Security and compliance that decides, records, and proves - on every action.
Not a dashboard that says “that happened.” One engine reasons over a graph, maps to your frameworks, scores the action, rules on it, and seals the evidence - so trust is measured and provable, not asserted.
How one action moves through the engine
Every consequential action - a person’s or an agent’s - passes through the same six stages. Each stage is deterministic and explainable, and each leaves evidence behind.
The action enters a graph, not a log.
- Graph-at-ingest: every event is enriched against the identity ↔ asset ↔ agent graph before anything reasons about it.
- Deterministic detection rules and a risk score produce a plain-language “Graph Truth Statement” - repeatable, not a guess.
- Toxic-combination attack paths surface chains - a stale token plus a new-vendor change plus an unregistered agent - that no single alert would ever show.
- Blast radius is computed per action: what this touches if it is wrong.
AegisGraph reasons over a graph currently seeded with design-partner data. It decides, records, and can gate - it does not silently auto-execute.
One control, mapped to many frameworks.
- The control library spans 76 frameworks and 275 controls - SOC 2, ISO 27001, HIPAA, GDPR, SOX, PCI DSS, NIST AI RMF and more.
- A single control maps outward to every framework it satisfies, so one piece of evidence answers many obligations at once.
- Each governed action is bound to the specific controls it touches, not to a vague “security” bucket.
- Posture is a continuous state, not a once-a-year snapshot.
A governed action seals itself into evidence.
- The moment an action is governed, it is written to an append-only, hash-chained, control-mapped ledger.
- Each entry embeds a cryptographic hash of the one before it - verify_chain recomputes the chain, and any edit or deletion breaks it visibly.
- Evidence auto-populates the controls it maps to, so audit prep is a query, not a quarter of screenshot archaeology.
- One trail covers human and AI actions with the same integrity model.
A verdict and an Action Trust Score on every action.
- SentriAI fuses the trust, identity, compliance, and financial signals into one explainable verdict - allow, step-up, hold, or block.
- Every action carries a deterministic Action Trust Score with a visible factor breakdown - the same inputs always produce the same number.
- Policies and attestations bind the verdict to a named owner and a stated reason.
Live actuation - actually holding or gating an action - happens only at the MCP / tool-call boundary and is opt-in. Elsewhere, consequential actions are draft-first and human-confirmed.
Cross-domain decisions, ranked by what matters now.
- CORTEX ranks pending decisions across finance, identity, compliance, and AI by risk × urgency × blast radius.
- It always outputs a decision - a recommended verdict an approver can act on - never a passive BI dashboard.
- An approver acts once, and the outcome flows straight back into the evidence ledger.
See the blast radius before you approve.
- The same graph that scored the action shows what it reaches - identities, assets, agents, and data classes.
- The blast-radius view answers “what breaks if this is wrong?” before anyone signs off.
- Toxic-combination paths are highlighted on the graph, not buried in a log nobody reads.
76 frameworks · 275 controls. Evidence is captured once and mapped to every framework it satisfies - so proving compliance in one regime proves it across all of them.
Each entry embeds the previous entry’s hash. Edit or remove any record and verify_chain fails - tamper-evidence is mathematical, not a promise.
A toxic-combination path lit up on the graph - a stale token reaching payroll through an unregistered agent.
Individually each hop looks benign. Chained, they reach money the day before payroll - which is exactly the toxic combination AegisGraph flags, and why the verdict was hold.
What’s real, said plainly
- Decides, records, can gate. The engine issues a verdict and seals evidence on every action. Live actuation - actually holding or blocking - happens only at the MCP / tool-call boundary, and it is opt-in. Everywhere else, consequential actions are draft-first and human-confirmed.
- AegisGraph runs on a reasoning graph currently seeded with design-partner data - the graph shown here reflects that, not a live customer environment.
- Scoring is deterministic and explainable. The same inputs always produce the same Action Trust Score, and every score ships with its factor breakdown.
- No fabricated proof. We align to recognized frameworks and share evidence on request. We never publish audit dates, certificate numbers, or customer logos that don’t exist.
One action, end to end
A real example: an employee changes their payroll bank account the day before payroll runs.
Employee changes payroll bank account.
- Fintra runs the books, payroll, and money - so the engine sees the action the moment it happens.
- AegisGraph enriches it against the graph before anything decides.
Trust dropped. Something is off.
- Account trust dropped
- Identity confidence low
- Toxic combination: new bank + payroll runs tomorrow
- Explainable score, not a black box
Require HR approval · hold the payment.
- The verdict can be enforced at the MCP boundary - or held draft-first for a named approver.
- A person approves before money moves; the change waits either way.
Handled - and provable.
- Evidence auto-mapped to the controls it satisfies (SOC 2 and more)
- Ledger entry written - append-only, hash-chained, verify_chain-checkable
Most systems say “that happened.” This engine says “here’s the decision, the score, and the evidence - and it’s handled.”
What is AI governance for finance?
AI governance for finance is the practice of deciding, at runtime, whether an action - taken by a person or an AI agent - should be allowed to proceed against financial systems, and proving that decision afterward. In Fintra it is one engine, end to end: AegisGraph enriches every action against a reasoning graph at ingest and computes its blast radius; the action is mapped to specific controls across 76 frameworks; SentriAI scores it with a deterministic Action Trust Score and issues a verdict - allow, step-up, hold, or block; Trust CORTEX ranks the decision for a human; and the whole thing seals into a hash-chained evidence ledger. Consequential actions are governed, draft-first, and human-confirmed: an AI agent can propose, but a named person approves before anything irreversible posts.
Platform security
The controls that protect your books at every layer.
Security at Fintra
How Fintra secures SMB financial data: layered defenses, tenant isolation, hardened cloud infrastructure, employee controls, and incident response.
Read moreEncryption & Key Management
Fintra encryption in depth: TLS 1.2+ in transit, AES-256 at rest, managed key rotation, secrets handling, and hash-chained integrity for audit records.
Read moreAccess Control & Identity
How Fintra controls access: role-based access control, least-privilege defaults, SSO and MFA, session security, and managed non-human identities for AI.
Read moreAudit Logging & Evidence
Fintra audit logging: append-only, hash-chained event trails covering every human and AI action, with retention, export, and evidence-grade integrity.
Read moreCompliance & privacy
Frameworks we align to and the rights you keep over your data.
Compliance & Certifications
Fintra’s compliance posture: alignment to SOC 2 Trust Services Criteria, ISO 27001 practices, and GDPR - continuously monitored and evidenced by SentriAI.
Read morePrivacy & Data Protection
Fintra’s privacy practices: data minimization, defined retention windows, DPA availability, subprocessor transparency, and customer rights over data.
Read moreData Residency & Storage
Where Fintra stores and processes data: US-hosted Postgres on Supabase, encrypted backups, cross-border transfer safeguards, and regional roadmap.
Read moreIntegration Security
How Fintra secures integrations: OAuth with scoped consent, least-privilege API tokens, webhook signing, vetted partners, and MCP tool-call firewalling.
Read moreAI trust
How AI is governed, approved, and held accountable in Fintra.
AI Governance & Runtime Control
How Fintra governs AI at runtime: AgentFence approval gates, an MCP and tool-call firewall, hash-chained trust ledger, and shadow-AI discovery for SMBs.
Read moreAI Model Governance
How Fintra governs AI models: vetted providers, no training on customer data, prompt and response logging controls, model versioning, and evaluations.
Read moreResponsible AI
Fintra’s responsible AI commitments: human-in-the-loop approval for consequential actions, explainable outputs, usage metering, and honest limitations.
Read moreOperations & disclosure
Uptime commitments and how to reach the people who can act.
Availability & Status
Fintra availability commitments: a 99.9% uptime target, published maintenance windows, incident communication via status page and email, and DR objectives.
Read moreContact Our Security Team
How to reach the Fintra security team: security@fintrahub.com for vulnerability reports, privacy requests, and due diligence - with clear response SLAs.
Read moreVulnerability Disclosure Policy
Fintra’s coordinated vulnerability disclosure policy: scope, safe harbor for good-faith research, how to report, and public acknowledgment for researchers.
Read moreThe trust engine - frequently asked
What is AI governance for finance?
AI governance for finance is deciding, at runtime, whether an action - taken by a person or an AI agent - should be allowed to proceed against financial systems, then proving that decision afterward. In Fintra this is one engine, end to end: AegisGraph enriches every action against a reasoning graph at ingest and computes its blast radius; the action is mapped to specific controls across 76 frameworks; SentriAI scores it with a deterministic Action Trust Score and issues a verdict - allow, step-up, hold, or block; Trust CORTEX ranks the decision for a human; and the whole thing seals into a hash-chained evidence ledger. Consequential actions are governed, draft-first, and human-confirmed: an AI agent can propose, but a named person approves before anything irreversible posts.
Should this AI agent be allowed to act?
That is the question SentriAI answers on every consequential action. Reading a report is not the same as posting a journal entry or moving money. AegisGraph reasons about the action in context - the graph, the toxic-combination paths, the blast radius - and AgentFence intercepts the agent’s tool call at the MCP boundary, checks it against allowlist and argument policies, and routes financially material actions through human-in-the-loop approval. Low-risk reads flow freely so agents stay useful; irreversible or money-moving actions wait for a named human, and both the proposal and the approval are recorded in the hash-chained ledger.
What is the Action Trust Score?
The Action Trust Score is a deterministic, explainable number SentriAI computes for every consequential action from weighted signals - identity confidence, account and vendor trust, compliance state, and Fintra’s financial context. “Deterministic” means the same inputs always produce the same score, and every score ships with a factor breakdown, so a reviewer sees why an action was trusted or held. It is the runtime companion to the composite Enterprise Trust Score: one is per-action, the other is the organization-wide roll-up.
How does the hash-chained evidence ledger work?
Every governed action - the prompt, the tool call, the verdict, the approval - is written to an append-only ledger where each entry embeds a cryptographic hash of the previous entry. Altering or deleting any record breaks the chain, and verify_chain recomputes it on demand to prove integrity. Each entry is also mapped to the specific controls it satisfies across frameworks, so operations become audit evidence automatically rather than being reconstructed after the fact.
What does AegisGraph actually do?
AegisGraph is the reasoning engine at the front of the flow. Its signature move is graph-at-ingest: before anything reasons about an event, it enriches it against the identity ↔ asset ↔ agent graph, runs deterministic detection rules, and computes a risk score and blast radius. It surfaces toxic-combination attack paths - dangerous chains of individually-benign conditions - that single-signal tools miss. Today it reasons over a graph seeded with design-partner data; it decides, records, and can gate, but it does not silently auto-execute anything.
How is this different from a SIEM or a compliance dashboard?
A SIEM or dashboard tells you “that happened.” This engine decides whether it should happen - before it does - scores it, enforces or holds the verdict, and proves it. Because it sees actions through Fintra, which owns the money, it grounds identity, fraud, and compliance signals in real financial events (pending approvals, payment and payroll changes, new-vendor and bank-change events) that a standalone monitoring tool never sees. Trust CORTEX outputs a decision, never a passive chart.
Running a security review?
We keep a standing evidence package - questionnaire answers, DPA, subprocessor list, and SOC 2 alignment documentation - ready for customer due diligence.
Talk to our security teamStay in the loop
One practical finance briefing a week - security and compliance updates included.