AgentIQ

The control plane for AI agents.

Know what your agents did. Decide what they can do next.

AgentIQCONTROL PLANE ENCRYPTED LIVE
Identity Policies Guardrails
every action checked & logged 1,247 ✓ · 311
The control plane for AI agents. Nothing runs unguarded.

The problem

Your agents can already act, and nothing is stopping the wrong action.

An agent calls a tool, reaches a model, touches data, takes a step. Without enforcement at runtime, the most you get is a dashboard telling you what already went wrong.

Mirror restores Identity + Policy · rules it can never bend.

Capabilities

Six pieces. One control plane.

Identity, policy, guardrails, redaction, trace, routing. Composed into one runtime that runs end-to-end on every agent action.

    Agent identity & registry

    workload identity · last activity

    Tool, MCP & skill security

    every place an agent reaches out

    Decision governance

    the policy engine

    Guardrails

    32+ across three lanes

    Decision storytelling

    plain English · daily summary

    Cross-agent trace

    coverage · gaps · evidence

The control plane

AgentIQ runs end-to-end on every agent action your team ships.

Encrypted guardrails · the decision stream

Policy checks that never see the prompt.

Two enforcement primitives, one signed verdict. A natural-language policy engine for the rules you write (deny-by-default, domain packs for finance, healthcare, GDPR, HIPAA). And 32+ pre-trained guardrail models for the threats you don't write rules for: prompt injection, PII, jailbreak, content safety, tool abuse. The guardrails run encrypted end to end via VectaX, so the policy engine decides without the plaintext ever existing outside the agent. Block, redact, watch, allow. Every decision is signed, attributable, and queryable in under 25 ms.

Every row below is the verdict of an encrypted guardrail check. The classifier saw ciphertext. The decision is signed. The plaintext never left the agent.

Decision Stream
live
1,284
Calls Today
37
Blocked
112
Redacted
4
Lanes

Why it's a control plane, not a dashboard

Not another agent dashboard. A control plane.

An agent dashboard

  • Shows you charts after the fact
  • Flags risky behaviour for review
  • Treats agents as anonymous traffic
  • Audit trail rebuilt from logs
  • Risk owner gets a number, not a story

AgentIQ control plane

  • Explains every decision in plain English
  • Blocks at runtime, not flagged later
  • Agent identity is first-class on every trace
  • Signed decision record on every call
  • One control plane across every tool and MCP

Frequently asked

Questions, answered

We already have application security tools. Why do we need something separate for AI agents?
AgentIQ is the control plane for AI agents, a problem traditional AppSec was never designed to solve. WAFs and SAST work on deterministic code with known vulnerability patterns. AI agents are non-deterministic: the same input can produce different outputs, and risks like prompt injection, PII leakage, and policy violations emerge dynamically through language and context. AgentIQ monitors AI inputs and outputs in real time, enforcing policy and 32+ guardrail models on every action before threats reach users or downstream systems.
What threats does AgentIQ actually block?
AgentIQ blocks the threats at the top of the OWASP LLM Top 10 and OWASP Agentic Security Initiative framework: prompt injection (malicious inputs that override system instructions), PII leakage (sensitive personal data leaving the customer's environment), unauthorized tool use (agents calling APIs beyond permitted scope), and policy violations (behavior outside defined rules). Every decision is signed and attributable, with verdicts (block, redact, watch, allow) issued in under 25 ms.
Will AgentIQ slow down our AI applications? What's the latency impact?
AgentIQ's runtime checks complete in under 25 ms inline, fast enough for production agent workflows without meaningful user-facing delay. Policy configurations support soft detection (log and flag) for lower-risk interactions and hard blocking for high-severity threats like prompt injection or PII exposure. The customer defines the risk tolerance per route; AgentIQ enforces it without adding a bottleneck.
How is your policy engine different from your 32+ guardrail models?
They are two enforcement primitives, not one. The policy engine carries the customer's own rules: deny-by-default, written in natural language, with domain packs for finance, healthcare, GDPR, and HIPAA. The 32+ guardrail models are pre-trained classifiers for threats the customer doesn't write rules for: prompt injection, PII, jailbreak, content safety, tool abuse. Both run on every action, on the same signed verdict path. Policies handle the 'is this allowed for this user', guardrails handle the 'is this safe regardless of who's asking'.
How do we know if our guardrails are actually working?
AgentIQ surfaces policy violations detected, prompt injection attempts blocked, PII redaction events, escalation frequency, and audit trail completeness in a real-time dashboard. Behavioral drift is tracked separately, flagging when an agent starts operating outside its intended parameters over time. This is the continuous-monitoring posture NIST AI RMF and EU AI Act Article 9 risk management requirements point toward. The signed decision stream is also queryable as raw events for SIEM integration.
We're deploying a customer-facing AI assistant. What's our liability if it leaks customer data?
AgentIQ protects customer-facing AI deployments through two enforcement layers: pre-model PII detection that strips sensitive data before it reaches any external LLM, and post-model output filtering that catches leakage before responses reach users. This dual-layer architecture addresses GDPR, CCPA, HIPAA, and EU AI Act obligations for AI systems that handle personal data. For regulated industries, AgentIQ produces the documented, auditable controls legal and compliance teams need, with a signed evidence trail.

Get started

See encrypted AI security in action.

FHE-native inference. Runtime agent guardrails. Continuous red teaming. One platform. Book a working session with the team.

Six layers. One agent estate.

Every Mirror product is one layer of the same surface. Adopt one, or stack them.

VectaX

AI Data Security

Encrypt context, prompts, embeddings, and inference output end-to-end. AI keeps working on data that's mathematically guaranteed to stay private.

Explore VectaX

DiscoveR

Vulnerability Scanning

Hunt prompt injection, model leaks, and AI-specific zero-days as they emerge across every model, agent, and integration in your stack.

Explore DiscoveR

AgentIQ

AI Agent Security

Watch every action, tool call, and decision from your agents. Anomaly alerts, automated response, and a full audit trail built for compliance.

Explore AgentIQ

Zero

AI Governance

The agent estate, governed. Discovers every AI agent (sanctioned or shadow) and runs the four governance workflows.

Explore Zero

Gateway

AI Gateway

Inspect, authenticate, and throttle traffic before it reaches your models. Prompt firewall, edge auth, and policy enforcement with an audit trail at the door.

Explore Gateway

CodePrism

AI Coding

Coding on encrypted code. Coding assistance, indexing, review, and security scans, all on ciphertext.

Explore CodePrism