Agentshield

AI agent security platform

The security posture of the AI agent security platform.

Security buyers check this page before they sign up, and they should. Here is exactly how Agentshield handles your data and how we are built. Plain answers, no hype.

OWASP LLM Top 10 EU AI Act-ready SOC 2 in progress

In one line

Agentshield inspects and governs agent traffic to enforce your policy and write an immutable audit trail. It never trains on your data, encrypts everything, runs least-privilege internally, and you stay in control of every action and your retention.

Data handling

How we handle your data.

We never train on your data

Your agent traffic, policies, and audit records are never used to train models, ours or anyone else's. Agentshield inspects to enforce policy; it does not collect your content to build a model.

Inspection, not collection

We process the agent traffic we need to enforce your policy and write the audit trail. We are the control layer, not another model that wants your data.

Encryption in transit and at rest

All data is encrypted in transit with TLS and at rest. Secrets are stored in a dedicated secrets manager, never in plaintext.

Least-privilege access

Internal access to systems is least-privilege and audited. No engineer has standing access to customer agent traffic.

Tamper-evident audit trail

The audit trail itself is append-only and cryptographically sealed, so the record of what happened cannot be quietly altered.

You control retention

You set how long audit and inspection data is retained, and you can request deletion. Data residency options are available on higher tiers.

Compliance

Compliance direction, stated honestly.

SOC 2. A SOC 2 Type II audit is in progress. We will publish the report and make it available under NDA to customers on Scale and Enterprise plans. We say "in progress" because that is the honest status, not "certified".

EU AI Act. The Act\'s high-risk obligations require record-keeping and human oversight. Agentshield\'s immutable audit trail and human-approval gates are built to provide exactly that evidence. We are not a law firm and this is not legal advice, but the controls map to the requirements reviewers ask about.

OWASP Top 10 for LLM Applications. Our controls map to the canonical risk taxonomy for this space, from prompt injection through missing accountability.

Subprocessors and DPA. We maintain a current subprocessor list and a Data Processing Addendum, available to customers. Data residency and on-prem or VPC deployment are available on higher tiers for teams with isolation requirements.

Security teams approve agents they can govern.