Fail-closed gates
Eight runtime gates run on every agent action. A missing identity, blown budget, blocked guardrail, or denied policy stops the run — no override path without an audited break-glass event.
Agents introduce a new attack surface — injected prompts, misused tools, runaway cost, and silent data access. Cortex puts every run behind eight fail-closed gates, scoped RBAC, DLP, and automated detection & response, all recorded in a tamper-evident ledger your auditors can verify.
Aligned with SOC 2 · ISO 27001 · ISO 42001 · EU AI Act · NIST AI RMF
Cortex defends the layers a traditional appsec stack never sees: the prompt, the tool call, the model choice, and the chain of actions an agent takes on its own. Every control is fail-closed — deny is the default, and nothing executes without passing the gates.
Eight runtime gates run on every agent action. A missing identity, blown budget, blocked guardrail, or denied policy stops the run — no override path without an audited break-glass event.
Tenant-scoped users, roles, and API keys. The gateway derives the trusted tenant and actor from the key and overwrites any caller-supplied identity, so a token can never act outside its tenant.
Five rules watch the signals Cortex already emits — injection attempts, cost spikes, repeated failures, policy denials, break-glass — and auto-contain the offending agent or tool.
Every gate decision lands in a hash-chained Trust Ledger with signed receipts. verifyChain detects any edit and returns the broken sequence number — hashOk:false.
Identity → budget → guardrails → registry → control tower → execute → output guardrails → audit. If any gate denies, the run never reaches the model or the tool. Deny is the default.
Identity-aware access for humans, agents, and API keys — paired with data-loss prevention scanning on every input and output.
ADR turns the run, action, and security events Cortex already records into incidents — then contains the offending agent or tool without waiting for a human, while every step is logged.
A scan evaluates every rule against the last 24 hours of signals and opens incidents — deduped by ruleKey::subjectId against anything already open or contained, so you are not buried in repeats. Containment pauses the subject agent or tool through the same Control Tower switch that runs your whole fleet.
Every tenant-owned resource is keyed and queried on (tenantId, id). The gateway pins the tenant from the API key, control-plane reads and writes require tenant context, and cross-tenant negative tests guard workflows, knowledge, ontology, audit, billing, and triggers.
We document our security posture honestly so your review team can trust it. Cortex is aligned with the frameworks below; certifications are pursued, not claimed.
Cortex is built for and aligned with the controls below — with one-click evidence export through Compliance Packs. Aligned with, not certified.
Fail-closed gates, scoped RBAC, DLP, detection & response, and a provable ledger — the controls your enterprise review demands, ready before you deploy.