140+ teams. One ecosystem.
The TechEx AI & Big Data Expo Hackathon, Track 1: Agent Security & AI Governance — sponsored by Veea.
The industry has spent two years racing to give AI agents more power. The guardrails haven't kept up. Agents now read files, hit APIs, send messages, and trigger actions inside production systems — and most teams have no way to prove what their agents asked a model to do, what the model said back, or whether either of them stayed inside policy.
That's not a feature gap. That's a category that doesn't exist yet.
When we sponsored Track 1 at the TechEx AI & Big Data Expo Hackathon, we wanted to find out who was building into that category. 140+ teams answered. They built guardrails and audit pipelines, red-team harnesses and policy compilers, compliance tooling for regulated industries, multi-agent permission systems, and explainability dashboards for security teams who need to put a CISO signature next to a deployment.
All of them built on Lobster Trap — Veea's open-source deep prompt inspection proxy that sits between agents and any LLM backend, enforcing programmable policy on every prompt and every response in sub-millisecond time.
Reef, by team Tripod
Reef is a signed supply chain and underwriter layer for AI agent fleets. It's the first AI deployment that's also the first insurable AI deployment.
Three things made it the clear winner in a strong field:
A signed registry for MCP
Tripod built the open-source, Sigstore-style signature layer that the MCP ecosystem doesn't have today — the kind of registry that would have blocked the April 2026 MCP supply chain exploit at the handshake, before any tool call landed in production.
Reproducible security results
A 100% block rate against four named, CVE-mapped attack packs (MCP-RCE, EchoLeak, MarkdownExfil, ToolChain-Drift), reproducible via pytest, with raw episode logs in the repo. Not vibes. Receipts.
A signed insurance artifact
An ed25519-signed PDF carrying an AI Bill of Materials, an OWASP Agentic Top 10 coverage matrix, MITRE ATLAS mapping, and an underwriter-rubric-grounded risk score. Every standard cyber/E&O policy in 2026 has an explicit AI exclusion. Reef is the artifact that closes that gap.
And the part that mattered most to us: Tripod shipped four missing actions — MODIFY, REDIRECT, QUARANTINE, and HUMAN_REVIEW — back to Lobster Trap as an upstream-mergeable PR. Table-driven tests. No TODOs. No swallowed errors. That's not a hackathon submission. That's a contribution to the open-source product the rest of the industry is going to depend on.
What the field built
Across 140+ submissions, a few patterns emerged that map exactly to where enterprise AI deployment is stuck right now:
Compliance as code
Multiple teams built regulation-to-policy compilers that turn HIPAA, GDPR, and EU AI Act documents into enforceable Lobster Trap rules with hash-chained audit logs that a regulator could verify.
Defense in depth
Teams unified prompt inspection, budget governance, and sandboxed execution under single policy bundles with correlated audit trails — the layered approach enterprise security organizations expect for every other workload.
Honeypots and active defense
At least one team built an attacker-redirect mode that silently routes adversarial prompts to a honeypot, feeding back convincing fake data while building a profile of the attacker. Zero real bytes leaked.
Pre-execution payment gates
Policy gates for autonomous agent payments that evaluate spend intent before any wallet signing, with full audit trails for every blocked or allowed transaction.
These aren't hackathon demos. They're the shape of the agent governance category as it's forming, in real time, in the open.
Lobster Trap is the wedge.
TerraFabric is the rest of the picture.
A hackathon project lives on one machine. A production agent fleet lives across dozens to hundreds of sites — retail backrooms, factory floors, branch offices, remote installations — each with its own hardware, network conditions, compliance constraints, and operational quirks. Lobster Trap can protect any one of those agents. TerraFabric is how you govern all of them as a single coordinated system.
TerraFabric is Veea's control plane for governed autonomy at the edge. It treats fleets of distributed devices, sensors, compute nodes, and AI workloads as one operating system — fleet orchestration, policy enforcement, and software lifecycle management from fleet to region to site to device. AI agents and automation run as workloads under explicit identity, scope, and policy — not as privileged scripts.
What you get when Lobster Trap ships inside TerraFabric:
L2–L7 policy enforcement
Embedded Zero Trust with Lobster Trap's prompt-layer inspection as the conversational governance tier on top. The same control plane that decides what containers run where also decides what your agents are allowed to say to a model.
Controlled rollouts with rollback
Push a new Lobster Trap policy across a fleet in staged batches with health checks at every step and one-click rollback if something breaks. The same primitives apply to AI model updates, network policy changes, and workload promotions.
Action-linked audit logs at every layer
Every prompt, every policy decision, every workload action is logged and tied to a clear chain of accountability — the kind of evidence a regulator can verify and a CISO can sign.
Heterogeneous infrastructure, unified control
TerraFabric runs as a standalone control plane across any mix of data centers, edge clusters, x86 and GPU nodes, and Kubernetes environments. In hybrid mode, it bridges VeeaONE and non-Veea infrastructure under one control plane. No rip-and-replace.
This is the difference between managing devices and operating systems. It's also the difference between a Lobster Trap proxy on a laptop and a governed agent fleet in production.
Pilot TerraFabric
TerraFabric is currently available for pilot deployments. If you're operating — or planning to operate — AI agents and autonomous workloads across distributed infrastructure, we'd like to talk.
What's included in a pilot:
Direct platform access
Hands-on use of TerraFabric capabilities, including Lobster Trap policy enforcement integrated into the control plane.
Architecture session
A working session with Veea engineers to map TerraFabric onto your environment and your deployment goals.
Multi-site readiness assessment
A structured review of your distributed footprint (hardware, network, compliance, operational constraints) and what production readiness looks like for your fleet.
Product feedback loop
A direct line into the team building the platform. What you see in the pilot can shape what ships next.