RainForest Announces 'Senda-Argus' Concept: The 'Execution Trace Layer' for the AI Agent / MCP Era
RainForest has announced its concept for 'Senda-Argus,' an audit infrastructure that creates execution trails for AI Agent and MCP operations. The system aims to visualize AI tool-calling processes and support corporate accountability.
📋 Article Processing Timeline
- 📰 Published: May 26, 2026 at 17:50
- 🔍 Collected: May 26, 2026 at 09:01
- 🤖 AI Analyzed: May 26, 2026 at 09:11 (9 min after Collected)
RainForest has announced the concept and development policy for 'Senda-Argus,' an audit infrastructure designed to create execution trails for operations performed by AI on external tools and business systems, catering to the AI Agent / MCP / Local LLM era.
Generative AI utilization is evolving from cloud-based chat to AI Agents requesting tasks via MCP (Model Context Protocol) across external tools, business systems, security platforms, and potentially robots/OT environments. In such environments, it is crucial not only to verify Prompts and Responses, but also to be able to explain 'which tool the AI called,' 'what arguments were passed,' and 'what decision process led to the execution.'
Senda-Argus aims to support audit and accountability by collecting Tool Calls, Args, Trace IDs, and Response Metadata near the MCP execution points within AI Clients and Agents, combining these with Decision Traces and Hash Chains.
■ Background: From AI 'Answers' to AI 'Execution'
Recently, LLMs, VLMs, and AI Agents are moving towards operating closer to the front lines, including business terminals, closed networks, on-premises systems, factories, robots, and security operation environments, rather than just generating answers in the cloud.
Additionally, MCP is gaining attention as an interface for AI Agents to connect to external tools and business systems. As AI Agents perform more tasks like information gathering, analysis, ticket creation, configuration changes, and report generation via MCP, the focus of risk will shift from 'what the AI answered' to 'what the AI actually executed.'
■ Limits of Existing Countermeasures
Traditional AI security measures have primarily focused on Prompt/Response inspection, jailbreak/prompt injection detection, cloud usage visibility, DLP, and AI asset management.
However, when an AI Agent calls multiple tools via MCP to execute processes in business systems or closed environments, external traffic monitoring may fail to fully capture the decisions made within the Agent and the specific tool calls and arguments executed.
In particular, Local LLM, Edge Agent, closed network, and factory/OT environments create areas difficult to reach with centralized gateways or cloud-based monitoring.
■ Overview of Senda-Argus
Senda-Argus is designed not merely as a product to protect LLM input/output, but as a Collector technology that audits the execution points of AI Agents and MCP.
Primary targets for collection are Prompts, Models, Tool Calls, Args, Trace IDs, and Response Metadata. The collected information will be combined with Risk judgments, Decision Traces, and Hash Chains to serve as an explainable execution trail.
Two collection methods are planned: 'Stealth Collector,' which embeds audit instructions in the SYSTEM prompt for the LLM to call a log-collection MCP, and 'Agent Collector,' which hooks into Python's ollama, openai, or gemini APIs to extract tool/function calls from LLM responses.
This approach aims to enable auditing across various platforms, from AI Clients using custom models to Python-based AI Agents and in-house AI applications.
■ Position of Senda-Argus
RainForest positions Senda-Argus not as a temporary response to the current MCP boom, but as an 'execution trace layer' necessary for an era where AI operates in the real world and on business systems.
As AI Agents expand into business systems, security platforms, OT, robots, and closed environments, companies face a growing responsibility to explain 'why the AI performed that operation,' 'at whose direction,' and 'what tool was called with which arguments.'
RainForest is proceeding with technical development, verification, and commercialization in this field and is actively seeking collaborations with enterprises, investors, and research institutions in the AI Agent, MCP, Edge AI, security, OT, and robotics sectors.
■ Exhibition at Interop Tokyo 2026
RainForest plans to exhibit the Senda series at Interop Tokyo 2026.
Generative AI utilization is evolving from cloud-based chat to AI Agents requesting tasks via MCP (Model Context Protocol) across external tools, business systems, security platforms, and potentially robots/OT environments. In such environments, it is crucial not only to verify Prompts and Responses, but also to be able to explain 'which tool the AI called,' 'what arguments were passed,' and 'what decision process led to the execution.'
Senda-Argus aims to support audit and accountability by collecting Tool Calls, Args, Trace IDs, and Response Metadata near the MCP execution points within AI Clients and Agents, combining these with Decision Traces and Hash Chains.
■ Background: From AI 'Answers' to AI 'Execution'
Recently, LLMs, VLMs, and AI Agents are moving towards operating closer to the front lines, including business terminals, closed networks, on-premises systems, factories, robots, and security operation environments, rather than just generating answers in the cloud.
Additionally, MCP is gaining attention as an interface for AI Agents to connect to external tools and business systems. As AI Agents perform more tasks like information gathering, analysis, ticket creation, configuration changes, and report generation via MCP, the focus of risk will shift from 'what the AI answered' to 'what the AI actually executed.'
■ Limits of Existing Countermeasures
Traditional AI security measures have primarily focused on Prompt/Response inspection, jailbreak/prompt injection detection, cloud usage visibility, DLP, and AI asset management.
However, when an AI Agent calls multiple tools via MCP to execute processes in business systems or closed environments, external traffic monitoring may fail to fully capture the decisions made within the Agent and the specific tool calls and arguments executed.
In particular, Local LLM, Edge Agent, closed network, and factory/OT environments create areas difficult to reach with centralized gateways or cloud-based monitoring.
■ Overview of Senda-Argus
Senda-Argus is designed not merely as a product to protect LLM input/output, but as a Collector technology that audits the execution points of AI Agents and MCP.
Primary targets for collection are Prompts, Models, Tool Calls, Args, Trace IDs, and Response Metadata. The collected information will be combined with Risk judgments, Decision Traces, and Hash Chains to serve as an explainable execution trail.
Two collection methods are planned: 'Stealth Collector,' which embeds audit instructions in the SYSTEM prompt for the LLM to call a log-collection MCP, and 'Agent Collector,' which hooks into Python's ollama, openai, or gemini APIs to extract tool/function calls from LLM responses.
This approach aims to enable auditing across various platforms, from AI Clients using custom models to Python-based AI Agents and in-house AI applications.
■ Position of Senda-Argus
RainForest positions Senda-Argus not as a temporary response to the current MCP boom, but as an 'execution trace layer' necessary for an era where AI operates in the real world and on business systems.
As AI Agents expand into business systems, security platforms, OT, robots, and closed environments, companies face a growing responsibility to explain 'why the AI performed that operation,' 'at whose direction,' and 'what tool was called with which arguments.'
RainForest is proceeding with technical development, verification, and commercialization in this field and is actively seeking collaborations with enterprises, investors, and research institutions in the AI Agent, MCP, Edge AI, security, OT, and robotics sectors.
■ Exhibition at Interop Tokyo 2026
RainForest plans to exhibit the Senda series at Interop Tokyo 2026.
FAQ
Senda-Argusとはどのようなシステムですか?
AI AgentやMCP(Model Context Protocol)が外部ツールや業務システムを実行する際、その判断過程やツール呼び出し内容(Args、Trace ID等)を収集・証跡化するための監査基盤です。
Senda-Argusは従来のAIセキュリティ対策と何が違いますか?
従来の対策がプロンプトや応答の検査、クラウド利用の可視化を中心としていたのに対し、Senda-ArgusはAgent内部の「実行点」を直接収集し、実行された操作の証跡を保持する点に特徴があります。
Senda-Argusの主な収集対象は何ですか?
Prompt、Model、Tool Calls、Args、Trace ID、Response Metadataなどが主な収集対象です。
どのような環境での運用を想定していますか?
カスタムモデルを利用するAI Clientから、Python製AI Agent、内製AIアプリまでを幅広く対象とし、クラウドだけでなく閉域環境やエッジ、OT、ロボティクス領域での利用も想定しています。
今後の開発予定はありますか?
RainForestは技術開発、実証、事業化を進めるほか、Interop Tokyo 2026においてSendaシリーズの展示を予定しています。