AI agent security platform
The security posture of the AI agent security platform.
Security buyers check this page before they sign up, and they should. Here is exactly how Agentshield handles your data and how we are built. Plain answers, no hype.
In one line
Agentshield inspects and governs agent traffic to enforce your policy and write an immutable audit trail. It never trains on your data, encrypts everything, runs least-privilege internally, and you stay in control of every action and your retention.
Data handling
How we handle your data.
We never train on your data
Your agent traffic, policies, and audit records are never used to train models, ours or anyone else's. Agentshield inspects to enforce policy; it does not collect your content to build a model.
Inspection, not collection
We process the agent traffic we need to enforce your policy and write the audit trail. We are the control layer, not another model that wants your data.
Encryption in transit and at rest
All data is encrypted in transit with TLS and at rest. Secrets are stored in a dedicated secrets manager, never in plaintext.
Least-privilege access
Internal access to systems is least-privilege and audited. No engineer has standing access to customer agent traffic.
Tamper-evident audit trail
The audit trail itself is append-only and cryptographically sealed, so the record of what happened cannot be quietly altered.
You control retention
You set how long audit and inspection data is retained, and you can request deletion. Data residency options are available on higher tiers.
Compliance
Compliance direction, stated honestly.
SOC 2. A SOC 2 Type II audit is in progress. We will publish the report and make it available under NDA to customers on Scale and Enterprise plans. We say "in progress" because that is the honest status, not "certified".
EU AI Act. The Act\'s high-risk obligations require record-keeping and human oversight. Agentshield\'s immutable audit trail and human-approval gates are built to provide exactly that evidence. We are not a law firm and this is not legal advice, but the controls map to the requirements reviewers ask about.
OWASP Top 10 for LLM Applications. Our controls map to the canonical risk taxonomy for this space, from prompt injection through missing accountability.
Subprocessors and DPA. We maintain a current subprocessor list and a Data Processing Addendum, available to customers. Data residency and on-prem or VPC deployment are available on higher tiers for teams with isolation requirements.