Agent Beacon: First Open-Source Telemetry Layer for AI Coding Agents Launches

TL;DR

If you use Claude Code, Codex CLI, or Cursor on your machine, those agents are reading, writing, and executing code with your full permissions — and until today, there was no standardized way to audit what they actually did. Asymptote Labs just released Agent Beacon, the first open-source telemetry layer purpose-built for local AI coding agents. It captures every prompt, tool invocation, file access, and command execution, then exports it via OpenTelemetry — so security teams finally have a record of what their AI agents are doing.

What Is Agent Beacon

Agent Beacon is an MIT-licensed, open-source endpoint agent that sits on a developer's machine — or in CI/cloud environments — and captures normalized telemetry from popular AI coding tools. Released June 22, 2026, by Asymptote Labs, it supports Claude Code, Codex CLI, Cursor, and Claude Cowork out of the box.

The tool addresses a blind spot that has worried security teams since the rise of autonomous coding agents: traditional endpoint detection and response (EDR) tools were never designed to track AI agent activity. An agent might read a secrets file, exfiltrate it via a crafted API call, or execute a malicious npm package — and none of that would trigger standard EDR alerts because the agent runs with the developer's own credentials, indistinguishable from legitimate activity.

How It Works

Agent Beacon hooks into each supported AI agent's telemetry signals and normalizes them into a common schema. The captured data includes:

• Prompts: What the developer asked the agent to do
• Tool calls: Every file read/write, shell command, and API call the agent made
• File operations: Which files were accessed, modified, or created
• Command execution: Every shell command the agent ran, with arguments
• Agent metadata: Which agent, which version, which model was used

The normalized events are then exported via OpenTelemetry — meaning they can be shipped to any OTel-compatible backend (Datadog, Grafana, Splunk, etc.) alongside existing application telemetry.

Why It Matters Now

Three converging trends make Agent Beacon's timing significant:

1. Agent adoption is exploding. Codex CLI has grown to millions of users. Claude Code is becoming a daily driver for thousands of developers. Cursor and Windsurf have normalized agentic coding in the IDE. But security tooling hasn't caught up — organizations are deploying these agents with essentially zero visibility into what they're doing.

2. Agent-specific attacks are real. The Agentjacking disclosure earlier in June showed that attackers can inject malicious instructions into error-tracking events, tricking AI coding agents into executing arbitrary code. Without telemetry, victim organizations wouldn't even know it happened.

3. Compliance requirements are tightening. SOC 2, ISO 27001, and emerging AI-specific regulations increasingly require audit trails for automated decision-making systems. An AI agent that can modify production code is an automated decision-maker — and most organizations have no logs to prove what it decided.

What Sets It Apart

Agent Beacon is not a security scanner or a policy enforcer. It's a pure telemetry layer — and that's intentional. By staying out of the enforcement path, it avoids the performance overhead and false-positive noise that plagued earlier agent-security tools. It simply records what happened and ships the data to wherever your security team already looks.

Asymptote Labs has released it under the MIT license, which means organizations can audit the code, run it in air-gapped environments, and contribute back. The GitHub repository includes Homebrew installation, Docker support, and configuration presets for common observability stacks.

Bottom Line

If your team uses AI coding agents — and statistically, it does — you're running powerful autonomous software with full filesystem access and no audit trail. Agent Beacon gives you that audit trail for free, in an open-source package that deploys in minutes. The question isn't whether you need agent telemetry. It's whether you're comfortable waiting until after an incident to find out.