One runtime governs the whole path
Secure every AI interaction. That is the one promise First Recon makes, and AI Security Runtime is what keeps it: the security foundation under everything we deliver. The runtime understands, secures, and proves every AI interaction, from device to model. Four functions run on each one, inline, across app, gateway, API, agent, tool, and endpoint. A single control point watches traffic; the runtime governs the whole path.
How AI Security Runtime governs every interaction, inline
Four functions. Every interaction.
| Function | What it does | Where it acts |
|---|---|---|
| OBSERVE | Sees every AI interaction: who or what is acting, what data, which model, where it is headed. | App, gateway, API, agent, tool, endpoint |
| DETECT | Catches sensitive data, threats, and policy violations in real time, judged by meaning and intent. | Inline, before the model |
| ENFORCE | Acts inline: allow, redact, hold, or block, on every surface. | Before data reaches a model |
| TRACE | Records every decision as sealed, metadata-only evidence, ready for SIEM and compliance reporting. | Every decision, every surface |
What runs inside the runtime
Six components run on the governed path, under one policy surface. Together they cover the outcomes a security program is measured on: observability of every AI interaction, protection from prompt injection, sensitive data secured in flight, shadow AI surfaced, agent actions governed, and spend held to budget.
- AI FirewallEdge protection for AI traffic. Prompt injection, jailbreak attempts, and malicious payloads are detected and stopped before they reach a model; abusive traffic is filtered before it consumes a token.
- AI GatewayThe enforcement position on the network path: every major model behind one governed route, with policy, rate limits, and live visibility applied to the API and agent traffic that crosses it.
- Semantic Data SecuritySensitive data judged by meaning and intent as it moves, redacted in place or stopped before the prompt reaches the model's API. How data is protected.
- Shadow AI DiscoveryMaps the AI already in use, including tools the enterprise does not own or host, and gives every route a governed path forward. How discovery works.
- Agent SecurityJudges the actions agents take: every tool call and handoff observed, held to policy, and enforced before execution. How agents are governed.
- Cost & Budget ControlsSpend metered on the governed path and attributed per user, team, and model, with caps enforced inline, before the model call. How budgets hold.
One policy surface, every position. The six components run on one governed path: detection across them is powered by Semantic Security, every decision lands in the record behind AI Observability, and a policy written once holds from any device to any model.
An engine that reasons and decides
The Semantic Security Engine™ is the intelligence in the runtime. It comprehends each interaction, reasons over what it carries and what it intends, and adjudicates in real time, drawing on the Security Context Graph™, the connected record of identity, data, device, destination, history, and policy behind each decision. Every verdict feeds the graph, so detection grows sharper the more your organization uses AI.
| ALLOW | Interactions that pass policy proceed to the model without interruption. The decision is still traced. |
| REDACT | Sensitive spans are masked in place; work keeps moving without the exposure. |
| HOLD | The interaction pauses for human review, visible to designated reviewers until they decide. The trail then keeps the decision, not the content. |
| BLOCK | The interaction stops before the prompt reaches the model's API, recorded with the policy that stopped it. |
Delivered two ways
The runtime ships as two products, an endpoint agent and a secure workspace. Policy, detection, and evidence stay consistent between them, from any device to any model.
Endpoint Agent
The runtime on macOS and Windows devices, covering AI tools the enterprise does not own or host. The deployment with the highest levels of control and enforcement.
Explore the endpoint agentThe App
Chat, agents, and company knowledge in one secure workspace. The governed alternative to unsanctioned AI tools, without losing capabilities.
Explore the appControl you can prove
Every decision the runtime makes lands in one console as audit-ready evidence, and the dashboards your team works from are fed live by the same decisions that enforce policy. When an auditor, the board, or a regulator asks how AI is governed, you answer from the record.
The security view of the console that governs every runtime surface. One source feeds the dashboards and the audit trail; there is nothing to reconcile.
Architecture and deployment
| Surfaces | App · gateway · API · agent · tool · endpoint |
| Interactions | Human to model · agent to tool · agent to agent |
| Enforcement point | Inline, before data reaches a model |
| Verdicts | Allow · redact · hold for human review · block |
| Decision layer | Semantic Security Engine · Security Context Graph |
| Functions | Observe · Detect · Enforce · Trace |
| Models | OpenAI, Anthropic, Google, Meta, and more |
| Evidence | Sealed, metadata-only evidence · SIEM export |
Where does enforcement run?
Where the interaction happens. The agent acts on the device, the workspace acts as people work, and the gateway and API act on the network path. Each position runs the same four functions and reports to the same policy surface, so coverage does not depend on forcing every request through one box. Deploy the positions in any order; policy and evidence stay consistent across them.
What does inline enforcement do to latency?
Where the decision runs depends on the position. On the device and in the workspace, the verdict is made where the interaction already is, so enforcement adds no network hop; at the gateway, the hop is the deployment itself. Every receipt records its own decision latency, and overhead is measured per interaction in your own evidence. Before rollout, our engineers walk your architects through latency on your traffic profile.
Who decides the ambiguous cases?
The Semantic Security Engine adjudicates in real time, including cases where meaning and intent are genuinely unclear. When policy calls for a person, the interaction holds for review; designated reviewers see it, with its context attached, in the same console. As with every hold, the trail keeps the decision, not the content.
What is kept as evidence, and where does it go?
The runtime logs decisions, not content. Every verdict is written as sealed, metadata-only evidence carrying the surface, the actor, the detection class, the policy and version, the action taken, and an integrity hash. Each receipt seals at decision time and streams to your SIEM as it happens, so you hold an independent copy to check the record against. Raw prompts and data are not retained as evidence. The trail accumulates into what an audit asks for. What ran, what was enforced, and why.