Free Community Tier SOC2-aligned

Your AI agents make decisions.
Don't let them go rogue.

Sovraine sits between your AI agents and your infrastructure — evaluating, filtering, auditing, and proving every decision before it executes.

The EU AI Act is in effect. Most AI deployments can't explain a single decision.

Built for regulated AI teams  ·  NIST AI RMF  ·  EU AI Act  ·  ISO 27001  ·  OWASP LLM Top 10  ·  MITRE ATLAS  ·  SOC 2  ·  HIPAA  ·  GDPR

WITHOUT GOVERNANCE

  • An agent modifies pricing mid-contract with no approval trail
  • PII exits your network through a cloud LLM call
  • A rogue tool call triggers a production incident with no audit
  • Regulatory audit finds zero explainability in AI decisions

WITH SOVRAINE

  • Every agent action is evaluated and signed before execution
  • Sensitive data is redacted, routed locally, and rehydrated
  • Immutable audit chain proves what happened, when, and why
  • 8 compliance frameworks mapped and reportable on demand

GUARDRAILS TELL AGENTS "NO" — GOVERNANCE TELLS THEM "WHY"

Guardrails were built for prompts.
This was built for agents.

Guardrails are binary — block or allow. Sovraine evaluates intent, context, risk, and policy. Then decides. Then explains. Then proves it.

TYPICAL GUARDRAILS

  • Block or allow — nothing in between
  • Same rules for every agent
  • No context awareness
  • Logs, but no proof
  • Bolted on after deployment
  • No per-agent risk ceilings

SOVRAINE GOVERNANCE

  • 6 verdicts — ALLOW, DENY, WARN, FILTER, ESCALATE, HUMAN
  • Per-agent constraints, skills, risk ceilings
  • Verb + target + environment + sector
  • SHA-256 chained signed proofs, not just logs
  • Two checkpoints baked into the agent loop
  • Per-agent risk ceilings and skill boundaries

We'll show you governance running on your type of AI stack — live, in 30 minutes.

Book the Architecture Review

01 / THE ACTION

An AI agent wants to update pricing for 12,000 customers.

The math is right. But it's mid-contract, in a regulated market, and nobody approved it.

terminal
$ sovctl guard eval \

--verb bulk-update-prices \

--target production/pricing-engine \

--context environment=production scope=12000

Cascade evaluation initiated...

02 / THE CASCADE

Six stages. One verdict.

Each stage can block, filter, escalate, or let it through.

1

Agent Constraints

Agent "pricing-optimizer" has max_risk MEDIUM — verb risk is CRITICAL

ESCALATE
2

Behavior Detection

Pattern: bulk mutation on financial data (scope=12000)

WARN
3

Cache / FastPath

No cached verdict — first time seeing this action

MISS
4

Policy Match

deny-pricing-bulk-changes.guard.md — No bulk changes without CFO approval

DENY
5

Debate

Not reached — DENY at stage 4

SKIPPED
6

Human Escalation

Not reached — DENY at stage 4

SKIPPED

03 / THE VERDICT

Blocked. Logged. Explained.

The agent never saw the tool. Sovraine Guard filters dangerous tools from the agent's toolbox before the LLM knows they exist.

12ms evaluation. Audit chained. 12,000 customers protected.

verdict.json

{

"verdict": "DENY",

"verb": "bulk-update-prices",

"target": "production/pricing-engine",

"scope": 12000,

"risk": "CRITICAL",

"policy": "deny-pricing-bulk-changes",

"reason": "Bulk pricing changes > 100

accounts require CFO approval",

"audit": "sha256:a3f8c2...e91d",

"latency": 12

}

When governance is absent

This is what happens.

Real incidents. Real companies. Real damage. Every single one preventable with a policy layer between the agent and its permissions.

RUNAWAY LOOP

Two agents looped for 9 days straight

Researchers induced two agents into a mutual conversation loop. They replied to each other for at least nine days. Nobody had built in a kill switch.

~60,000 tokens consumed
DESTRUCTIVE

Cursor AI deletes production database in 9 seconds

Claude Opus 4.6 deleted PocketOS's production database during a routine task — then deleted all backups. The most recent recoverable backup was three months old.

3-month data loss · PocketOS
DESTRUCTIVE

Replit AI "panics," wipes DB, invents 4,000 fake users

The agent ignored a direct order to freeze changes, deleted the production database, then fabricated thousands of fake records and produced misleading status messages about what it had done.

Months of work lost · Replit
HALLUCINATION

Claudius orders 40 tungsten cubes, "visits" Simpsons' address

Given control of a mini-fridge shop, Claude ordered ~40 tungsten cubes at a loss, hallucinated a conversation with a non-existent contact, claimed to have visited 742 Evergreen Terrace to sign a contract.

Identity crisis · Anthropic Project Vend
FINANCIAL

Chatbot sells $76,000 SUV for $1

A GM dealership chatbot accepted $1 for a 2024 Chevy Tahoe. "That's a legally binding offer — no takesies backsies." The exploit spread to all 300 dealership sites before emergency patches shipped.

OWASP #1 AI risk · Chevy of Watsonville
LEGAL LIABILITY

Air Canada chatbot invents its own refund policy

The bot fabricated a bereavement discount that didn't exist. Air Canada argued the chatbot was a "separate entity" — and lost. The airline was ordered to compensate the passenger.

Court ordered compensation · Air Canada
LEGAL LIABILITY

NYC's official chatbot gave illegal business advice

New York City's AI chatbot gave inaccurate and illegal advice to business owners. Despite admitting the errors, Mayor Adams defended keeping it live on the city's website.

Kept live after incidents · NYC.gov
REPUTATIONAL

DPD chatbot goes rogue, starts swearing at customers

A customer manipulated DPD's support bot into swearing and self-sabotaging. The post went viral on X. The chatbot was taken down the same day.

Viral · taken down same day · DPD
DESTRUCTIVE

Google Gemini CLI deletes user files on ambiguous command

Gemini CLI deleted personal files after misinterpreting a command sequence. Catalogued in the AI Incident Database alongside Replit as part of a growing pattern of agentic tools acting destructively on ambiguous input.

AI Incident Database · Google Gemini CLI
RUNAWAY LOOP · FINANCIAL

Two enterprise agents fight for 90 minutes, burn $100,000 in tokens

An inventory control agent and a logistics agent disagreed over a shipment. Neither backed down. MCP connections were weaponised, context windows used as ammunition, and token consumption skyrocketed as each agent doubled down. By the time David Linthicum found them, both were "bruised, battered, and logically incoherent." He spent the morning acting as "an AI marriage counselor for deeply unstable digital coworkers." No cost ceiling, no kill condition, no human escalation path.

$100,000

in API token costs burned in 90 minutes of unsupervised agent conflict

"The future is here. It's intelligent, fast, scalable, and apparently very, very petty."

— David Linthicum, InfoWorld

No arbiter · No cost ceiling · No kill switch · David Linthicum / LinkedIn

The common thread: agents given real-world permissions — delete, send, pay — with no evaluation layer, no rate limits, no human checkpoints.

FAIL-CLOSED

HIGH/CRITICAL actions denied by default. DENY always wins. No wildcard ALLOW.

POLICY AS CODE

Policies in .guard.md — human-readable Markdown with YAML frontmatter.

MCP-NATIVE

Wrap any MCP server with zero code changes. 2,100+ tools already classified.

Sovraine Guard Gateway

Data never leaves if it shouldn't.

The Gateway scans every request for PII, secrets, and regulated data. Sensitive content routes to local models. Clean requests go to the cloud.

SOVRAINE GUARD GATEWAY Agent Request "User SSN: 078-05-…" "API_KEY=sk-live-…" "List all pods" SCAN PII detected (SSN) Secret found (API key) Clean content (query) CLASSIFY RESTRICTED → Local SENSITIVE → Redact PUBLIC → Cloud OK Local LLM Ollama / vLLM / on-prem Full data stays on-network Cloud LLM Anthropic / OpenAI [SSN-001] sent instead of real SSN REHYDRATE Restore [SSN-001] → real SSN zero data loss, full utility Clean Response to agent / user SHA-256 Audit Trail — Every scan, classification, and routing decision logged & chained

MCP ECOSYSTEM

104 servers. 2,100+ tools. Every one governed.

Every MCP tool passes through 6 certification gates before it can act.

AWS AWS
Kubernetes Kubernetes
GitHub GitHub
PagerDuty PagerDuty
Salesforce Salesforce
OpenClaw OpenClaw
MongoDB MongoDB
Stripe Stripe
Cloudflare Cloudflare
Slack Slack
Jira Jira
Okta Okta

Every server passes through 6 certification gates — mapping coverage, verb resolution, risk classification, policy coverage, SQL safety, and audit trail — before a single tool can execute.

See the full Sovraine Guard architecture →

WHAT WE BELIEVE

"Behind every system is a person — a patient, a customer, a citizen.
When infrastructure fails, it's not servers that suffer."

Security is not a feature you sell. It's a responsibility you carry.

Free Community Tier SOC2-aligned 8 Frameworks

Your AI agents deserve
a governance layer.

Start with Sovraine Guard. Scale with Sovraine One.