One runtime governs the whole path

Secure every AI interaction. That is the one promise First Recon makes, and AI Security Runtime is what keeps it: the security foundation under everything we deliver. The runtime understands, secures, and proves every AI interaction, from device to model. Four functions run on each one, inline, across app, gateway, API, agent, tool, and endpoint. A single control point watches traffic; the runtime governs the whole path.

How AI Security Runtime governs every interaction, inline

Four functions. Every interaction.

FunctionWhat it doesWhere it acts
OBSERVESees every AI interaction: who or what is acting, what data, which model, where it is headed.App, gateway, API, agent, tool, endpoint
DETECTCatches sensitive data, threats, and policy violations in real time, judged by meaning and intent.Inline, before the model
ENFORCEActs inline: allow, redact, hold, or block, on every surface.Before data reaches a model
TRACERecords every decision as sealed, metadata-only evidence, ready for SIEM and compliance reporting.Every decision, every surface
Components

What runs inside the runtime

Six components run on the governed path, under one policy surface. Together they cover the outcomes a security program is measured on: observability of every AI interaction, protection from prompt injection, sensitive data secured in flight, shadow AI surfaced, agent actions governed, and spend held to budget.

  • AI FirewallEdge protection for AI traffic. Prompt injection, jailbreak attempts, and malicious payloads are detected and stopped before they reach a model; abusive traffic is filtered before it consumes a token.
  • AI GatewayThe enforcement position on the network path: every major model behind one governed route, with policy, rate limits, and live visibility applied to the API and agent traffic that crosses it.
  • Semantic Data SecuritySensitive data judged by meaning and intent as it moves, redacted in place or stopped before the prompt reaches the model's API. How data is protected.
  • Shadow AI DiscoveryMaps the AI already in use, including tools the enterprise does not own or host, and gives every route a governed path forward. How discovery works.
  • Agent SecurityJudges the actions agents take: every tool call and handoff observed, held to policy, and enforced before execution. How agents are governed.
  • Cost & Budget ControlsSpend metered on the governed path and attributed per user, team, and model, with caps enforced inline, before the model call. How budgets hold.

One policy surface, every position. The six components run on one governed path: detection across them is powered by Semantic Security, every decision lands in the record behind AI Observability, and a policy written once holds from any device to any model.

An engine that reasons and decides

The Semantic Security Engine™ is the intelligence in the runtime. It comprehends each interaction, reasons over what it carries and what it intends, and adjudicates in real time, drawing on the Security Context Graph™, the connected record of identity, data, device, destination, history, and policy behind each decision. Every verdict feeds the graph, so detection grows sharper the more your organization uses AI.

ALLOWInteractions that pass policy proceed to the model without interruption. The decision is still traced.
REDACTSensitive spans are masked in place; work keeps moving without the exposure.
HOLDThe interaction pauses for human review, visible to designated reviewers until they decide. The trail then keeps the decision, not the content.
BLOCKThe interaction stops before the prompt reaches the model's API, recorded with the policy that stopped it.
Products

Delivered two ways

The runtime ships as two products, an endpoint agent and a secure workspace. Policy, detection, and evidence stay consistent between them, from any device to any model.

Product

Endpoint Agent

The runtime on macOS and Windows devices, covering AI tools the enterprise does not own or host. The deployment with the highest levels of control and enforcement.

Explore the endpoint agent
Product

The App

Chat, agents, and company knowledge in one secure workspace. The governed alternative to unsanctioned AI tools, without losing capabilities.

Explore the app
The network path is part of the platform, not a third product. Sanctioned tools route through the AI gateway and in-house builds call the API. A rule written once is enforced at every position.
The console

Control you can prove

Every decision the runtime makes lands in one console as audit-ready evidence, and the dashboards your team works from are fed live by the same decisions that enforce policy. When an auditor, the board, or a regulator asks how AI is governed, you answer from the record.

First Recon AI · Admin Console
Security dashboard fed live by runtime decisions: threats blocked today, security alerts, policy violations, and security events over time

The security view of the console that governs every runtime surface. One source feeds the dashboards and the audit trail; there is nothing to reconcile.

Specification

Architecture and deployment

SurfacesApp · gateway · API · agent · tool · endpoint
InteractionsHuman to model · agent to tool · agent to agent
Enforcement pointInline, before data reaches a model
VerdictsAllow · redact · hold for human review · block
Decision layerSemantic Security Engine · Security Context Graph
FunctionsObserve · Detect · Enforce · Trace
ModelsOpenAI, Anthropic, Google, Meta, and more
EvidenceSealed, metadata-only evidence · SIEM export
Where does enforcement run?

Where the interaction happens. The agent acts on the device, the workspace acts as people work, and the gateway and API act on the network path. Each position runs the same four functions and reports to the same policy surface, so coverage does not depend on forcing every request through one box. Deploy the positions in any order; policy and evidence stay consistent across them.

What does inline enforcement do to latency?

Where the decision runs depends on the position. On the device and in the workspace, the verdict is made where the interaction already is, so enforcement adds no network hop; at the gateway, the hop is the deployment itself. Every receipt records its own decision latency, and overhead is measured per interaction in your own evidence. Before rollout, our engineers walk your architects through latency on your traffic profile.

Who decides the ambiguous cases?

The Semantic Security Engine adjudicates in real time, including cases where meaning and intent are genuinely unclear. When policy calls for a person, the interaction holds for review; designated reviewers see it, with its context attached, in the same console. As with every hold, the trail keeps the decision, not the content.

What is kept as evidence, and where does it go?

The runtime logs decisions, not content. Every verdict is written as sealed, metadata-only evidence carrying the surface, the actor, the detection class, the policy and version, the action taken, and an integrity hash. Each receipt seals at decision time and streams to your SIEM as it happens, so you hold an independent copy to check the record against. Raw prompts and data are not retained as evidence. The trail accumulates into what an audit asks for. What ran, what was enforced, and why.

Platform

Semantic Security

The engine that understands and reasons over every interaction, judging each one in context.

Explore
Solution

Compliance & Audit

When the record needs to become proof for an auditor, a customer, or a regulator.

Explore

Secure every
AI interaction.

30-day free trial