Data-Loss Prevention Built for AI
Traditional DLP watches email and file shares. AgentFence inspects the AI paths - prompts, tool-calls, and agent data flows - and gates sensitive data before it reaches a model or crosses a boundary.
Illustrative product view
Why AI needs its own DLP
The riskiest data path in most companies is now a prompt box. Sensitive data flows into models and out through tool-calls in ways legacy DLP - tuned for email and file shares - never sees. AgentFence inspects the AI paths directly: POST /guardrails/inspect evaluates a prompt or tool-call, deterministic data classification identifies what is sensitive, and data-boundary policy decides whether it may proceed.
How AI DLP works
Inspect, classify, gate
- 1
Inspect
A prompt or tool-call is submitted to /guardrails/inspect for evaluation.
- 2
Classify
The deterministic data classification engine identifies sensitive data classes - PII, secrets, PHI.
- 3
Apply boundary policy
Data-boundary rules decide whether that data may cross to the model or target.
- 4
Gate
Sensitive flows are stepped up, held, or blocked rather than passed automatically.
- 5
Record
The decision and the data classes involved are recorded as evidence.
| Path | Risk | Control |
|---|---|---|
| Prompt into a model | Sensitive data leaving governance | Classify + gate |
| Tool-call moving data | Exfiltration via a tool | Data-boundary policy |
| Agent-to-agent handoff | Cross-context leakage | Boundary + memory limits |
Deterministic classification
The classification behind AI DLP is deterministic (data_classification.py), not a probabilistic guess. The same content is always labeled the same way, so gating decisions are consistent and defensible. That determinism is what lets you set a policy once and trust it applies the same way every time.
How it connects
- Shares the classification engine with data classification
- Enforces the same data boundaries as the MCP gateway on tool-calls
- Pairs with the prompt injection firewall on the inbound prompt path
- Records gated events to the tamper-evident ledger as evidence
Frequently asked questions
What is DLP for AI?
DLP for AI is data-loss prevention focused on AI paths - prompts, tool-calls, and agent data flows - rather than email and file shares. AgentFence inspects those paths, classifies sensitive data deterministically, and applies data-boundary policy to gate sensitive data before it reaches a model or crosses a boundary.
How is AI DLP different from traditional DLP?
Traditional DLP is tuned for channels like email, endpoints, and file shares. AI DLP watches the channels AI actually uses - the prompt box and tool-calls - which legacy DLP typically does not inspect. The prompt box is a real data egress, and AI DLP treats it as one.
Does it block prompts with sensitive data?
It gates them according to policy: a prompt or tool-call carrying sensitive data can be stepped up, held for approval, or blocked based on data-boundary rules, rather than passed automatically. The response depends on the data class and the boundary being crossed.
How does it decide what is sensitive?
It uses a deterministic data classification engine, so the same content is always labeled the same way - PII, secrets, PHI, and so on. Because classification is deterministic rather than a probabilistic guess, the gating decisions are consistent and defensible in an audit.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
Stop sensitive data at the prompt
Inspect, classify, and gate data before it reaches a model or crosses a boundary.
Talk to us