AgentCloak developer overview

Advanced data protection for MCP and A2A AI agents.

AgentCloak helps MCP and A2A agent developers and deployers fully isolate protected data from AI clients and AI servers

 Easy to integrate
Easy to integrate

AgentCloak seamlessly integrates into agentic flows as an MCP Server, MCP Proxy, A2A Proxy, or APIs.

 Easy to deploy
Easy to deploy

Configure cloaking settings and deploy as multi-tenant in numerous countries, single tenant in any cloud, AWS Outposts, or on-premises.

 Easy to comply
Easy to comply

Proven technology to comply with EU AI Act data minimization requirements and Sovereign AI cross-border regulations.

Architecture

AgentCloak protects AI agent data with tuned AI cloaking

  • Integrates seamlessly as an MCP Server, MCP proxy, A2A proxy, or with existing web services.
  • Tuned AI individualizes participants and generalizes, tokenizes, hashes, and masks protected data from either client or server.
  • Maintain a secure digital twin with custom schemas governed by identity context from identity servers and tokens.
Architecture

Features

  • Core features
  • Cross-Border Sovereign AI
  • Configuration and Deployment

Data Cloaking

AgentCloak uses a tuned data leak protection AI. The AgentCloak AI detects individuals in a prompt, text, or data and detects their corresponding protected data such as:

  • Name
  • Age
  • Weight
  • Gender
  • Location
  • Medical terms
  • Financial information

Protected values are replaced customizable placeholders such as:

  • Hash such as Joseph -> FS33f!234#1
  • Token such as 1234-4567-8901-2345 -> 2345-6432-1245-1235
  • Mask such as Peter -> P****
Data Cloaking

Data Generalization

AgentCloak uses next generation, AI-powered data generalization to generalize personal and health data. Unlike previous generations of protected data solutions, AgentCloak’s trained AI has a deep understanding of protected data tiers and can for example generalize an address into a city, state/province, country, or region. Examples of AI-powered data generalization include:

  • Age 34 -> Age 30-39
  • Weight 175lb -> Weight 170-189lb
  • Headache -> Minor neurological condition
  • Berlin -> Germany
Data Generalization

Digital Twin

AgentCloak maintains a secure digital twin to maintain the connection between cloaked and uncloaked data.

  • Digital twin is fully isolated from the target AI agent.
  • Digital twin fields are uncloaked when data is returned to the client.
  • Fully customizable schema supports multiple field types and blobs.
Digital Twin

Invoke from Client or Server

For end-to-end AI data protection, AgentCloak can be invoked from an agent client for data leak prevention and/or invoked from an agent server for data loss prevention.

Invoke from Client or Server

Memory and Context History

AgentCloak can maintain memory and context history for long running agent interactions.

  • Can attach context history with cloaked values to subsequent agent calls.
  • Can reference context history to uncloak agent server responses.
Memory and Context History

Identity Integration

AgentCloak uses deep identity technology that can examine OAuth claims.

  • Different cloaking settings can be applied based on different OAuth JWT roles.
  • OAuth JWT claims containing PII such as email address can be rewritten on the fly to protect identity data from AI servers.
Identity Integration

Training and RAG

AgentCloak can cloak protected data before training an LLM or loading into a RAG vector database.

  • Fits into existing workflows with Web Services Proxy and integration with ETL tools.
  • Creates digital twins as part of loading process.
  • Can uncloak data with authorization when data is used downstream by users and agents.
Training and RAG

AgentCloak Cross-Border

AgentCloak Cross-Border uses InCountry Data Residency to fully isolate PII, PHI, PFI within a country and compliantly extends a global AI into any country.

  • Protected data always stays within a country.
  • MCP, A2A, and web services proxies are available in numerous countries worldwide.

The AgentCloak solution is fully sovereign and provides:

  • Sovereign AI cloaking and uncloaking.
  • Sovereign digital twins that are fully managed in Sovereign clouds or on-premises.
AgentCloak Cross-Border

Sovereign AI Integration

AgentCloak Cross-Border uses the most effective and regulator friendly Sovereign AI in each country, along with InCountry Data Residency to ensure complete data isolation.

Sovereign AI Integration

Sovereign AI’s are very effective at detecting protected data using local dialects and slang. Agentforce can also use the Sovereign AI to translate to and from English and other global languages so the global AI can be more effective and predictable when responding to multiple countries.

Sovereign AI Integration Effectiveness

Local Generative AI

AgentCloak can invoke the local Sovereign AI to intelligently combine global responses such as customer service articles with local protected data that is isolated to the digital twin in the country.

Local Generative AI

Local Email Integration

AgentCloak uses the InCountry Data Residency Email proxy to isolate email addresses for global AI agents that interact with email. The proxy can automatically cloak and uncloak protected email data, and even cloak the source email address and proxy email sent to the target country.

Local Email Integration

Cloaking Configuration

AgentCloak’s Portal provides an easy-to-use interface to setup cloaks for agents.

  • Setup MCP Servers, MCP Proxies, and A2A Proxies.
  • Define cloak settings and fields.
  • Setup different cloak settings for different roles from identity servers.
Cloaking Configuration

Agentic Flow Integration

The simplest way to get started is to invoke AgentCloak as an MCP Server with Cloak and Uncloak tools.

Agentic Flow Integration

For more sophisticated implementations, AgentCloak can proxy agentic flows such as MCP and A2A and seamlessly cloak and uncloak protected data. The AgentCloak proxy is compatible with API and MCP gateways. AgentCoak can protect data for human user interfaces, AI agents, and training data flows.

Agentic Flow Integration Proxy Flows