Inceptop
Private beta — Windows & macOS

Give AI Its Own Desktop

Inceptop runs AI agents in fully isolated OS sessions — real Windows and macOS desktops, live display streaming, one-click human override. No VMs. Sub-second startup.

Start free trialWatch demo →
Inceptop — work-session-1AI Control · 30fps
Session display stream1920 × 1080 · JPEG · 30fps
ActiveCPU 4%RAM 61 MBws://localhost:3420

See Inceptop in action

Watch an AI agent browse, click, and complete real workflows inside a sandboxed desktop — without touching your machine.

Demo video coming soon

Recording in progress — join the waitlist for early access while we finish up.

Everything your agent needs

Built for AI automation from the ground up. Every surface designed for the agent-as-user model.

Native OS sessions

Win32 Desktop Objects on Windows, CGVirtualDisplay on macOS. Isolated desktops that start in under a second — not VMs, not containers.

30fps live display

DXGI/SCStream capture with libjpeg-turbo encoding. Sub-100ms latency from session desktop to host viewer at 1080p.

Full AI agent API

REST + WebSocket. Screenshot, mouse, keyboard, scroll — normalized coordinates, no display resolution knowledge needed.

Human override

Single click. Under 500ms from button press to control transfer. Atomic flag — no server round-trip. Orange border, no ambiguity.

Credential vault

OS keychain backed. Credentials injected character-by-character or via CDP autofill. Plaintext never exposed to AI agent or logs.

Session snapshots

APFS clonefile on macOS, RoboCopy on Windows. Instant filesystem snapshot and restore. SQLite-backed snapshot catalog.

Watch your agent work

Live 30fps display stream from the session directly in your host app. Click Override at any time to take control.

Inceptop
New Session
research-agent
work-session-1
browser-task
code-runner
work-session-1·AI Control·30fps
https://github.com/search?q=fastify+typescript
Agent active
CPU 3%RAM 58 MBSession uptime 12m
< 1sSession startup
< 100msDisplay latency
< 500msOverride latency
5+Concurrent sessions

How it works

Three steps from idea to running agent. Zero infrastructure to manage.

01

Create a session

Launch Inceptop. Click New Session. An isolated desktop context starts in under a second — Win32 Desktop Object on Windows, CGVirtualDisplay on macOS.

POST /api/v1/sessions
{
  "profile": "development",
  "network": "allowlist"
}

→ { "id": "ses_abc123", "agentToken": "eyJ..." }
02

Connect your AI agent

Use the session JWT to authenticate. Take screenshots, move the mouse, type text, scroll. Coordinates are normalized 0.0–1.0 — your agent never needs to know display resolution.

GET /api/v1/sessions/ses_abc123/screenshot
Authorization: Bearer eyJ...

→ { "image": "<base64>", "width": 1920, "height": 1080 }

POST /api/v1/sessions/ses_abc123/input/mouse
{ "action": "click", "x": 0.5, "y": 0.3, "button": "left" }
03

Watch and override

Stream the session display live at 30fps. Click Override at any time — under 500ms to full human control. Release when done. AI resumes exactly where it left off.

WS /api/v1/sessions/ses_abc123/stream
← binary frames (4-byte header + JPEG payload)
← { "type": "state_change", "state": "OVERRIDE" }

POST /api/v1/sessions/ses_abc123/override
POST /api/v1/sessions/ses_abc123/release
Security-first design

Built like an OS sandbox,
not bolted on

Session isolation uses the same primitives Windows Sandbox and macOS App Store apps rely on. Threat model reviewed before the first line of code.

Credential injection — zero plaintext
1. AI calls /credentials/inject
2. Vault retrieves from OS keychain
3. Characters typed via InputProxy
4. Values wiped from memory after use
5. Audit log: name + timestamp only
Threat model
Cross-session memory read

OS process isolation — no shared memory segments between sessions

AI credential theft

Zero-knowledge vault — credentials injected without exposing plaintext to session or logs

AI network exfiltration

Per-session network namespace with default-deny rules; allowlist mode

Sandbox escape via syscall

AppContainer / App Sandbox / seccomp block unprivileged kernel access

Host filesystem access

Session processes restricted to sandbox scratch directory — enforced by OS

Replay attack on Agent API

RS256 JWT, 1-hour expiry, per-session key, rotated on session end

Trusted by early access teams

Inceptop is the missing piece for AI browser automation. Running agents in an isolated desktop means I can let them work overnight without worrying about them touching my actual machine.

Marcus T.

AI Engineer · Early access

The human override feature alone is worth it. One click and I'm in control — no lag, no handshake. Then I hand back to the agent. Never seen anything this smooth.

Priya R.

Founder · Private beta

We tested 5 solutions for sandboxed AI desktop automation. Inceptop was the only one that started in under 2 seconds and still gave us real OS-level isolation.

Chris L.

CTO · Early access

Private beta · Limited seats

Ready to put your agent
in the driver's seat?

Join the waitlist. Windows and macOS beta shipping to early access in Sprint 7.

No spam. Beta access only. Cancel anytime.

Ready to deploy your first
agent session?

Start free. No credit card. Windows and macOS. Under 1 second session startup.

Start free trialView pricing
14-day free trialWindows + macOSCancel anytime
Inceptop — AI Agents, Real Desktops