Use case: AI policy enforcement

Protect sensitive data

AI policy enforcement is deciding what an AI tool or agent may send and do the moment it acts, not reviewing it after the fact. Verillian governs requests on the device and acts at the boundary, before content reaches the provider. Real-time control, with a record of what data crossed. The same policy governs a person's chat tool and an autonomous agent, so securing AI agents needs no second system.

BoundaryBefore it leaves. Sensitive data is redacted or blocked on the device, before the provider.
ScopeAny HTTPS tool or agent. No plugin, no API wrapper, no change to the tool.
ControlRedact or block. Per institution: which entity types, and what each one does.

Where the control sits

Every request takes the same path. The decision happens on the device, before anything crosses the boundary.

01 origin
AI tool or agent
Any app, agent, or browser tab on the endpoint, sanctioned or not, forms an outbound request to a provider.
02 on device
Verillian sentinel
Evaluates each request against your policy on the device, before it reaches the provider, and decides what the tool or agent may do.
ALLOWREDACTBLOCK
03 boundary
Provider
Receives only what policy permits. A blocked request never leaves the device.
04 after
Signed chain
Every captured interaction is Ed25519-signed and hash-chained, encrypted under keys only you hold.

data flow: device to boundary to record

What happens to every request?

Once a tool or agent is under policy, every request it makes resolves to one of three decisions: ALLOW, REDACT, or BLOCK. Each decision is signed into the chain as it is made, so enforcement and evidence arrive together.

ALLOW

Cleared by your policy and forwarded to the provider. Signed into the chain.

REDACT

Sensitive data detected in the request is masked or removed before the prompt is forwarded.

BLOCK

Denied by your policy. Never forwarded, and the attempt is sealed in the chain.

Around the decision sit the controls that make it yours: tool-call analytics to build policy from real usage, and an org-wide stop that halts all AI traffic across the fleet at once.

How is sensitive data redacted before it leaves?

Sensitive values in an outbound request, whether a person or an agent sent it, are masked on the device the moment it acts, before the request reaches the provider. Detection is configured per institution and is best-effort.

redaction, representative view

What AI policy enforcement looks like

AI policy enforcement happens the moment a tool or agent acts: sensitive content is redacted or the request is blocked before it leaves the device.

Before the boundary
Configurable detection for social security numbers, payment card numbers, medical record numbers, and other types, applied in the request before it reaches the provider. Detection is best-effort, not a guarantee that every value is caught.
Redact or block
AI agent and tool permissions are set per institution: which entity types, redact or block, and what sensitivity thresholds apply.
Any HTTPS tool or agent
If a tool or agent speaks HTTPS to a provider, Verillian governs what it can do. No plugins, no API wrappers, no change to the tool.
Provider receives only what policy allows
Nothing more passes through than your rules permit.

The agent acts. Verillian decides.

Policy enforced on the device the moment a tool or agent acts, before anything crosses the boundary. Your rules, your record, your call. We work with our first institutions on their own endpoints, against their own policies. Thirty minutes shows more than a slide deck ever will.