Private previewDesign partner program is open

Onterix Protect

Data policy at the moment of use.

Access to a source is not permission to send its content to every model, recipient, artifact, or destination. Onterix is designed to make that downstream boundary visible and enforceable.

01Source labels and field classificationsinherit
02Onterix baseline secret and PII checksdetect
03Enterprise DLP providercompose
04Customer classifier or sanitizercustom
05OPA destination decisionenforce

Compose, don’t replace

Make your existing data controls agent-aware.

Onterix owns when inspection must occur and how findings meet identity, client, source, purpose, action, and destination policy. Your enterprise or approved vendors can own how sensitive content is detected and transformed.

Built in

Baseline provider

Deterministic secrets and baseline PII checks, normalized findings, safe failure behavior, and conformance fixtures for every deployment.

Enterprise

Existing DLP services

Compose with Purview, cloud DLP, proprietary classifiers, tokenization services, or other approved protection endpoints.

Customer-controlled

Typed custom modules

Run signed modules as local services or sandboxed artifacts—without connector credentials, unrestricted egress, or final authorization power.

Mandatory boundaries

Inspect where meaning changes.

Different destinations and purposes create different risk. The same source content may be safe for internal retrieval, prohibited for an external model, and permitted again after a governed transformation.

01

Prompt ingress

Inspect managed prompts and uploads before they become agent context.

02

Source to agent

Combine source-native labels, ACLs, purpose, and destination—not just content patterns.

03

Agent to model

Evaluate the fully composed model request after retrieval, instructions, and prior steps.

04

Capability input

Inspect proposed tool arguments and normalize sensitive fields before execution.

05

Write payload

Seal protection provider, ruleset, and transformation versions into the approval.

06

Artifact and delivery

Recheck generated files, messages, email recipients, downloads, and external delivery.

Policy outcomes

More precise than allow or block.

Protection findings become facts for policy. The runtime can choose the least risky path that still preserves useful work.

  • Allow unchanged
  • Minimize context
  • Redact fields
  • Mask values
  • Tokenize identities
  • Create safe derivative
  • Force model route
  • Require approval
  • Metadata only
  • Quarantine
  • Deny

Coverage boundary

Precise coverage is a security feature.

Onterix can govern only data and actions that pass through an Onterix runtime, ingress, model route, artifact path, or integrated enterprise control.

FlowCoverageReason
Agent reads Salesforce through OnterixIn boundaryIdentity, source, destination, content, and result are visible to the runtime.
Onterix sends retrieved context to a modelIn boundaryThe composed request passes through the configured model route and protection chain.
User uploads a file directly to unmanaged AIOutside by defaultRequires vendor policy, CASB, endpoint, browser, or another integrated enterprise control.
Agent calls a connector outside OnterixOutsideNo Onterix-controlled enforcement point observes the transaction.

Bring your controls

Turn enterprise data policy into agent runtime policy.

Help us validate typed extension contracts against real DLP, classification, model-routing, and customer-local sanitization requirements.