Comparison
OpenSyber vs Willow
Willow secures the agents your employees run on managed laptops. OpenSyber secures the agents your contractors run inside workspaces you own.
| Feature | OpenSyber | Willow |
|---|---|---|
| Workforce focus | Contractors, agencies, freelancers | Employees on managed laptops |
| Identity federation | SAML 2.0 + SCIM 2.0 with per-org x509 cert pin | Okta / Entra / JumpCloud federation |
| Workspace isolation | Browser-isolated VM per contractor (RBI substrate) | Sensor on the employee device |
| MCP chokepoint | Claw Gateway intercepts + enforces every MCP call | Detection only — drift alerts after the fact |
| Approval flow | Slack approve / block / shutdown with D1 state machine | Slack approve / block / shutdown |
| SIEM forwarding | Splunk HEC + Datadog Logs + Microsoft Sentinel, per-org | Splunk / Datadog / Sentinel |
| Per-action policy | policy-dsl package — deny > allow > require-approval > implicit-deny | App-aware permissions per agent per action |
| Workspace replay | Recordable video + DOM/LLM/MCP/shell synced timeline | Audit log lines only |
| Time-travel rollback | Hetzner snapshot + restore (hourly/daily/weekly retention) | Approve / block — no undo |
| Behavioural baseline | Per-contractor fingerprint (JSD + cosine + Jaccard) | Trusts the employee by default |
| Compliance certs | SOC 2 Type II in progress, ETA Q4 2026 | SOC 1 / SOC 2 Type II / ISO 27001 / GDPR |
| Customer logos | First paid contractor-workspace logo Q3 2026 | Wix, Agora, Innovid, Lansweeper, Riskified |
When OpenSyber Fits
- • Built for contractors — no managed device required, identity travels with the workspace
- • MCP chokepoint, not MCP detection — policy enforced before the LLM call lands
- • Workspace replay is the audit trail — security teams scrub video instead of grepping logs
- • Time-travel rollback closes the loop on a bad AI action — undo, not just block
- • Open-source Claw MCP transport so contractors can adopt without vendor lock-in
When Willow Fits
- • Established customer base of Fortune 1000-ish brands at launch
- • Compliance moat — SOC 1 / SOC 2 Type II / ISO 27001 / GDPR already shipped
- • 1000+ connectors against an installed employee-laptop footprint
- • Backed by Webrix existing GTM motion + relationships
Honest summary
Pick Willow when your AI security problem is employees on managed laptops and the buyer pain is shadow agent discovery + compliance evidence. Pick OpenSyber when your AI security problem is contractors, agencies, or freelancers — people you cannot ship a sensor to — and you need browser-isolated workspaces, MCP enforcement, replay, and undo.