Start Free Trial
For CDAOs and Data Governance Leaders

Governance that keeps
pace with agentic AI

Your existing data governance frameworks were built for humans querying data. Autonomous agents operate at a fundamentally different speed and scale. AutoPIL enforces policy at the retrieval layer — before sensitive data enters any agent's context window.

Policy enforced at retrieval time Immutable audit log Hot-reload without restarts 12 industries PIL Score — governance health index
The governance gap

Built for humans.
Broken for agents.

"Most enterprise data governance frameworks were designed for humans querying data. Autonomous agents operate at a fundamentally different speed and scale — and the governance tools have to catch up."

  • Agents can make thousands of retrieval calls per minute — manual review doesn't scale
  • Traditional access controls sit at the application layer, not at the data retrieval layer
  • Multi-agent pipelines blur role boundaries — one agent's context becomes another's input
  • Existing audit logs capture queries, not policy-evaluated retrieval decisions with reasons
  • Compliance teams can't reconstruct what data an agent actually used in a decision

Without retrieval-layer enforcement

  • Agent accesses PII it wasn't intended to see
  • No audit record of what data shaped the decision
  • Cross-agent data leakage with no isolation boundary
  • Policy changes require code deploys and restarts
  • Regulators get a query log, not an enforcement log

With AutoPIL

  • Every retrieval evaluated against YAML policy before it executes
  • Immutable log of every decision, policy matched, and reason
  • Strict cross-agent isolation — no shared context windows
  • Hot-reload policies in milliseconds, no restarts
  • Regulator-ready audit trail, exportable on demand
Governance capabilities

Four pillars that give your
compliance team confidence

Each capability is independently useful. Together they give CDAOs the full picture of what every agent accessed, what was blocked, and why.

🔒
Policy enforcement at the retrieval layer
YAML-based policies define exactly which data sources each agent role may access, with sensitivity ceilings, allowlists, and denylists. Each role can also carry a session_ttl_minutes — so a fraud investigator session expires in 60 minutes while a market data analyst runs for 8 hours. A sensitivity_decay schedule tightens the effective ceiling as sessions age, without any operator action. Deny by default. Every retrieval attempt is evaluated before the data is returned — not after the agent has already seen it.
policies/
📋
Immutable audit trail
Every retrieval attempt generates an audit event: the agent role, the data source requested, the decision (ALLOW or DENY), the exact policy matched, the reason text, a hash of the context, and a nanosecond-precision timestamp. Every session revocation records a typed reason — fraud_detected, admin_action, policy_violation — with an exact timestamp. Append-only. No delete API. Cryptographically chained. Your compliance team can present this log to regulators without preparation.
audit_events
🔔
Real-time alerting
Define threshold rules that fire when deny rates spike, when an agent accesses a data source for the first time, or when cross-agent isolation boundaries are breached. Alerts are delivered via webhook or email with configurable cooldowns to prevent alert fatigue. You know about a potential violation before the next retrieval happens, not after a quarterly audit.
AlertEngine
🔄
Policy lifecycle management
Full CRUD for policies via REST API with version history on every change. Who changed what, and when — preserved automatically. Roll back a policy in one API call. Policies are stored as YAML files in your repository, so they go through the same code review and change management process as any other production configuration. Hot-reload propagates to all running agents in milliseconds.
POST /v1/policies
Audit and alerting API

The audit trail your regulators
actually want to see

Every enforcement decision is queryable. Filter by agent role, decision type, time window, or data source. Set alert thresholds that page your team before a violation becomes a compliance incident.

Query the audit log 
# What did loan_underwriter access this week?
curl "https://api.autopil.ai/v1/audit/events\
  ?agent_role=loan_underwriter\
  &since=2026-03-21\
  &limit=100" \
  -H "X-API-Key: apl_yourkey"

# Response
[
  {
    "event_id":     "evt_abc123",
    "agent_role":   "loan_underwriter",
    "source_id":    "credit_scores",
    "decision":     "ALLOW",
    "policy_name":  "loan_underwriter_policy",
    "reason":       "source in allowlist",
    "context_hash": "sha256:7f4a...",
    "timestamp":    "2026-03-26T14:22:01Z"
  }
]
Export for regulators 
# Export last 30 days as CSV
curl "https://api.autopil.ai/v1/audit/export\
  ?format=csv\
  &since=2026-03-01\
  &until=2026-03-31" \
  -H "X-API-Key: apl_yourkey" \
  -o audit_march_2026.csv
Set an alert rule 
# Alert if deny rate exceeds 20%
# in any 10-minute window
curl -X POST \
  "https://api.autopil.ai/v1/alerts/rules" \
  -H "X-API-Key: apl_yourkey" \
  -d '{
    "rule_type":       "high_deny_rate",
    "threshold":       0.20,
    "window_minutes":  10,
    "notify_url":
      "https://hooks.slack.com/..."
  }'
Alert on first access 
# Alert when any agent first accesses
# a source it hasn't touched before
curl -X POST \
  "https://api.autopil.ai/v1/alerts/rules" \
  -H "X-API-Key: apl_yourkey" \
  -d '{
    "rule_type":  "new_source_access",
    "notify_url":
      "https://hooks.slack.com/...",
    "cooldown_minutes": 60
  }'
Regulatory readiness

Questions your regulators will ask.
Answers AutoPIL makes easy.

When your AI agents are operating across sensitive data in regulated environments, the audit conversation is inevitable. Here is what that conversation looks like with AutoPIL in place.

Q Which data sources did your AI agents access during the quarter?
A Every retrieval attempt is logged with the exact source ID, agent role, and timestamp. Export the audit log filtered by date range and data source — the full picture is in one CSV, not reconstructed from application logs.
Q How do you ensure your agents can't access customer PII they aren't authorized for?
A Policies define explicit allowlists and sensitivity ceilings per agent role. AutoPIL evaluates every retrieval request against the active policy before returning data. A DENY is logged with the policy name and reason — the data never enters the agent's context window.
Q If we change an access policy today, how do we know it's in effect across all running agents?
A Policy updates propagate to all running agents in milliseconds via hot-reload — no service restarts required. The version history records who made the change, what changed, and when. You can verify propagation by querying the active policy version across your fleet.
Q How do you prevent one AI agent's outputs from leaking into another agent's context?
A AutoPIL enforces strict cross-agent isolation at the retrieval layer. Each agent role has its own policy and its own context boundary. Multi-agent pipelines pass structured outputs, not raw data contexts. Isolation violations trigger real-time alerts.
Q Can you demonstrate that your audit log hasn't been tampered with?
A The audit log is append-only. There is no delete API. Every event includes a context hash and nanosecond-precision timestamp. The storage layer (Postgres in production) is configured without truncation permissions for the AutoPIL service account. Tampering would require database-level access outside the application.
Q When our board asks whether our AI governance controls are actually working — what's our answer?
A AutoPIL computes a PIL Score — a 0–100 governance health index updated continuously from your live audit activity. It measures five dimensions: whether agents are staying within their data boundaries (Scope Integrity), whether every retrieval is covered by a registered agent and policy (Governance Coverage), whether cross-agent isolation boundaries are holding (Isolation Safety), whether accessed sources are formally registered (Source Registration), and whether governance is improving or declining over time (Trend). The score, its band (Governed / Monitored / At Risk / Critical), and a 30-day sparkline are visible in the dashboard and queryable via API — ready for a board slide or a regulatory briefing without any additional preparation.
Governance health

Know your governance posture
in a single number.

Every enforcement decision your agents make — every ALLOW, every DENY, every policy match — feeds into a continuously updated PIL Score. A composite 0–100 index that tells you, at a glance, whether your AI governance controls are holding.

Governance bands
85+
Governed
Agents operating fully within policy. Controls are effective. Board-ready posture.
65+
Monitored
Acceptable posture with gaps to close. Component breakdown shows exactly where.
40+
At Risk
Material gaps in enforcement. Immediate attention required before a compliance incident.
<40
Critical
Governance controls are failing. Significant unregistered agents, isolation violations, or policy coverage gaps.
Five components — what drives the score
Scope Integrity 35%
Are agents staying within their data boundaries? Penalizes denials weighted by sensitivity — critical violations count 8× a low-sensitivity miss.
Governance Coverage 25%
Is every agent registered and operating under a named policy? Unregistered agents and ungoverned retrievals reduce this score.
Isolation Safety 20%
Are cross-agent session boundaries holding? Steep decay on isolation violations — one breach drops this component to 50%, three or more zeroes it out.
Source Registration 10%
Are the data sources agents are accessing formally registered and governed? Unregistered sources indicate shadow data access.
Trend 10%
Is governance improving? Compares the current 30-day base score against the prior period. Boards want a trajectory, not just a snapshot.
Board and regulator reporting

The PIL Score is queryable via REST API. Pull it into your board reporting dashboard, your GRC platform, or your weekly governance review — no manual aggregation required. The component breakdown tells your compliance team exactly where to focus remediation effort.

GET /v1/audit/pil-score 200 OK 
{
  "overall":    87,
  "band":       "Governed",
  "base_score": 82.4,
  "components": {
    "scope_integrity":     91.2,
    "governance_coverage": 88.0,
    "isolation_safety":    100.0,
    "source_registration": 75.0,
    "trend":               100.0
  },
  "events_analyzed": 1 842,
  "lookback_days":   30
}
Industry and compliance coverage

12 industries.
125 pre-built policies.

AutoPIL ships with production-ready policy YAML files covering the data access patterns your compliance team already recognizes. Adapt them or use them as-is — the enforcement engine doesn't care where the YAML came from.

Financial Services
SOX · GLBA · FINRA · Basel III
Roles: underwriter, credit analyst, risk officer
Healthcare
HIPAA · HITECH · 21 CFR Part 11
Roles: clinical agent, records manager, billing agent
Insurance
NAIC · GDPR · state insurance regulations
Roles: underwriter, claims adjuster, fraud agent
Telecom
CPNI · TCPA · FCC Part 64
Roles: network agent, billing analyst, fraud detector
Pharmacy
DEA · PDMP · FDA 21 CFR · HIPAA
Roles: dispensing agent, clinical reviewer, audit agent
Public Sector
FISMA · FedRAMP · FOIA · NIST 800-53
Roles: citizen services, records manager, procurement agent
SOX GDPR HIPAA CPNI CCPA GLBA FINRA NAIC DEA Schedule FISMA FedRAMP FOIA HITECH 21 CFR Part 11 NIST 800-53

Start a conversation about your governance architecture

Self-hosted. No vendor lock-in. Bring your own data, your own policies, your own audit storage.

Get in touch Browse industries →