What is Beacon?
Beacon is an open-source endpoint telemetry layer designed to provide security and IT teams with visibility into local AI agent activity. It captures, normalizes, and audits actions from developer agent harnesses like Claude Code and Cursor to ensure compliance and security oversight.
- Best For: Security teams, IT administrators, and enterprise developers.
- Pricing: Free and open-source (MIT License).
- Category: AI Productivity Tools
- Free Option: Yes ✅
The Problem Beacon Solves
As AI agents become a standard part of the developer workflow, they introduce significant visibility gaps for security operations. When an agent like Claude Code or Cursor is running locally on a workstation, traditional network-based monitoring tools often fail to capture the specific tool calls, file modifications, and reasoning steps the agent takes. This "blind spot" creates a risk where unauthorized or sensitive actions could be performed on a corporate machine without any audit trail.
Security teams and IT administrators suffer from this lack of observability, as they cannot audit AI behavior for compliance or incident response. Existing monitoring tools are usually optimized for server-side logs or network traffic, not the nuanced, high-frequency activity of a local AI agent process.
Beacon fixes this by acting as a local observability layer. By instrumenting the agent runtime directly, it captures and normalizes activity into structured JSONL logs that can be reviewed locally or forwarded to existing SIEM pipelines like Wazuh or Splunk. In this tutorial, you'll learn exactly how to use Beacon — step by step.
How to Get Started with Beacon in 5 Minutes
- Ensure you have the Homebrew package manager installed on your macOS system.
- Open your terminal and run
brew tap asymptote-labs/tapto add the Beacon repository to your local sources. - Install the tool by executing
brew install beaconin your command-line interface. - Verify the installation and path configuration by running the command
beacon version. - Consult the Beacon CLI documentation to identify the specific agent harness you wish to monitor and initiate the agent runtime logging.
How to Use Beacon: Complete Tutorial
Step 1: Installing and Configuring the Beacon CLI
Once you have installed Beacon, the first step is to ensure it can interface with your desired AI agent runtime. Beacon relies on local hooks to intercept activity, so verify that your AI tool (e.g., Cursor or Claude Code) is closed before the initial setup to prevent configuration conflicts. You can check the status of your installation by running beacon status, which confirms if the background processes are ready to receive telemetry events.
--include-runtime-metrics flag during your initial setup if you need to debug agent performance alongside security events, though this will significantly increase the volume of your logs.Step 2: Monitoring Local AI Agent Activity
Beacon operates by normalizing disparate agent behaviors into a unified JSONL format. Once you launch an AI agent, Beacon begins streaming the telemetry to a local log file. You can monitor this in real-time by using the built-in dashboard command: beacon dashboard. This read-only interface allows you to validate that your security policies are capturing intended actions like file writes and tool approvals without needing to manually parse raw data.
Step 3: Integrating with Enterprise SIEM Pipelines
For organizations, the primary goal is moving data from the endpoint to a centralized monitoring system. Beacon supports forwarding logs to Wazuh or Splunk HEC. You will need to configure your output settings to point to your enterprise collector, ensuring that your redacted and normalized JSONL files are transmitted securely. This step ensures that your security operations center (SOC) can set up alerts based on agent activity patterns, such as an agent attempting to modify restricted configuration files.
beacon endpoint repair command if your forwarding connection is interrupted.Beacon: Pros & Cons
| Pros | Cons |
|---|---|
| Open-source and free to use under MIT license. | Requires manual CLI configuration and technical expertise. |
| Privacy-focused: local processing means data doesn't leave the machine unless configured. | Not a plug-and-play solution for non-technical users. |
| Supports major agent harnesses like Claude Code and Cursor. | Focused strictly on enterprise oversight rather than end-user features. |
| Native integration with common SIEM tools like Wazuh and Splunk. | Steep learning curve for teams unfamiliar with OTLP protocols. |
Beacon Pricing: Free vs Paid
Beacon is an entirely open-source project licensed under the MIT license. There is no "paid" tier, SaaS subscription, or hidden cost for the software itself. It is designed for enterprise integration, meaning the cost of ownership is centered on the time spent by IT teams for deployment, maintenance, and the storage of the resulting log data in your existing SIEM infrastructure.
Because it is free and open-source, you have full control over the code. This is ideal for security-sensitive organizations that cannot rely on a third-party hosted vendor to manage their AI telemetry. You are essentially getting a production-grade security tool without the vendor lock-in or recurring licensing fees typically associated with enterprise endpoint monitoring software.
👉 Check the latest pricing and documentation on the official Beacon repository.
Who is Beacon Best For?
For Security Teams: It provides a necessary auditing layer to enforce compliance policies on local developer machines, ensuring that AI-assisted actions are documented for post-incident review.
For IT Administrators: It offers a standardized way to manage and deploy monitoring agents via MDM, simplifying the oversight of AI tool usage across a large, distributed fleet of workstations.
For Enterprise Developers: It allows for the safe adoption of agentic AI tools in restricted environments by providing transparency into what these agents are actually doing within the local development workspace.
Alternatives to Beacon
Currently, there are few direct alternatives that focus specifically on local AI agent observability in the same way as Beacon. Traditional endpoint detection and response (EDR) tools exist, but they generally lack the agent-specific context provided by Beacon. General-purpose OpenTelemetry collectors can be configured manually, but they require significant custom work to normalize agent activity.
Beacon is superior for this specific niche because it is purpose-built for the AI agent stack. By pre-defining the logic for capturing tool calls and agent reasoning, it saves engineers hundreds of hours of configuration time compared to building a custom OTLP pipeline from scratch.
Final Verdict: Is Beacon Worth It?
If you are an IT or security lead tasked with governing AI usage within a professional environment, Beacon is currently the most practical tool for the job. It fills a critical gap in visibility for local AI agents without imposing unnecessary overhead or vendor requirements.