Register

Security

DataGrout is built with security at every layer — from transport-level mutual TLS to runtime policy enforcement and cryptographic workflow verification. Every tool call is authenticated, authorized, policy-checked, and auditable.

security@datagrout.ai

Authentication

Four authentication methods, all enforced before any tool call reaches upstream integrations.

Access Tokens Per-agent bearer tokens with instant revocation.
OAuth 2.1 Client credentials and authorization code + PKCE flows with short-lived JWTs and automatic refresh.
Mutual TLS (mTLS) Certificate-based identity via the DataGrout CA. After one-time bootstrap, agents authenticate at the TLS layer with no secrets in transit.
Single Sign-On (SSO) Sign in with Google or GitHub. Team and enterprise SSO providers coming soon.

Runtime Security

Semantic Guards

  • Side effect controls (none / read / write / delete) enforced before execution
  • Destructive operation blocking — prevents delete, drop, purge, and truncate
  • Scope verification — agents can only access their configured integrations

Dynamic Redaction

  • Automatic PII detection — emails, phone numbers, SSNs, credit cards, addresses
  • Configurable masking strategies per field (scramble, apron, mask, fixed-length)
  • Server-side only — agents never see original sensitive values

Policy Cascade

  • Monotonic policy inheritance — child policies can tighten but never loosen restrictions
  • Server → integration hierarchy with per-integration overrides
  • Complete audit trail for every policy decision

Cognitive Trust Certificates

  • Ed25519-signed proof that workflows are cycle-free and type-safe
  • Budget verification — workflows cannot exceed credit limits
  • Tamper-evident certificate chains — child CTC IDs are covered by the parent signature

Transport Security

TLS Everywhere All connections use TLS 1.2+ with modern cipher suites. No plaintext transport is accepted.
Client Certificate Identity mTLS identities are X.509 certificates signed by the DataGrout CA with ECDSA P-256 keys. Auto-discovery and rotation are built into the Conduit SDK.
Credential Isolation Integration OAuth tokens and API keys are encrypted at rest and scoped per-user. Agents never see upstream credentials.

Network Security

Restrict access at the network layer before any authentication or policy check runs.

IP Whitelisting Limit incoming requests to specific IP addresses or CIDR blocks. Any request from an address outside the allowlist is rejected before it reaches your integrations.
Automatic Kill Switch Credentials are automatically revoked the moment they are used from an unrecognized IP address. Stops lateral-movement attacks without requiring manual intervention.

Cadence — Intelligent Loop Detection

Cadence goes beyond simple time-window deduplication. It understands the consequence of each tool call and detects whether the world state changed between identical calls — distinguishing a stuck agent loop from a legitimate retry or repeated query.

Consequence Tiers Every tool is automatically classified by its declared side-effect metadata. Tiers are derived from existing tool annotations — no configuration needed.
Read Queries and lookups get lenient thresholds — multiple identical reads are allowed before triggering a warning.
Write Create and update tools get a confirmation gate after the first execution with identical arguments.
Destructive Delete, send, and irreversible tools get a hard block on repeat calls with no state change.
State-Change Awareness A monotonic sequence counter tracks every tool completion in the session. If another tool ran between two identical calls, the world state changed and the second call is allowed. If nothing changed, it’s a loop.
Time-Window Backstop The traditional debounce layer remains as a secondary defense. Configure per-outcome rules (success/error) with adjustable time windows for additional protection.
Zero Credit Cost Blocked calls are rejected before credit checks or upstream execution. Duplicates never consume credits or trigger side effects. Write-tier gates return isError: false with structured guidance so agents can adapt.

Warden — Adversarial Content Analysis

A three-tier content integrity pipeline that analyzes every tool interaction for prompt injection, intent misalignment, and policy violations. Each tier adds a layer of scrutiny — from fast protocol checks to deep adversarial adjudication.

Tier 1 Canary Probes
Dual-pass protocol adherence testing. Echo and position needle probes verify that the content hasn't been tampered with or injected between generation and evaluation.
Tier 2 Semantic Lens
Intent analysis across three dimensions: goal alignment, authority boundaries, and behavioral consistency. Detects subtle misalignment that pattern matching misses.
Tier 3 Adversarial Adjudication
Prolog-based fact adjudication. Structured evidence from Tiers 1 and 2 is compiled into facts and evaluated against formal security rules for a deterministic verdict.
Ensemble Scoring Weighted combination across all three tiers produces a single confidence score. No single tier can be bypassed — all contribute to the final decision.
Sealed Sessions Verified interactions produce a cryptographically sealed session handle. Subsequent calls within the session inherit the trust level without repeating analysis.
Configurable Effort Run all three tiers for sensitive operations, or a single tier for low-risk calls. Effort level is configurable per server and per tool.

Continuous Security

Security monitoring that improves with use. The platform observes tool call patterns, detects anomalies, and progressively converts expensive analysis into fast deterministic checks — defense that gets stronger the longer it runs.

Pattern Detection Every tool call is passively observed and recorded as structured facts. Over time, normal behavior patterns are identified and deviations are flagged automatically.
Symbolic Compilation Detected patterns are compiled into deterministic rules. Known-safe sequences are verified in under 10ms with zero token cost — no repeated LLM analysis.
Trigger-Based Alerting Symbolic rules fire instantly when anomalous patterns emerge. New threat signatures are learned from observation and enforced without manual rule authoring.

Approval System

Require a human sign-off before sensitive tool calls execute. Configurable per server so you can enforce oversight exactly where you need it.

Manual Mode Require explicit approval from configured approvers before execution. Pending calls are held until approved or rejected.
Automatic Mode Allow execution without human review when risk level is low. Combine with Cadence tiers for context-aware approval.
Quorum Controls Configurable quorum — require one approver or a majority of the approval group. Any single approver can veto a pending tool call.
Operation Scoping Approvals can be required only for writes or deletes, leaving reads unblocked. Scoped per server for fine-grained control.

DataGrout Certificate Authority

The root of trust for all platform identities and trust artifacts. Two separate key types serve distinct roles: ECDSA P-256 for X.509 client certificates (mTLS identity) and Ed25519 for signing Cognitive Trust Certificates, rule packs, and machine-client JWTs. The P-256 CA key is held in an AWS KMS hardware security module (FIPS 140-2 Level 2) — private key material never leaves the HSM.

HSM-Backed X.509 Signing Client certificates are signed via the AWS KMS Sign API using ECDSA P-256. The CA private key exists only inside a FIPS 140-2 validated hardware module — no key material in memory, on disk, or in environment variables.
Ed25519 Trust Signatures CTCs, governance rule packs, and machine-client JWTs are signed with Ed25519. Certificate chains are tamper-evident — each parent signature covers its child CTC IDs.
Identity Registration Agents submit a public key and receive a platform-signed certificate. The agent's private key never leaves the client machine.
Auto-Discovery The Conduit SDK discovers certificates automatically from environment variables, ~/.conduit/, or a custom directory.
Certificate Rotation Agents rotate using their existing mTLS identity — no token needed for renewal. 30-day short-lived certificates eliminate the need for revocation lists.

Infrastructure

Hosting Deployed on AWS with automated releases and health monitoring.
Data Encryption Encrypted at rest (AES-256) and in transit (TLS 1.2+). Integration credentials use application-level encryption.
Secrets & Key Management Runtime secrets in AWS Secrets Manager. CA signing key held in AWS KMS (FIPS 140-2 L2 HSM) — private key material never leaves the hardware module.

Compliance

We are actively working toward formal compliance certifications. For current security posture details or to request a security questionnaire, contact security@datagrout.ai.

Responsible Disclosure Report security vulnerabilities to security@datagrout.ai. We respond within 48 hours.
Security Questionnaires Enterprise customers can request our security questionnaire and architecture overview.