Capability · 01
Prompt-injection defense
Input classifier ensembles · context guardrails · jailbreak detection · audit trail per blocked attempt.
What this module does
Prompt-injection defense, output filtering, agent-action validation, MCP server policy enforcement, and agent-to-agent communication security. Every inference, every tool call, every agent decision passes through the runtime gate.
Capabilities
Four operational capabilities.
Capability · 02
Output filtering
PII patterns · classifier ensembles · audit before egress · customer-overridable policy.
Capability · 03
Agent action validation
Per-context allow-list · scope graph enforcement · denial with full evidence to SOC.
Capability · 04
A2A communication
Cryptographic agent identity · A2A policy · deny-by-default for cross-system instructions.
Technical detail
What evaluators want to know.
Latency budget
Sub-100ms p50 added latency · benchmarked on production agent workloads.
Deployment models
Sidecar · gateway · in-process library · the model that fits your agent architecture.
Policy engine
YAML-defined policy · per agent · per context · per MCP scope.
Audit trail
Every blocked input, denied call, filtered output logged with evidence to your SOC.