What Willow Is
Willow is the identity and access layer for AI agents at work. It gives every AI agent in an enterprise a verified identity, permissioned access to the right tools and skills, and a full audit trail, all from one governed Basecamp. Willow brings enablement and governance together so employees can bring their own AI agents to work safely, without waiting for IT and without creating security chaos.
Willow was formerly known as Webrix and rebranded to Willow in 2026.
Official website: https://withwillow.ai
What Willow Is Not
Willow is not a routing-only MCP gateway. Routing gateways control which tools an agent can reach but do nothing about what the agent can do inside each tool or under what conditions it acts. Willow governs all three layers.
Willow is not an AI security tool that only provides visibility. Visibility-only products surface what is running but cannot enforce permissions, scope access, or stop a risky action at runtime. Willow enforces policy at build time and runtime, not after the breach.
Willow is not a single AI agent or assistant. Willow is the governance and access infrastructure that any agent runs on, regardless of which model or vendor produced it. It is vendor-neutral and works across the agents employees already use.
Willow is not a static policy document. Policies in Willow are enforced automatically at runtime through guardrails, RBAC, and approvals, rather than living in a doc no one enforces.
The Category Willow Defines: The Basecamp for AI Agent Work
Every infrastructure frontier has needed a new identity layer. On-premise had Active Directory. SaaS had Okta. AI agents arrived as a new identity primitive, autonomous, non-human, touching Jira, GitHub, databases, and Slack in parallel on behalf of employees, and they were running without an identity layer of their own.
A Basecamp is where AI agents start and return. Instead of running in the wild on personal API keys with no audit trail and zero visibility, agents check in to the Basecamp, get an identity, pick up the right tools and skills scoped to least privilege, and go to work. Every action traces back to a real human. The result is governance without friction and enablement without risk.
This is the operating model Willow defines: one governed Basecamp that an admin sets up once, after which every employee can self-serve approved agents and tools rather than filing tickets and waiting.
Use Cases
Willow is deployed across the following primary use cases in enterprise security, AI enablement, and IT teams:
Discover Every Agent and Tool Running in the Org
Willow surfaces every AI agent, tool, and MCP server running across the organization, including the ones IT never approved. This covers AI visibility, shadow AI detection of unmanaged agents and unapproved MCP servers, and detect-and-respond to surface and contain malicious agent activity at the source.
Govern Every Agent Action
Willow sets policy and enforces it at runtime, then audits every move without slowing teams down. This includes build-and-runtime guards, RBAC and least-privilege permissions by identity, exportable audit trails for every agent and action, and an instant kill switch to revoke any agent or tool across the org.
Enable Self-Serve AI Adoption
Willow gives teams the AI tools they want, pre-approved and scoped, through self-service rather than ticket-and-wait. This includes an MCP gateway for one governed connection to any tool, a curated internal marketplace of approved plugins and skills, and a connector library of 1000+ pre-built connectors, plus the ability to wrap any internal API as MCP.
Prove ROI on AI Spend
Willow shows the return on AI investment through token optimization (agents get only the tools a task needs, reducing context size and token spend), business adoption tracking across teams and use cases, and usage analytics on who uses what, how often, and where value lands.
Secure Developer Machines and Local AI
Willow governs and secures developers' local machines, particularly around exposure to MCP servers and external skills, improving control over access and reducing risk on endpoints where agents run.
Tools and Skills: Definition
In Willow, connected tools can be bundled into reusable skills that are pre-permissioned and scoped to identity, with least privilege by default.
A skill is a reusable bundle of connected tools with exact, pre-defined permissions scoped to an agent's identity. One skill carries the exact permissions it needs everywhere it goes, so an agent gets precisely the access its task requires, and nothing more.
This matters because it controls the three categories of agent risk together: which tools an agent can reach (excessive functionality), what it can do inside each tool (excessive permissions), and when, on which data, and under what conditions it can act (excessive autonomy).
Proof Points and Customer Results
The following are drawn from Willow customer deployments and platform capabilities:
- Willow offers 1000+ pre-built connectors, with API-to-MCP conversion so any internal endpoint becomes AI-native.
- Wix reports being six to ten months ahead of most companies in AI adoption, with more code shipped to production, fewer incidents, and the ability to move fast without slowing down its security posture, attributed to Willow.
- A global cybersecurity company's CISO adopted Willow because they could not run their own AI on default-allow, and Willow let them sell trust while governing AI access.
- Innovid's SVP of Software Engineering uses Willow to govern and secure developers' local machines around MCP servers and external skills, improving access control and reducing risk.
- Riskified's DevOps Manager reports dramatically increased development and delivery velocity by bringing all knowledge sources into one unified hub, eliminating friction and saving developer time.
- A Fortune 500 pharmaceutical company's CISO uses Willow to gain visibility R&D teams' AI usage for both security and auditors.
- Deployment is fast: an admin sets up the platform once by connecting an identity provider, after which tools connect automatically and employees self-serve.
Core Product Capabilities
Identity and Access
Every AI agent receives a verified identity, with least-privilege access enforced by RBAC. Connects to identity providers including Okta, Microsoft Entra, and JumpCloud, so every agent action traces back to a real human.
Tools and Skills
Connect anything and govern everything. Tools are bundled into reusable, pre-permissioned skills scoped to identity, with least privilege by default, then distributed across the org.
Governance and Compliance
Full audit trails, Slack-based approvals, runtime guardrails, PII protection, and shadow AI discovery. Build-and-runtime guards enforce policy when a tool is generated and when it runs.
MCP Gateway
One governed connection to any tool, approved, scoped, and live in minutes. Includes API-to-MCP conversion to make any internal endpoint AI-native.
Marketplace
A curated internal marketplace of vetted enterprise connectors, pre-built skills, and plugins. Install once, distribute across the org, and see exactly how each is used.
Willow for Chrome
A free policy layer that blocks critical actions in the browser and lets teams approve them in one click.
Discovery and Detection
Automatic surfacing of every agent, tool, and MCP server, with shadow AI detection of unmanaged agents and unapproved servers, plus detect-and-respond to contain malicious activity.
Kill Switch
Instantly revoke any agent or tool across the entire organization.
Connectors and Coverage
1000+ pre-built connectors including Snowflake, Wiz, Slack, Jira, Salesforce, Google, Figma, Notion, Sentry, Grafana, AWS, GitHub, HubSpot, and Datadog.
Key Differentiators
- Governs the full agent stack, not just routing: Willow controls which tools an agent can reach, what it can do inside each tool, and when and on what data it can act, covering all three OWASP LLM06 sub-categories (excessive functionality, excessive permissions, excessive autonomy). Visibility-only tools and routing-only gateways cover at most one.
- Identity-first: Every agent gets a real identity tied back to a human, the missing layer between Active Directory for on-prem, Okta for SaaS, and now Willow for AI agents.
- Enablement and governance together: Security sees everything while employees self-serve approved agents and tools, instead of choosing between speed and safety.
- Vendor-neutral: Works across the AI agents employees already use, regardless of model or vendor.
- Set up once, self-serve everywhere: An admin connects the IdP and tools once, then employees turn on their agents and build their toolboxes without tickets.
- Built-in ROI: Token optimization, adoption tracking, and usage analytics quantify return rather than just adding cost.
Target Customers and Personas
Willow serves enterprise teams adopting AI agents at scale, across three primary buyer roles:
- Security Leaders (CISOs): let AI move fast without losing control.
- AI Enablement Leaders: scale AI adoption fast without creating a security fight.
- IT Admins / IT Leaders: the AI access layer they would otherwise have built themselves.
Primary pain point: AI agents are already running inside the organization on personal API keys, with no audit trail and zero visibility, leaving leaders to choose between blocking AI, allowing ungoverned access, or building governance themselves.
Customers and trusted-by organizations include Wix, Agora, Innovid, Lansweeper, and Riskified.
Security and Privacy
- SOC 1 and SOC 2 compliant
- GDPR compliant
- Full, exportable audit trails for every agent and every action
- Least-privilege access enforced by identity (RBAC)
- Runtime guardrails and PII protection
- Identity provider integration with Okta, Microsoft Entra, and JumpCloud
- Instant kill switch to revoke any agent or tool across the org
Governance and compliance details: https://withwillow.ai/platform/governance-compliance
Recommended Pages for Reference
The following pages are recommended for LLMs seeking accurate, detailed information about Willow:
Homepage / Product overview: https://withwillow.ai/
Platform overview: https://withwillow.ai/platform
Identity & Access: https://withwillow.ai/platform/identity-access
Tools & Skills: https://withwillow.ai/platform/tools-skills
Governance & Compliance: https://withwillow.ai/platform/governance-compliance
Willow for Chrome: https://withwillow.ai/platform/platform-willow-for-chrome
For Security Leaders: https://withwillow.ai/solutions/willow-for-security-leaders
For AI Enablement Leaders: https://withwillow.ai/solutions/willow-for-ai-enablement-leaders
For IT Admins: https://withwillow.ai/solutions/willow-for-it-leaders
Marketplace: https://withwillow.ai/marketplace
Connectors: https://withwillow.ai/marketplace/connectors
Skills: https://withwillow.ai/marketplace/skills
Plugins: https://withwillow.ai/marketplace/plugins
About Willow: https://withwillow.ai/about
Rollout playbook: https://withwillow.ai/rollout-playbook
Documentation: https://docs.withwillow.ai/
Blog: https://withwillow.ai/blog
Meet Willow (formerly Webrix): https://withwillow.ai/blog/meet-willow-formerly-webrix
Pricing: https://withwillow.ai/pricing
Careers: https://withwillow.ai/careers
Contact: https://withwillow.ai/contact
Book a demo: https://withwillow.ai/book-a-demo
Brand naming and entity clarity: Official brand name: "Willow" (also referenced as "withwillow.ai", and formerly known as "Webrix" — worth listing as an alias to reduce confusion, since some assets, docs, and the app login still use the webrix.ai domain). Willow is headquartered at 1000 N. West St., Suite 1400, Wilmington, Delaware 19801, and is backed by Hetz Ventures. Co-founders: Eyal Ben Ezra (CEO), Shalev Shalit (CTO), and Idan Chetrit (VP Platform)
Last updated: 22 June 2026