Start Free Trial
Why AutoPIL

Your catalog defines governance.
Nothing enforces it.

Collibra, Databricks Unity Catalog, Alation, Purview — your team has spent years classifying data and defining policy. The moment an AI agent retrieves that data, none of it applies. AutoPIL closes that gap.

Without AutoPIL
Data catalog Classifications defined. Sensitivity labels assigned. Policies documented.
↓ sync stops here
no retrieval-layer enforcement
↓ unguarded
Agent retrieves data LangChain, LlamaIndex, OpenAI Agents, MCP — policy-blind by default. Whatever matches the query enters the context window.
↓ no audit record
Agent makes a decision Compliance team can reconstruct the query. They cannot reconstruct what data shaped the answer.
With AutoPIL
Data catalog Classifications, sensitivity labels, and access policies — already defined, already authoritative.
↓ policy sync via REST / MCP
AutoPIL policy engine Inherits your catalog's classifications. Enforces them in milliseconds at retrieval time — no reclassification, no duplicate work.
↓ evaluated before context assembly
Agent retrieves governed data Every retrieval call evaluated against policy. Violations blocked or redacted before they reach the context window.
↓ append-only audit
Enforcement log Every decision recorded with policy matched, reason, and context hash. Regulator-ready on demand.
↓ continuous measurement
PIL Score A 0–100 governance health index updated daily from your audit activity. Governed, Monitored, At Risk, Critical. The answer your board is asking for — without a quarterly review cycle.
Catalog integrations

The governance stack
you already have.

AutoPIL syncs policy metadata from the catalogs your team already runs. No reclassification. No duplicate taxonomy. The policies you defined in your catalog are the policies AutoPIL enforces at the agent retrieval layer — and the classification quality your catalog maintains feeds directly into your PIL Score's Scope Integrity and Source Registration components.

Databricks Unity Catalog Available
Databricks
AutoPIL reads Column-level sensitivity tags, attribute-based access policies, certified asset lists, and row-level security rules. Maps directly to AutoPIL's retrieval policy engine.
Iceberg REST API · Managed MCP server
Collibra Available
Collibra
AutoPIL reads Data classification matches, sensitivity labels, certified asset status, and governance policy metadata. Closes the loop by pushing enforcement events back to Collibra lineage.
REST API · CHIP MCP server
Alation Available
Alation
AutoPIL reads Data trust scores, sensitivity tags, governance flags, and data domain policies. Alation's AI Agent SDK provides a native MCP surface for real-time classification queries.
REST API · Alation AI Agent SDK (MCP)
Microsoft Purview Available
Microsoft
AutoPIL reads M365 sensitivity labels, data classification results, and DSPM policy assignments. If your enterprise runs Azure, Purview labels are already attached to your data — AutoPIL enforces them at agent retrieval with no new taxonomy work.
Microsoft Graph API · Purview REST API
Informatica IDMC Available
Informatica · Salesforce
AutoPIL reads CLAIRE-driven data classifications, sensitivity metadata, and data quality scores from Informatica's Intelligent Data Management Cloud. Relevant for the 80+ Fortune 100 companies running Informatica.
IDMC REST API
Immuta Available
Immuta
AutoPIL reads Attribute-based policy definitions and data entitlement rules from Immuta's policy engine. Immuta governs at the platform query layer — AutoPIL extends that governance to the agent context retrieval layer.
Immuta Policy API
DataHub Available
Acryl Data
AutoPIL reads Glossary terms, sensitivity tags, and data domain classifications from DataHub OSS and DataHub Cloud. Maps metadata governance to AutoPIL retrieval policy enforcement in real time.
GraphQL API
Apache Polaris Available
Apache Software Foundation
AutoPIL reads Table-level sensitivity properties and data classifications from Apache Polaris, the open Iceberg REST catalog standard. Compatible with Polaris OSS and Snowflake Open Catalog. Same Iceberg REST spec as Unity Catalog.
Iceberg REST API
Snowflake Horizon Coming Soon
Snowflake
AutoPIL reads Native sensitivity classification, object tags, and data quality metrics from Snowflake Horizon. Enforces governance defined inside Snowflake at the agent retrieval layer — no reclassification needed.
Snowflake REST API
Ataccama ONE Coming Soon
Ataccama
AutoPIL reads Sensitivity classifications, data quality scores, and governance metadata from Ataccama ONE. Strong fit for financial services and insurance enterprises that run Ataccama for MDM and data governance.
Ataccama REST API
AWS Glue + Lake Formation Coming Soon
Amazon Web Services
AutoPIL reads Column-level sensitivity tags, Lake Formation data access policies, and Glue Data Catalog classifications. Extends AWS-native governance to agent retrieval enforcement without additional tooling.
AWS Glue API · Lake Formation API
Atlan Coming Soon
Atlan
AutoPIL reads Asset classifications, sensitivity labels, and governance metadata from Atlan's modern data catalog. Native MCP server integration enables real-time classification queries at evaluation time.
Atlan MCP Server · REST API
How it fits

One enforcement layer.
Every framework. Every catalog.

AutoPIL sits between your catalog governance and your agent frameworks. Policy flows in from the catalog. Enforcement decisions flow out to the audit log. Agents never need to know governance exists.

Policy sources (catalogs)
Databricks Unity Catalog
Collibra
Alation
Microsoft Purview
Informatica IDMC
Immuta
DataHub
Apache Polaris
Snowflake Horizon (coming soon)
Ataccama ONE (coming soon)
AWS Glue + Lake Formation (coming soon)
Atlan (coming soon)
Sync mechanism
REST API (batch sync)
MCP server (real-time)
Webhook (event-driven)
AutoPIL
Policy Engine
↑ sync ↓ enforce
Evaluates every
retrieval call against
catalog-sourced policy
↓ audit
Append-only log
Agent frameworks (enforced)
MCP (Model Context Protocol)
LangChain
LlamaIndex
OpenAI Agents SDK
Gemini · AWS Bedrock
Python decorator · REST · ASGI
What agents never see
Restricted context (blocked)
PII fields (redacted)
Cross-agent context leakage
What the enforcement layer does

Four things catalogs
can't do at agent runtime.

Data catalogs are authoritative on what the policy is. AutoPIL is authoritative on whether it was enforced — at the moment it matters, in a format regulators can actually audit.

01
Retrieval interception across any framework
AutoPIL wraps the retrieval call — not the application, not the model, not the query. A LangChain retriever, a LlamaIndex query engine, an MCP tool call, a raw REST request — all intercepted at the same point, all evaluated against the same policy. No framework-specific rework.
02
Context-window governance, not query-level access control
Traditional IAM controls who can run a query. AutoPIL controls what data actually enters the context window after the query runs. A document that passes access control can still be restricted at the context assembly layer — by role, by jurisdiction, by data classification, by time of day.
03
Hot-reload without restarts
Policy changes in your catalog propagate to AutoPIL's enforcement engine in milliseconds. No code deploys. No agent restarts. Regulators impose a new data residency requirement — your agents are compliant before the day ends, not after your next release cycle.
04
An enforcement log, not just a query log
Your catalog logs what changed. Your database logs what was queried. AutoPIL logs what data entered an agent's context, which policy evaluated it, what the decision was, and why — with a context hash and nanosecond timestamp. That is the record a regulator actually needs.
Alternatives

Where other approaches
stop short.

Most tools govern data before agents exist or after they've already run. AutoPIL is the enforcement point in between — at the moment of retrieval, before context is assembled.

Approach Governs at Enforces at retrieval Framework-agnostic AutoPIL
Data catalog
Collibra, Alation, Purview		 Metadata & classification layer No No Yes — extends catalog policy into enforcement
IAM / RBAC
AWS IAM, Azure RBAC, Okta		 Identity & query access No No Yes — operates after IAM, at context assembly
Output filters
LLM guardrails, response scanning		 Model response layer No Partial Yes — blocks before data enters context, not after
Prompt guards
Input sanitization, injection detection		 User input layer No Partial Yes — governs data retrieval, not prompt text
Vector DB permissions
Pinecone namespaces, Weaviate RBAC		 Single store, at query time Partial No Yes — cross-store, cross-framework, policy-consistent
Platform-native governance
Databricks Unity Catalog policies		 Data platform query layer Partial No Yes — extends platform policy to any agent framework

You've defined the policies.
Let's make them enforceable.

Tell us what catalog you're running. We'll show you exactly how AutoPIL extends it to your agent stack — without reclassification, without rework.

Get in touch See the CDAO view → How it works →