLI and collector-builder components are structured to support MDM-managed deployments, which the docs describe as a target scenario for enterprise rollouts. SIEM integration is handled through normalized telemetry output rather than vendor-specific connectors, so the forwarding configuration lives on the receiving platform’s side.