NEW Runtime governance for MCP servers and agentic workflows

Runtime Governance for
Agentic AI Systems.

RAGuard governs what enterprise AI systems are allowed to do in production. It mediates prompts, retrieved context, tool access, and policy decisions across agents, RAG pipelines, and MCP-enabled workflows in under 300ms.

<300ms Runtime overhead
6 layers of protection
1M free requests to start
ZKP Compliance proof
No model changes No provider lock-in One endpoint change
The Problem

Your AI security tools are solving yesterday's problem.

Traditional tools evaluate risk one prompt at a time. But your AI isn't a chatbot — it's a stateful agent operating across sessions, tools, and time.

Four threats your current stack can't stop

These aren't theoretical edge cases. They're the attack patterns active in production AI deployments today — invisible to tools built on stateless assumptions.

See how RAGuard stops them

Prompt Injection

Malicious inputs embedded in user messages, retrieved docs, or tool outputs that hijack model behaviour at inference time.

Sensitive Data Leakage

PII, credentials, and proprietary data flowing through prompts and responses without detection or redaction.

Instruction Persistence

Authority silently accumulated across multi-turn sessions — agents following instructions from sources never re-validated.

Compliance Blindness

No audit trail. No evidence. No way to prove what your AI did, why it did it, or who authorised it.

Traditional Tools — The Stateless Fallacy
Turn 1: "Help me write code"PASS
Turn 2: "Ignore previous instructions…"PASS
Turn 3: Now following injected logicUNSEEN
Turn 4: Customer data exfiltratedBREACH

Each turn is evaluated in isolation. Context accumulates undetected.

RAGuard — Stateful Threat Model
Turn 1: "Help me write code"TRACKED
Turn 2: Injection detected + blockedBLOCKED
Authority re-verified. Audit logged.SECURED
Session integrity maintainedSAFE

Every turn tracked. Intent provenance continuously validated.

The Solution

A Runtime Governance Layer Built for the AI Era.

RAGuard sits inline between your applications, models, tools, and workflows to inspect risk, mediate actions, enforce policy, and retain governance evidence. No model changes. No provider lock-in.

Clients · sources
Chat appuser prompts
AI agentautonomous tool calls
RAG pipelineretrieval + context
Coding agentOpenCode · Cline
FrameworksLangChain · LlamaIndex
RAGuard Runtime Layer
Inline AI security gateway
LIVE
Ready
Prompt risk Tool / MCP DLP OPA policy ZKP audit
Awaiting traffic…IDLE
 ms·0 inspected·p95 < 300ms
Providers · destinations
OpenAIOpenAI/v1/chat/completions
Anthropic/v1/messages
AWSAWS Bedrockconverse API
AzureAzure OpenAIdeployments
Google GeminigenerateContent
Self-hostedvLLM · open models
No model changes required No provider renegotiation One endpoint change Sub-300ms overhead
Core Capabilities

Six layers of runtime control.
One enforcement point.

01 — Threat Detection

Prompt Injection Detection

Two-tier detection: fast regex patterns combined with ML classification (Meta Prompt Guard 2). Catches known attack patterns, encoded payloads, and novel injection attempts with configurable confidence thresholds.

Regex engineML classifierConfigurable thresholds
02 — Data Protection

Deep Data Loss Prevention

Named Entity Recognition plus pattern matching detects and redacts PII (emails, SSNs, phone numbers, credit cards), unstructured entities (names, orgs, locations), and secrets (API keys, tokens, credentials).

NER engineSecret scanningBi-directional
03 — Content Safety

Content Safety Classification

Identifies harmful content across five categories: hate speech, insults, sexual content, violence, and misconduct. Per-category actions — block, mask, or log — are configurable to your product's risk tolerance.

5 harm categoriesPer-category policyBlock/mask/log
04 — Response Filtering

Output Sanitisation

Post-processing layer catches what the model itself failed to prevent: credential leakage in generated code, hallucinated PII in responses, and policy violations in model outputs before they reach your users.

Code inspectionHallucination PIIResponse rewrite
05 — Policy Governance

Policy-as-Code Enforcement

Define granular, tenant-specific rules in Rego using Open Policy Agent (OPA). Control detection thresholds, feature flags, redaction rules, and rate limits. Version-controlled and instantly deployable like any infrastructure policy.

OPA / RegoMulti-tenantVersion controlled
06 — Compliance

ZKP Audit Trail

Every interaction is logged with immutable records, risk scores, and Zero-Knowledge Proof-based evidence bundles. Prove compliance to auditors without exposing interaction content. Designed for GDPR, HIPAA, and EU AI Act.

Zero-Knowledge ProofsSHA-256 hashingTamper-proof
01 — Threat Detection

Prompt Injection Detection

Two-tier detection: fast regex patterns combined with ML classification (Meta Prompt Guard 2). Catches known attack patterns, encoded payloads, and novel injection attempts with configurable confidence thresholds.

Regex engineML classifierConfigurable thresholds
03 — Content Safety

Content Safety Classification

Identifies harmful content across five categories with per-category configurable actions.

5 harm categoriesPer-category policy
02 — Data Protection

Deep Data Loss Prevention

NER plus pattern matching for PII, credentials, and secrets — bi-directional across prompts and responses.

NER engineSecret scanning
04 — Response Filtering

Output Sanitisation

Post-processing catches credential leakage in generated code, hallucinated PII, and policy violations in model outputs.

Code inspectionHallucination PII
05 — Policy Governance

Policy-as-Code Enforcement

OPA/Rego tenant-specific rules, version-controlled and instantly deployable.

OPA / RegoMulti-tenant
06 — Compliance

ZKP Audit Trail

Zero-Knowledge Proof evidence bundles. Prove compliance without exposing content. Designed for GDPR, HIPAA, EU AI Act.

Zero-Knowledge ProofsTamper-proof
Integration

One endpoint change.
Complete protection.

RAGuard requires no changes to your AI models, no renegotiation of provider contracts, and no infrastructure overhaul. Change one environment variable. Start protecting immediately.

1

Point your AI calls to RAGuard

Replace your LLM provider base URL with your RAGuard proxy endpoint. One environment variable.

2

Configure your policy

Start with secure-by-default templates or define custom Rego policies for your tenant's risk profile.

3

Monitor and prove compliance

Every interaction is logged, scored, and cryptographically attested. Your dashboard surfaces threats in real time.

Full architecture deep-dive
client.js
import OpenAI from "openai";   // Point your existing client at RAGuard — one-line change const client = new OpenAI({ baseURL: "https://your-tenant.raguard.ai/v1", apiKey: process.env.OPENAI_API_KEY, });   // All requests now inspected + protected
Solutions

Built for every AI deployment pattern.

AI-Native Startups

Ship fast without inheriting security debt. Enterprise-grade controls at a price point that makes sense before Series A. Full feature access on the free tier — no capability limits, no surprises.

Learn more

Enterprise AI Deployment

Satisfy your CISO, pass your security review, and maintain the audit trail your compliance team needs — without slowing down your AI roadmap. SSO, SLAs, self-hosted deployment available.

Learn more

Regulated Industries

GDPR, HIPAA, and EU AI Act compliance with cryptographic proof. Know exactly what your AI processed, when, and why — and prove it to auditors without exposing a single sensitive record.

Learn more

Agents, RAG & MCP Workflows

External content, tool output, and cross-system actions all create runtime trust boundaries. RAGuard governs retrieved context, agent actions, and MCP tool access instead of stopping at prompt filtering.

Learn more
Compare RAGuard

See where runtime governance fits in your stack.

Prompt defence, AI gateways, MLSecOps platforms, cloud-native shields, and red-team tools each solve a different layer. RAGuard is designed for governed AI behaviour in production.

vs Lakera

Lakera protects AI conversations. RAGuard governs what agents are allowed to do after prompts become plans, tool calls, and workflow actions.

Read comparison

vs Portkey

Portkey routes AI traffic. RAGuard adds runtime trust boundaries, tenant-aware policy enforcement, and governance evidence above infrastructure.

Read comparison

vs Protect AI

Protect AI secures the AI lifecycle. RAGuard focuses on production agent behaviour, tool execution, and runtime policy enforcement.

Read comparison

vs Microsoft Prompt Shields

Microsoft protects Azure AI workloads. RAGuard provides vendor-neutral runtime governance across models, clouds, tools, and tenants.

Read comparison

vs Gray Swan AI

Gray Swan discovers AI weaknesses. RAGuard enforces safe behaviour when production agents operate across tools, memory, and workflows.

Read comparison

vs Akto

Akto helps discover and test APIs and agentic exposure. RAGuard governs how AI agents use those APIs at runtime.

Read comparison
<300ms P99 runtime overhead added to your AI requests
6 Independent protection layers in every request
ZKP Governance evidence for audits, assurance, and runtime accountability
OPA Policy-as-code decisions using the same framework trusted across cloud infrastructure
Pricing

Enterprise protection.
No enterprise price tag to start.

Start with 1 million protected requests or 1 month free — whichever comes first. Full feature access. No credit card required.

Free
$0
1M requests or 1 month — full capabilities, no limits
  • Prompt injection detection
  • Deep DLP & PII redaction
  • Content safety classification
  • OPA policy enforcement
  • ZKP audit trail
  • OpenAI & Anthropic adapters
Start Free
Enterprise
Custom
SLAs, SSO, self-hosted, and the full governance platform
  • Everything in Startup
  • Self-hosted deployment
  • SSO / SAML
  • Dedicated SLA
  • Compl-AI + Remed-AI access
  • Dedicated security engineer
Contact Sales
View full pricing and feature comparison →
Get Started

Your AI is in production.
Is your security?

Deploy RAGuard in minutes. Protect 1 million AI requests free. No infrastructure changes. No credit card.

Trusted by AI teams at startups and enterprise. From day-one deployment to regulated industry governance.