Platform Intelligence Layer for Autonomous Agents

Your agents are accessing data
your compliance team
has never seen

AutoPIL enforces access policy at retrieval time — before sensitive data enters your agent's context window. Every decision is logged, auditable, and observable.

View on GitHub Read the docs
Agent
@guard.protect()
Policy Engine
ALLOW
/
DENY
Audit log  ·  Real-time alerting  ·  OpenTelemetry
The gap that existing tools miss

Data catalogs govern upstream.
Output filters govern downstream.
Nothing governs retrieval.

Autonomous agents in financial services, healthcare, and legal retrieve data at runtime — from vector stores, databases, and APIs. That moment is unprotected by your existing governance stack.

Data boundary violation
Agent reads another customer's credit history
No enforcement between the agent and the database. The query succeeds. The violation is invisible. You find out during a regulatory exam.
Cross-agent contamination
One agent consumes another agent's retrieved context
Agents in the same pipeline share session context. Without isolation enforcement, data retrieved for one agent bleeds into another.
Compliance blind spot
No audit trail for what any agent accessed
When auditors ask what data your AI touched and when, there is nothing to show. Every retrieval is invisible to your compliance team.
Silent policy violations
Denial spikes and new source access go undetected
Anomalies that would trigger immediate review in a human-operated system pass through an agentic pipeline without ever surfacing an alert.
How it works

One decorator.
Full enforcement.

Wrap your retrieval function. Every call is evaluated against your policies, written to an immutable audit log, and emitted as an OTEL span — without changing how your agent is structured.

1
Session isolation
The first agent to access a session owns it. Any other agent attempting the same session is immediately denied and logged.
2
Policy evaluation
Source allowlists, denylists, and sensitivity ceilings are evaluated in order. No matching policy defaults to deny.
3
Audit event recorded
Every decision — allow or deny — is written with the policy name, reason, context hash, and timestamp. Append-only. No delete API.
4
Alert rules evaluated
Threshold rules fire webhook or email notifications on denial spikes, new source access, and isolation violations.
retrieval.py 
from autopil import ContextGuard, SensitivityLevel

guard = ContextGuard(
    policy_path="policies/financial_services.yaml",
    audit_db="autopil.db",
)

@guard.protect(
    agent_role="loan_underwriter",
    user_id="user_001",
    source_id="credit_scores",
    sensitivity_level=SensitivityLevel.HIGH,
    session_id=session_id,
)
def get_credit_score(customer_id: str) -> dict:
    return credit_db.query(customer_id)

# ALLOW — policy matched, audit event logged, OTEL span emitted
score = get_credit_score("cust_abc")

# DENY — raises PermissionError, denial logged, alert rules checked
# source='executive_comms' is on the denylist for this role
policies/financial_services.yaml 
policies:
  - name: loan_underwriter_policy
    agent_role: loan_underwriter
    allowed_sources:
      - credit_scores
      - loan_history
      - property_valuations
    denied_sources:
      - executive_communications
      - internal_risk_models
    max_sensitivity: high
Capabilities

Everything your compliance team
needs to say yes to agentic AI

Built specifically for financial services, healthcare, and legal — where a data access violation is a compliance incident, not just a bug.

🔒
Policy engine
YAML-based policies with source allowlists, denylists, and sensitivity ceilings. Deny by default. Hot-reload without service restarts. Full CRUD via REST API with version history.
policies/
📋
Immutable audit log
Every retrieval attempt is logged — decision, policy matched, reason, context hash, and timestamp. Append-only. No delete API. SQLite for dev, Postgres for production.
audit_events
🔔
Real-time alerting
Threshold rules on denial spikes, new data source access, cross-agent isolation violations, and high deny rates. Webhook and email delivery with per-rule cooldowns.
AlertEngine
📡
OpenTelemetry
Spans and metrics emitted from every policy evaluation. Routes to Datadog, Grafana, and Splunk via OTEL_EXPORTER_OTLP_ENDPOINT. Zero overhead when not configured.
autopil.evaluate
🏢
Multi-tenancy
Row-level tenant isolation across all tables. Each tenant's audit events, policies, and alert rules are fully separated. Superadmin provisioning via REST API.
tenant_id
🔗
Cross-agent isolation
A session belongs to the first agent that accessed it. Any other agent attempting the same session is automatically denied and logged — no configuration needed.
cross_agent_isolation
For CDAOs and Data Governance leaders

Governance that keeps
pace with agentic AI

"Most enterprise data governance frameworks were designed for humans querying data. Autonomous agents operate at a fundamentally different speed and scale — and the governance tools have to catch up."

  • Role-based access enforcement at the retrieval layer — not just at the application layer
  • Immutable audit trail your compliance team can present to regulators without preparation
  • Real-time alerts when an agent touches data it shouldn't — before the next retrieval happens
  • Policy version history for every change — who changed what, and when
  • Hot-reload policies without restarting agents or disrupting production pipelines
Financial Services Healthcare Legal SOX-adjacent GDPR HIPAA
Query the audit log 
# What did the loan_underwriter agent access today?
curl "https://api.autopil.ai/v1/audit/events\
  ?agent_role=loan_underwriter\
  &decision=ALLOW\
  &limit=50" \
  -H "X-API-Key: apl_yourkey"

# Response
[
  {
    "event_id": "evt_abc123",
    "agent_role": "loan_underwriter",
    "source_id": "credit_scores",
    "decision": "ALLOW",
    "policy_name": "loan_underwriter_policy",
    "timestamp": "2026-03-26T14:22:01Z"
  },
  ...
]
Set an alert rule 
# Alert if deny rate exceeds 20% in any 10-minute window
curl -X POST "https://api.autopil.ai/v1/alerts/rules" \
  -H "X-API-Key: apl_yourkey" \
  -d '{
    "rule_type": "high_deny_rate",
    "threshold": 0.20,
    "window_minutes": 10,
    "notify_url": "https://hooks.slack.com/..."
  }'
SDKs

Python and TypeScript

Embed the Python SDK directly in your agent. Use the TypeScript SDK to call the REST API from Node-based platforms, internal dashboards, or enterprise tooling.

Python autopil 
# pip install autopil
from autopil import ContextGuard

guard = ContextGuard(
  policy_path="policies.yaml",
  audit_db="autopil.db",
)

@guard.protect(
  agent_role="analyst",
  user_id="u1",
  source_id="reports",
)
def retrieve(query):
  return vectorstore.search(query)
TypeScript @autopil/sdk 
// npm install @autopil/sdk
import { AutoPilClient } from "@autopil/sdk"

const client = new AutoPilClient({
  baseUrl: "https://api.autopil.ai",
  apiKey:  process.env.AUTOPIL_API_KEY,
})

const result = await client.context.evaluate({
  agent_role: "analyst",
  source_id:  "reports",
  user_id:    "u1",
  query:      "Q3 earnings trend",
})

if (result.decision === "DENY") {
  throw new Error(result.reason)
}
Built by practitioners

Designed by someone who has lived
the problem at enterprise scale

Anil Solleti
Partner, VibrantCapital.ai  ·  Former Head of Consumer Data, Citibank

AutoPIL was built out of a real gap observed while leading enterprise AI and data governance programs at Citi — where autonomous agents were being deployed into regulated environments without any enforcement layer at retrieval time. The problem isn't hypothetical. The compliance and audit requirements are real, and existing tools weren't designed for how agents actually work.

25+
years in data & AI at scale
100PB
data platform built at Verizon/Citi
100+
patents across data and AI

Bring governance to
your agent stack

Govern the context. Trust the agent.

Whether you're evaluating AutoPIL for a production deployment or exploring what retrieval-layer governance looks like for your organization — reach out.

Get in touch View on GitHub