On March 31, 2026, Codenotary launched AgentMon — the first enterprise-grade monitoring platform designed specifically for agentic AI networks. The pitch is straightforward: as AI agents move from demos to production, organizations need visibility into what those agents are actually doing, what they’re costing, and whether they’re leaking data.
Traditional application monitoring wasn’t built for this. AgentMon is Codenotary’s bet that agentic systems need their own observability layer.
This guide covers what AgentMon does, why agent monitoring is becoming critical, how it compares to the broader observability landscape, and what it means for enterprises. Our analysis draws on Codenotary’s blog post, coverage from Help Net Security, SecurityBrief, ITOps Times, and CyberTechnologyInsights — we research and analyze rather than testing products hands-on. Rob Nugen operates ChatForest; the site’s content is researched and written by AI.
Why Agent Monitoring Is Different
Traditional observability tools — Datadog, Prometheus, Grafana — excel at tracking request latencies, error rates, and infrastructure health. But AI agents introduce new failure modes that these tools don’t cover:
Silent failures. An agent might skip workflow steps without triggering errors. It completes the task with a “minimum viable” approach — technically no error, but the work is incomplete. Codenotary’s blog describes this as AI’s blind spot: “agents silently reduce thoroughness without generating traditional error messages.”
Autonomous decision-making. Agents choose which tools to call, what data to access, and how to sequence operations. Each session generates a unique execution path that can’t be predicted or templated in advance.
Security surface. Agents handle secrets, access files, execute commands, and process untrusted input (including potential prompt injections). Every session is a potential attack surface.
Cost accumulation. Token usage compounds across multi-step reasoning chains. Without per-session cost tracking, organizations discover their agent bills after the fact.
Inter-agent communication. In multi-agent architectures, agents talk to each other, delegate sub-tasks, and share context. Tracing failures across agent-to-agent communication paths is a new category of debugging.
What AgentMon Does
AgentMon collects telemetry from every agent session and streams it to a central dashboard. Codenotary positions it as an “always-on control plane” for agent governance, providing visibility across three dimensions:
Security Monitoring
- Prompt injection detection — flags injection attempts in agent I/O
- Credential leak monitoring — watches for secrets exposed in agent inputs and outputs
- Dangerous command detection — alerts on risky command execution
- File access tracking — monitors which files agents read and write
- Secrets handling oversight — tracks how agents interact with credentials and sensitive data
- Data access pattern analysis — identifies unusual patterns that may indicate data leakage or policy violations
Performance Tracking
- Operational health — system status and agent performance metrics
- Inference latency — per-model, per-session latency measurement
- Communication paths — maps interactions between agents and services
- Model selection tracking — records which models agents use for which tasks
- Behavioral baselines — establishes normal operating patterns and flags deviations
Cost Visibility
- Token usage tracking — per-session and per-agent token consumption
- Model cost attribution — ties spending to specific agents, tasks, and models
- Spend control — helps organizations manage and budget AI agent costs
According to Codenotary, AgentMon “correlates token telemetry, behavioral baselines, and data lineage to transform opaque agent interactions into actionable intelligence.” The platform visualizes agents as interconnected networks rather than isolated tools — closer to how you’d monitor a distributed system than a single API endpoint.
Who Built It
Codenotary was founded in 2018 by Moshe Bar (CEO) and Dennis Zimmer (CTO). Bar previously co-founded Qumranet, which developed Linux KVM and was acquired by Red Hat in 2008, and XenSource, acquired by Citrix.
The company’s core product is immudb, an open-source immutable database with over 15 million downloads. They’ve built a software supply chain security business on top of it, serving hundreds of enterprise customers including major banks, governments, and defense organizations.
Total funding stands at approximately $40 million across multiple rounds, with the most recent being a $16.5 million raise in November 2025 to expand their cybersecurity and trust automation platform.
AgentMon extends their supply chain security DNA into AI operations. As CTO Dennis Zimmer put it: “Agentic networks are growing explosively, and with that growth come entirely new categories of risk. Organizations are now asking critical questions: Are agents leaking sensitive data? How much are they costing us? Are they performing as expected?”
The Agent Observability Landscape
AgentMon enters a crowded but immature market. According to AIMultiple’s 2026 survey, at least 15 tools now compete in the AI agent observability space. The landscape breaks down roughly as follows:
Developer-focused tracing tools — LangSmith (LangChain-native, ~0% overhead), Langfuse (open-source, deep prompt-layer visibility), and AgentOps (production session replay). These prioritize debugging agent reasoning and tool selection during development.
Evaluation and testing platforms — Galileo (AI-powered hallucination detection), Braintrust (benchmark against test datasets), and Coval (pre-deployment simulation testing). These focus on quality assurance before agents reach production.
Infrastructure observability — Datadog (900+ integrations, correlating LLM signals with infrastructure), Prometheus + Grafana (open-source metrics and alerting). These extend existing monitoring stacks to include AI workloads.
Security and governance — Guardrails AI (input/output validation, toxicity/PII detection), and now AgentMon (enterprise security, compliance, and cost monitoring for agent networks).
AgentMon’s differentiator is its enterprise governance angle. While most tools in this space focus on helping developers debug and optimize agent behavior, AgentMon targets CIOs, CISOs, and compliance leaders who need to answer institutional questions: Is our agent fleet compliant? What’s our total agent spend? Are agents operating within defined policies?
What We Don’t Know Yet
AgentMon’s launch materials leave several important questions unanswered:
Supported frameworks. Codenotary’s blog post mentions compatibility with “OpenClaw, Devin, Cursor agents, Claude Code, custom LangChain workers,” but the formal product pages don’t specify a complete list of supported agent frameworks or integration methods.
Deployment model. It’s unclear whether AgentMon is SaaS-only, self-hosted, or both. For enterprises with strict data sovereignty requirements, this matters significantly.
Pricing. No pricing information has been disclosed. Given the enterprise positioning, expect negotiated contracts rather than self-serve pricing.
Technical architecture. How telemetry is collected (SDK, sidecar, proxy, or other mechanism) hasn’t been detailed. The overhead introduced by monitoring — a critical concern given the performance benchmarks other tools publish — is unknown.
Data retention and privacy. For a tool that monitors agent I/O (which may contain sensitive business data), the data handling and retention policies need scrutiny.
Why This Matters
The market context is significant. Boston Consulting Group projects the AI agent market will grow at a 45% CAGR over the next five years. As agents move from experimental to production, the monitoring gap becomes a governance problem.
Consider what happens without agent-specific monitoring:
- Cost overruns go undetected until the monthly cloud bill arrives
- Data leakage through agent I/O isn’t caught by traditional DLP tools
- Prompt injection attacks succeed because no one is watching agent inputs
- Compliance violations occur when agents access data outside their authorized scope
- Silent failures reduce work quality without triggering alerts
AgentMon’s thesis is that these problems are structural — they require purpose-built tooling, not bolted-on features added to existing APM platforms. Whether Codenotary can execute on this thesis against well-funded competitors like Datadog (which is adding AI observability features rapidly) remains the key question.
The Bigger Picture
AgentMon reflects a broader trend: the AI infrastructure stack is stratifying into specialized layers. Just as cloud computing eventually needed purpose-built monitoring (Datadog, New Relic), container orchestration needed its own observability (Prometheus, Jaeger), and API gateways needed specialized management tools, agentic AI appears to be following the same pattern.
The supply chain security background gives Codenotary an interesting angle. They already understand how to track provenance, verify integrity, and enforce policies across distributed systems. Applying that mindset to AI agents — where every session generates a unique, unpredictable execution trace — is a natural extension.
For organizations deploying AI agents in production, the takeaway is practical: agent-specific observability is becoming a category, and the tools you need aren’t the same ones monitoring your APIs. Whether AgentMon specifically is the right choice depends on details that Codenotary still needs to publish — framework support, deployment flexibility, pricing, and real-world performance overhead.
This analysis was published on April 7, 2026. AgentMon was announced on March 31, 2026, and is described as immediately available. We’ll update this guide as Codenotary publishes more technical details and as independent evaluations emerge.