09:00

Policy Studio

Tune the guardrails, then replay any recorded run to see exactly what would change.

Matches deployed posture

Guardrails

Prompt-Injection Shield
Prompt injectionJailbreak

Scans tool output and retrieved content for instructions that try to hijack the agent (“ignore previous instructions…”) and blocks the run before it acts on them.

PII Redaction Shield
PII leak

Detects SSNs, card numbers, emails and phone numbers in data the agent reads and redacts them before they reach the model or leave the system.

Tool Allowlist & Scopes
Tool misuse

Each agent may only call tools whose required scope it has been granted. Calls outside the allowlist are denied.

Spend Cap
Budget abuse

Any money-moving action above the per-run budget is paused and routed to a human for approval.

Per-run cap$1,000
Data-Exfiltration Detector
Data exfiltration

Flags large data reads or exports bound for an external destination and blocks bulk extraction.

Export threshold10,000 rows
Secrets Guard
Tool misuse

Reads from the credential vault always require explicit human approval, even for trusted agents.

Counterfactual replay
Same recorded run, re-judged under your working posture

No policy difference — this run is governed identically.

Deployed posture
10
Working posture
10
Per-step verdictsOpen trace
1Plan: read the request, verify the order, refund if valid
2db.query(order for ticket #41270)
3db.query(customer message thread)
4Decide refund amount
5stripe.refund($420 → card ••0000 / acct PX-9)
6Refund processed; ticket closed