Connect every system — under one governed runtime.
Salesforce, ServiceNow, Microsoft 365, Snowflake, Slack, Workday, SAP, Jira, Zendesk, Google Workspace — or any REST API via OpenAPI. Every connector call passes the same governance gates, with secrets held in a vault agents never see.
Governed access · secrets vault · OpenAPI import · MCP firewall
A connector in Cortex is a governed capability, not a raw API key.
Most platforms hand an agent a credential and hope. Cortex turns every system of record into a scoped, audited capability: the agent gets an action, never the secret — and every call is gated, logged, and reversible.
Every connector call routes through the same governance gates — no exceptions.
Any REST API becomes a governed connector.
If it has an OpenAPI spec, it is one import away from being a first-class, policy-wrapped capability — no SDK, no glue code.
Point Cortex at an OpenAPI/Swagger spec and every operation becomes a typed Action Fabric action — scoped to an agent identity, wrapped in DLP and approval policy, and logged to the Trust Ledger. No bespoke connector code.
Agents get actions. They never get the secret.
Connector credentials, tokens, and keys live in an encrypted secrets vault scoped per tenant and connection. Agents invoke actions by reference — the runtime injects the secret at the network edge, after the call has already cleared every gate.
- Per-tenant, per-connection vault — credentials never reach the model or the prompt
- Identity gate denies unknown or expired agents (403)
- Budget cap blocks the call when spend hits the ceiling (402)
- DLP guardrails strip PII inbound and outbound; risky payloads are held (451)
- Every request and verdict lands in the tamper-evident Trust Ledger
vault ▸ value never returned to agent context
From agent intent to system of record — through the gates.
No connector gets a shortcut. The path from an agent's request to Salesforce or Snowflake runs the same governance pipeline as everything else in Cortex.
- 01
Agent requests an action
The agent calls a connector action by name (e.g. create:Case) — by reference, with no credential in scope.
- 02
Gates decide
Identity, budget, guardrails, registry, and Control-Tower gates pass or fail-closed. Deny is the default; 402/403/409/451 are returned with reasons.
- 03
Vault injects, system responds, ledger records
Only after passing, the vault injects the secret at the edge, the system of record executes, and a signed receipt is hash-chained into the Trust Ledger.
Connecting MCP tools? They go through the same firewall.
External MCP servers and tool endpoints are not integrations you trust by default — they are requests you screen. The MCP Gateway runs every tool call through an allowlist, DLP in and out, rate limits, and a risk score, with a kill switch armed at all times.
- Per-agent and per-tenant tool allowlists
- DLP inbound and outbound on every payload
- Rate limits + risk scoring before execution
- One armed kill switch over the whole tool surface
Integrations that pass the security review.
Vaulted secrets, scoped agent identities, DLP, fail-closed gates, and a tamper-evident audit trail on every connector call — mapped to the frameworks your auditors already use.
Connect your stack. Keep control.
Wire Cortex into the systems your business already runs on — and put every call under air-traffic control from day one.