AI that understands, reasons, and learns

The Semantic Security Engine™ is the intelligence in AI Security Runtime. It reads the meaning, intent, and context of every AI interaction and judges risk in real time. Specialist and general models work every verdict, classifying data, reasoning over it, and enforcing data-protection policy at unprecedented accuracy. The engine draws on the Security Context Graph™, which connects interactions, identities, and data sources, so detection grows sharper the more your organization uses AI. That is how the runtime secures every AI interaction, from device to model.

COMPREHENDReads the data an interaction carries, the request being made, and the intent behind it.
REASONWeighs data, actor, destination, and intent together, so risk is judged by meaning and intent, not pattern matching alone.
ADJUDICATEMakes the call in real time, including the ambiguous cases. The verdicts are allow, redact, hold for human review, and block.
CORRELATEThe Security Context Graph's function, feeding the engine. It ties each interaction to identity, data, device, destination, history, and policy, so nothing is judged in isolation.

Logs decisions, not content

The graph is built from the runtime's decision records: classifications, identities, destinations, and verdicts, not from stored prompt content. The exception is hold for human review: a held item is visible to designated reviewers until they decide, and the trail then keeps the decision, not the content.

Process

How a verdict is made

One verdict is several judgments, composed. Specialist models classify the data an interaction carries, general models reason over meaning, intent, and context, and the engine adjudicates and enforces. Mixture-of-experts routing decides which specialists judge each interaction; mixture-of-agents composition decides how their judgments become one call.

  • Classification in flightSpecialist models read the data an interaction carries as it moves. Identifiers, credentials, records, source code, and the entities your organization has marked sensitive are classified in the decision path, each with a confidence score.
  • Mixture of expertsRouting puts the interaction in front of the specialists tuned for the data and risk it carries. A credential, a medical record, and a customer table each draw detection built for that class.
  • Reasoning in contextGeneral models weigh what the specialists found against the actor, the destination, and the request itself, with context drawn from the Security Context Graph. The question is what the interaction means and what it is trying to do.
  • Mixture of agentsSpecialist and general judgments are composed into one adjudication. Agreement compounds confidence. Disagreement escalates, and the more protective reading holds until the case is resolved.
  • Inline enforcementThe verdict is applied before the prompt reaches the model's API: allow, redact in place, hold for human review, or block, enforced on every surface the runtime governs.
  • Both directionsPrompts are judged on the way in. Responses are judged on the way out, screened as they stream and analyzed in depth once complete, so what a model returns is held to the same policy as what it is sent.

The roles stay separate. Specialists detect, general models reason, the engine adjudicates, and designated reviewers decide the holds. Each stage judges independently, and no single model is trusted alone with the call; a miss by one reading is not a miss by the engine. That is the composition the accuracy claim rests on.

What becomes possible when detection can reason

Meaning does not pattern-match; it has to be read. The engine applies AI to that judgment and does security work that was not possible before AI. It reads meaning in live traffic, weighs the intent behind a request, decides cases without a clean signature, and learns from every verdict it renders, on every interaction the runtime governs.

INTENTThe same data can be routine work or an exposure in progress. The engine reads the request around it, who is sending it, and where it is headed, and judges which one it is.
AMBIGUITYThe gray cases get a real verdict, in real time. When meaning or intent is genuinely unclear, the engine holds for human review instead of rounding the call to allow or block.
PRECISIONSensitivity is judged against your organization's own classifications, entities, and policies. A codename or a customer name that means nothing anywhere else is recognized for what it is here.
MOMENTUMEvery verdict feeds the Security Context Graph, including how reviewers decide the holds. The longer the engine runs, the sharper its judgment of what is sensitive for your organization.
Specification

Detection architecture

PositionInline in the runtime's decision path, before the prompt reaches the model's API
Engine functionsComprehend · Reason · Adjudicate
Judgment compositionMixture-of-experts routing · mixture-of-agents adjudication · specialist and general models
Judgment basisMeaning, intent, and context
DetectsSensitive data, threats, and policy violations
Context sourceSecurity Context Graph · identity, data, device, destination, history, policy
DirectionsPrompts on the way in · model responses on the way out
Learning substrateDecision records · metadata only, never prompt bodies
Ambiguous casesHold for human review
Deterministic rulesEnforced regardless of context · never overridden by semantic judgment
RetentionDecisions, not content · raw prompts and data are not retained as evidence
Where does the engine run?

Inline, in the runtime's decision path. The engine is not a sidecar reviewing copies of traffic after the fact. Analysis happens where enforcement happens, and the verdict is applied before the prompt reaches the model's API. One engine judges every surface the runtime governs, so a detection tuned once behaves the same in the app, at the gateway and API, for agents, and on the device.

Which models make the judgment?

The lineup and topology are not published; the approach is. Mixture-of-experts routing puts specialist models on the classes of data they are built for, and mixture-of-agents composition merges specialist and general judgments into one adjudication. The composition is benchmarked continuously, members are upgraded as stronger models arrive, and the engine's accumulated detection knowledge carries forward through the change, so accuracy compounds instead of resetting.

Does the engine train on our prompts?

No. Detection improves through the Security Context Graph, and the graph is built from the runtime's decision records, not from stored prompt content. Prompts are analyzed in the decision path and are not retained as evidence, so there is no stored corpus of prompt bodies to learn from. What accumulates is context. Each decision adds to the graph, and detection grows sharper the more your organization uses AI.

What happens when it cannot make the call?

Uncertainty has a verdict of its own. When meaning or intent is genuinely unclear, the interaction holds for human review rather than being guessed either way. Deterministic rules are unaffected: a class you designate always-block is blocked regardless of context, and semantic judgment never overrides a hard rule.

Walk me through one verdict.

Take the interaction drawn above. A verified finance user on a managed Mac sends a chat prompt to GPT-4.1, and the prompt carries a payment access key, classed secret. History shows 41 prior interactions, clean; policy DP-114 applies. The engine weighs all of it and redacts in place: the key comes out, the prompt proceeds to the model, and the decision is sealed as metadata-only evidence. The same key headed to a personal AI site draws a block instead; same key, different context, different verdict.

Solution

Data Protection

The engine on the data path: sensitive data judged in flight and stopped before the model.

Explore
Product

The App

The governed alternative to unsanctioned AI tools, without losing capabilities. The engine judges every interaction inside it.

Explore

Secure every
AI interaction.

30-day free trial