AI Governance

AI Governance & Runtime Control

Fintra’s AI agents can categorize transactions, draft journal entries, and flag anomalies - which is exactly why they cannot be allowed to act unsupervised. AgentFence, Fintra’s Adaptive Trust Intelligence Platform, sits between every agent and every tool it can touch: it enforces policy before an action runs, records what happened in a tamper-evident ledger, and surfaces AI usage you didn’t know you had. It also composes the whole picture into one Enterprise Trust Score - the number a board or CISO checks - so trust is measured, explained, and continuously improved, not just asserted.

One Enterprise Trust Score across every trust dimension

AgentFence rolls its findings up into a single, board-legible Enterprise Trust Score composed from weighted trust dimensions - Identity, Human, AI Agent, Software, Cloud, Data, Compliance, Third-Party, and (uniquely, because Fintra owns the money) Financial Trust. Dimensions you haven’t instrumented yet are excluded and the score renormalizes, so it is never dragged down by what isn’t measured. Every dimension carries an explainable factor breakdown plus a direction, a confidence, and a forward projection - which is what makes the platform adaptive: it shows where trust is heading, not just where it stands.

Approval gates for consequential actions

Not all AI actions carry equal risk. Reading a report is not the same as posting a journal entry or initiating a payment. AgentFence classifies every proposed agent action and routes consequential ones through explicit human-in-the-loop approval gates: the agent proposes, a named human approves, and both the proposal and the approval are recorded. Low-risk read actions flow freely so agents stay useful; irreversible or financially material actions always wait for a person.

The MCP and tool-call firewall

Agents act through tools - database queries, API calls, MCP servers. AgentFence intercepts each tool call and evaluates it against policy before execution.

  • Allowlist-first: agents can only invoke tools explicitly granted to their role; everything else is denied by default.
  • Argument inspection: policies can constrain not just which tool, but with what parameters (e.g., payment amount ceilings, tenant-scoped queries only).
  • Rate and blast-radius limits: caps on actions per minute and per session contain a misbehaving or prompt-injected agent.
  • Full deny/allow decisions are logged with the policy that fired, so every block is explainable.

Hash-chained trust ledger

Every agent action - prompt, tool call, decision, approval - is written to an append-only ledger where each entry includes a cryptographic hash of the previous one. Altering or deleting any record breaks the chain and is immediately detectable. This gives auditors and customers evidence-grade AI history: not "the agent probably did X," but a verifiable sequence of exactly what it did, who approved it, and under which policy.

Shadow-AI discovery and non-human identities

The riskiest AI in most companies is the AI nobody registered. AgentFence discovers AI usage across the environment - unmanaged API keys calling model providers, browser-based AI tools, unsanctioned agents - and brings it under management. Every sanctioned agent gets a non-human identity (NHI) with its own credentials, scoped permissions, rotation schedule, and owner, managed with the same rigor as human accounts.

Frequently asked questions

Can Fintra’s AI agents move money or post entries without approval?

No. Financially material actions - posting journal entries, initiating payments, changing payroll - are gated behind human-in-the-loop approval by policy. The agent prepares the action; a named human approves it; both steps land in the hash-chained ledger.

What happens if an agent is prompt-injected?

The tool-call firewall limits the blast radius: the agent can still only invoke allowlisted tools within policy constraints and rate limits, and consequential actions still require human approval. The attempted actions are logged, so an injection attempt leaves forensic evidence rather than silent damage.

How is agent activity audited?

Every prompt, tool call, policy decision, and approval is written to an append-only, hash-chained trust ledger. Any tampering breaks the chain and is detectable. Ledger extracts can be exported for auditors alongside SentriAI compliance evidence.

Does AgentFence only govern Fintra’s own agents?

No - AgentFence is also a product capability. Customers use it to discover shadow AI in their own environment, put approval gates in front of their own agents and MCP tools, and manage non-human identities across their stack.

What is the Enterprise Trust Score?

It is the single 0–100 headline number AgentFence composes from weighted trust dimensions - Identity, Human, AI Agent, Software, Cloud, Data, Compliance, Third-Party, and Financial Trust. Missing dimensions are excluded and the score renormalizes, so absence never drags it down. Each dimension is explainable and carries a direction, confidence, and forward projection, making it the system of record for organizational trust rather than a static snapshot.

What can AgentFence do about executive fraud that other tools can’t?

Because AgentFence sits inside Fintra - which owns the money - its Executive & Fraud Risk Center grounds CEO/CFO-impersonation, wire-fraud, payroll-fraud, vendor-payment-fraud, and deepfake-approval risk in real finance signals (pending large approvals, payment and payroll changes, new-vendor and bank-change events), amplified by your AI-exposure surface. Standalone security tools can’t see the money movement, so they can’t score this.

Questions about ai governance?

Our security team answers due-diligence questions directly - documentation, DPAs, and evidence available on request.

Talk to our security team