Gateway / Access Control
Data Policy Enforcement

Control what your AI
can see and share.

Gateway enforces data access rules at the AI layer. Engineering can't send financial data to a model. Finance can't get HR records back in a response. Agents stay scoped to the data their task requires.

Policy enforcement happens before inference runs. Sensitive data never reaches the model unless the actor is explicitly authorized.

Try the Policy Simulator
Input
Policy enforced before inference
Output
Response filtered by actor scope
Agents
Task-scoped data perimeters
The Problem

Without data access control, AI becomes a data aggregator.

Foundation models trained on your network data have no concept of who should see what. An engineer querying the AI could inadvertently surface salary data, board materials, or legal communications; not from the model's training, but from context injected by the application or retrieval system.

Example 1 — Input Risk

Engineering sends financial data

An engineer pastes a P&L spreadsheet into an AI prompt. Without input policy enforcement, that financial data reaches the model and potentially its context window for future responses.

Example 2 — Output Risk

Finance gets back salary data

Finance asks a legitimate question about Q3 revenue. The AI response includes HR records from the same retrieval context, all employee salaries, headcount plans, and performance data, because the model has no output scope.

Example 3 — Agent Risk

Agents access data beyond their task

A document processing agent is given network access to find and ingest legal contracts. Without data scoping, the same agent can traverse to HR records, financial reports, or any other data store it encounters.

Input Policy

Who can send what to the model.

Gateway checks every inbound request against actor-scoped data policies before routing to inference. Select an actor and data type to see the result.

Policy Simulator
Actor / Group
Data Type Being Sent
Policy check log
actor=
data_tag=
authorized_tags=
Full Policy Matrix
Group Financial PHI HR Legal General
Output Filtering

Responses filtered by what the actor is allowed to see.

Even when a query is legitimate, the AI response may reference data outside the actor's authorized scope. Gateway inspects every response and scrubs out-of-scope data before delivery.

Without Output Filtering
finance@acme.com asked: "Summarize Q3 performance" UNFILTERED
FINANCIAL — authorized
Q3 revenue: $4.2M (+18% YoY). Gross margin: 61%. Three enterprise deals closed in September. Pipeline conversion improved 12pts vs Q2.
HR_RECORDS — out of scope ⚠
Total headcount: 47. Engineering salaries averaged $178k. Two senior departures in Q3 flagged in performance system. Replacement cost estimated at $380k.
LEGAL_PRIVILEGED — out of scope ⚠
Pending acquisition term sheet reviewed by counsel. LOI signed Sept 14. Board approved valuation range of $38M–$44M pending due diligence.
With Gateway Output Filtering
finance@acme.com asked: "Summarize Q3 performance" FILTERED
FINANCIAL — delivered
Q3 revenue: $4.2M (+18% YoY). Gross margin: 61%. Three enterprise deals closed in September. Pipeline conversion improved 12pts vs Q2.
HR_RECORDS — scrubbed
3 fields removed — actor not authorized for HR_RECORDS
LEGAL_PRIVILEGED — scrubbed
2 fields removed — actor not authorized for LEGAL_PRIVILEGED
Scrubbing logged to audit trail. Actor received only authorized data. egress=LOCAL
Agent Data Scoping

Agents stay inside their data perimeter.

When an agent is invoked, Gateway assigns it a data scope tied to its task. Every downstream model call, tool invocation, and agent-to-agent message is checked against that scope. Agents cannot traverse to data stores outside their perimeter even when calling other agents.

Agent workflow — scope=LEGAL_DOCS
AGENT INVOKED
agent:legal-review
scope = LEGAL_DOCS only
ALLOWED
doc_search
LEGAL_DOCS
ALLOWED
summarize
LEGAL_DOCS
BLOCKED
hr_lookup
HR_RECORDS
INFO AGENT_STEP tool=doc_search scope=within_perimeter
INFO AGENT_STEP tool=summarize scope=within_perimeter
WARN SCOPE_VIOLATION tool=hr_lookup data=HR_RECORDS action=DENIED
INFO AGENT_COMPLETE scope_violations=1 egress=LOCAL

Autonomous AI needs
explicit data boundaries.

Agents are different from users — they operate autonomously, making dozens of model calls and tool invocations across a workflow. Without scope enforcement, a single compromised or misbehaving agent can traverse your entire data estate.

Gateway assigns each agent invocation a data scope at the point of creation. That scope propagates through every downstream call including calls to other agents. If an agent-to-agent message attempts to pass data outside the scope, it is blocked and logged before it reaches the next model.

Scope assigned at invocation
Every agent workflow begins with an explicit data scope. The scope is set by the administrator or the invoking application not by the agent itself.
Enforced through agent-to-agent calls
When an agent calls another agent via MCP, the scope travels with the request. The receiving agent cannot act on data outside the originating scope.
Every violation logged and auditable
Scope violations are logged as WARN events in the audit trail, including which tool was called, what data was attempted, and which policy rule blocked it.
Policy Configuration

Rules defined by your team. Enforced by Gateway.

Administrators configure data access policies through the Gateway admin panel. Rules map actor groups to authorized data tags for both input and output.

Gateway Admin — Data Access Policies
v1.0
IF actor.group = engineering AND data.tag = FINANCIAL
THEN action = BLOCK // input + output
ACTIVE
IF actor.group = finance AND response.contains = HR_RECORDS
THEN action = SCRUB // output only
ACTIVE
IF actor.type = agent AND data.tag NOT IN actor.scope
THEN action = DENY // tool call + model call
ACTIVE
IF data.tag = PHI AND actor.group NOT IN [medical, compliance]
THEN action = BLOCK // HIPAA — input + output
ACTIVE
All policy actions are logged. BLOCK and SCRUB events appear in the audit trail with actor, data tag, and rule matched.
Now Accepting Enterprise Pilots

Your AI.
Your network.
Your rules.

Define who can send what. Control what comes back. Scope every agent to only the data its task requires.

Portal deployments start in minutes. SAGA hardware ships to your data center.