monsys.ai
NLFREN
Sign inGet started
BLOG · TECHNICAL DEEP-DIVES

monsys engineering blog

How we built the monitoring + compliance platform: detection internals, signing architecture, the agent itself. Long-form, no marketing fluff.

For compliance + DPOs

AI Act Article 12: what you need to log when you use AI in a business process

Providers and deployers of high-risk AI must keep every LLM call traceable — while GDPR limits PII retention. How to honour both at once with source-side PII redaction and signed evidence packs.

Technical deep-dive

AI observability: PII redaction at the source, the three hard invariants and what we deliberately don't do

Logging LLM calls in a way that's useful for debugging AND compliant with GDPR, AI Act and NIS2. Client-side PII redaction, Ed25519-signed evidence packs, and what this isn't.

Technical deep-dive

The monsys Claude Connector: MCP, OAuth 2.1 and why the agent never acts autonomously

Ask questions about your infra from a Claude chat. How the MCP server works, which 12 tools are available, and why we deliberately don't allow autonomous Emergency Actions.

Technical deep-dive

Ed25519, TOFU pinning and offline verification: how monsys evidence packs work

Dashboards are for operators. Auditors want an artifact they can verify offline, without trusting your system. How the monsys signing chain works.

For MSPs

Why MSPs choose monsys.ai as the monitoring + compliance platform for their clients

€3/server/month from the 6th server, MSP Cockpit with all clients on one screen, RBAC impersonation, pre-issued EATs for off-hours and signed monthly reports. Plus an honest margin calculation.

Compliance guide

What a NIS2 auditor expects from you — and how to concretely prove it

NIS2 is in force in Belgium. Nine Article 21 requirements, each with the auditor's question, the evidence they expect, and the monsys page that delivers that evidence with no extra work.

Technical deep-dive

Process DNA: how a SHA256 hash of /proc/<pid>/exe surprises an attacker

Classic EDR looks at behaviour. Process DNA looks at what a process IS — a hash of the binary on disk. How it works, what it detects and what it doesn't.

Technical deep-dive

Why the monsys agent is written in Rust — and what that means for security

~5 MB statically linked, zero glibc dependencies, runs on kernel 2.6+. Memory safety without a garbage collector, scope-locked sudoers and three-layer auto-update verification.

Technical deep-dive

SMART correlations: how 15 independent pipelines become one prioritised view

Isolated alerts are a ticket machine. The real threat lives in the combination. How monsys wires CVE scanning, honeypots, capacity and process DNA together via SMART correlations.

For developers + IT managers

Supply chain security: why your npm dependencies are more dangerous than you think

10,000+ dependencies in a typical Node app. 1,998 CVE matches within 90 seconds of agent install on a real SMB. How to keep the three layers (OS packages, containers, app deps) under continuous watch without a €20k pentest.

For management

The Trust Score: one number for the boardroom, six components for the operator

One number between 0-100, updated every 30 minutes from live data. Transparent formula, reproducible via inputs_hash, ready for your quarterly reporting. No black-box marketing number.

Comparison

monsys.ai vs Datadog vs Zabbix: an honest comparison for the European SMB

When Datadog is better, when Zabbix is better, when monsys is better. Includes a pricing example for 20 servers and the features monsys has out-of-the-box that the other two don't.

Compliance · 2026-05-12

What Anthropic's CLUE approach means for your monitoring

Anthropic uses Claude to monitor their own security. What of that applies to an EU SMB, and what doesn't.