AgentCloak developer overview

AgentCloak uses a tuned data leak protection AI. The AgentCloak AI detects individuals in a prompt, text, or data and detects their corresponding protected data such as:

• Name
• Age
• Weight
• Gender
• Location
• Medical terms
• Financial information

Protected values are replaced customizable placeholders such as:

• Hash such as Joseph -> FS33f!234#1
• Token such as 1234-4567-8901-2345 -> 2345-6432-1245-1235
• Mask such as Peter -> P****

AgentCloak uses next generation, AI-powered data generalization to generalize personal and health data. Unlike previous generations of protected data solutions, AgentCloak’s trained AI has a deep understanding of protected data tiers and can for example generalize an address into a city, state/province, country, or region. Examples of AI-powered data generalization include:

• Age 34 -> Age 30-39
• Weight 175lb -> Weight 170-189lb
• Headache -> Minor neurological condition
• Berlin -> Germany

AgentCloak maintains a secure digital twin to maintain the connection between cloaked and uncloaked data.

• Digital twin is fully isolated from the target AI agent.
• Digital twin fields are uncloaked when data is returned to the client.
• Fully customizable schema supports multiple field types and blobs.

For end-to-end AI data protection, AgentCloak can be invoked from an agent client for data leak prevention and/or invoked from an agent server for data loss prevention.

AgentCloak can maintain memory and context history for long running agent interactions.

• Can attach context history with cloaked values to subsequent agent calls.
• Can reference context history to uncloak agent server responses.

AgentCloak uses deep identity technology that can examine OAuth claims.

• Different cloaking settings can be applied based on different OAuth JWT roles.
• OAuth JWT claims containing PII such as email address can be rewritten on the fly to protect identity data from AI servers.

AgentCloak can cloak protected data before training an LLM or loading into a RAG vector database.

• Fits into existing workflows with Web Services Proxy and integration with ETL tools.
• Creates digital twins as part of loading process.
• Can uncloak data with authorization when data is used downstream by users and agents.

AgentCloak Cross-Border uses InCountry Data Residency to fully isolate PII, PHI, PFI within a country and compliantly extends a global AI into any country.

• Protected data always stays within a country.
• MCP, A2A, and web services proxies are available in numerous countries worldwide.

The AgentCloak solution is fully sovereign and provides:

• Sovereign AI cloaking and uncloaking.
• Sovereign digital twins that are fully managed in Sovereign clouds or on-premises.

AgentCloak Cross-Border uses the most effective and regulator friendly Sovereign AI in each country, along with InCountry Data Residency to ensure complete data isolation.

AgentCloak can invoke the local Sovereign AI to intelligently combine global responses such as customer service articles with local protected data that is isolated to the digital twin in the country.

AgentCloak uses the InCountry Data Residency Email proxy to isolate email addresses for global AI agents that interact with email. The proxy can automatically cloak and uncloak protected email data, and even cloak the source email address and proxy email sent to the target country.

AgentCloak’s Portal provides an easy-to-use interface to setup cloaks for agents.

• Setup MCP Servers, MCP Proxies, and A2A Proxies.
• Define cloak settings and fields.
• Setup different cloak settings for different roles from identity servers.

The simplest way to get started is to invoke AgentCloak as an MCP Server with Cloak and Uncloak tools.