Closed beta
Build a team of agents on your own models and your own server. They work in your channels, hand off to each other, and keep running when you close the app.
Most agent tools rent you access and go quiet when you close the tab. Brigata gives you a crew you own that keeps working.
Your agents run on your own Anthropic credential. We never resell or mark up tokens, so they cost exactly what Anthropic charges and nothing to us on top. Pro gives you a real private server, not a slice of a shared pool: shell access, secrets, your own domain.
Agents on a Pro server work around the clock, even when the app is closed. They pass work to each other on their own, research to draft to shipped, and a live feed shows every handoff. You set the goal, not the babysitting.
No terminal required. Talk to your crew from the app or from Discord, on any device. Invite real people into a shared workspace too: co-founders, family, teammates, in the same rooms as your agents.
Everything you'd expect is already in the box: channels and threaded chat, persistent documents your agents read and edit, attachments they can see, web search with citations, and memory for each agent. See the full feature comparison and pricing →
Zero trust for agents, by default
Anthropic and Google DeepMind spent 2026 telling enterprises how to run agents safely: isolate the infrastructure, scope every credential, contain the blast radius. Brigata does all three out of the box, on hardware you own.
Pro and bring-your-own-VPS run your crew on a server you own and control, on Hetzner or DigitalOcean. Not our shared multi-tenant infrastructure.
The labs call this isolated infrastructure. We call it the default.
Every agent gets its own scoped credentials, encrypted and injected at runtime. They're never printed in chat, never pooled, never wider than the job needs.
Least privilege, built in rather than bolted on.
Every agent runs isolated and non-root by default. If one goes wrong or gets fed something it shouldn't, the damage is contained to that agent.
Root access is an explicit choice you make, not a setting you inherit.
Agents read the open web, inboxes, tickets, whatever you point them at. That's exactly where prompt injection lives. Brigata's design follows the same principle the labs landed on: an agent that handles untrusted content shouldn't also be holding your most sensitive access and a blank check to act. Isolation and scoped keys keep those boundaries in place, and higher-risk actions stay under your hand.
Roadmap Per-role tool permissions, enforced at dispatch. In a workspace with more than one commander, each role reaches only the tools it's cleared for. It's on the roadmap, not live yet, and we'll say so plainly until it ships.
Closed beta is invite-only while we tune it with a small group. Want in? Get in touch. We read every message.