AgentCloak developer overview
AgentCloak helps MCP and A2A agent developers and deployers fully isolate protected data from AI clients and AI servers
AgentCloak seamlessly integrates into agentic flows as an MCP Server, MCP Proxy, A2A Proxy, or APIs.
Configure cloaking settings and deploy as multi-tenant in numerous countries, single tenant in any cloud, AWS Outposts, or on-premises.
Proven technology to comply with EU AI Act data minimization requirements and Sovereign AI cross-border regulations.
Architecture
AgentCloak protects AI agent data with tuned AI cloaking
- Integrates seamlessly as an MCP Server, MCP proxy, A2A proxy, or with existing web services.
- Tuned AI individualizes participants and generalizes, tokenizes, hashes, and masks protected data from either client or server.
- Maintain a secure digital twin with custom schemas governed by identity context from identity servers and tokens.

Features
- Core features
- Data Cloaking
- Data Generalization
- Digital Twin
- Invoke from Client or Server
- Memory and Context History
- Identity Integration
- Training and RAG
- Cross-Border Sovereign AI
- AgentCloak Cross-Border
- Sovereign AI Integration
- Local Generative AI
- Local Email Integration
- Configuration and Deployment
- Cloaking Configuration
- Agentic Flow Integration
Data Cloaking
AgentCloak uses a tuned data leak protection AI. The AgentCloak AI detects individuals in a prompt, text, or data and detects their corresponding protected data such as:
- Name
- Age
- Weight
- Gender
- Location
- Medical terms
- Financial information
Protected values are replaced customizable placeholders such as:
- Hash such as Joseph -> FS33f!234#1
- Token such as 1234-4567-8901-2345 -> 2345-6432-1245-1235
- Mask such as Peter -> P****

Data Generalization
AgentCloak uses next generation, AI-powered data generalization to generalize personal and health data. Unlike previous generations of protected data solutions, AgentCloak’s trained AI has a deep understanding of protected data tiers and can for example generalize an address into a city, state/province, country, or region. Examples of AI-powered data generalization include:
- Age 34 -> Age 30-39
- Weight 175lb -> Weight 170-189lb
- Headache -> Minor neurological condition
- Berlin -> Germany

Digital Twin
AgentCloak maintains a secure digital twin to maintain the connection between cloaked and uncloaked data.
- Digital twin is fully isolated from the target AI agent.
- Digital twin fields are uncloaked when data is returned to the client.
- Fully customizable schema supports multiple field types and blobs.

Invoke from Client or Server
For end-to-end AI data protection, AgentCloak can be invoked from an agent client for data leak prevention and/or invoked from an agent server for data loss prevention.

Memory and Context History
AgentCloak can maintain memory and context history for long running agent interactions.
- Can attach context history with cloaked values to subsequent agent calls.
- Can reference context history to uncloak agent server responses.

Identity Integration
AgentCloak uses deep identity technology that can examine OAuth claims.
- Different cloaking settings can be applied based on different OAuth JWT roles.
- OAuth JWT claims containing PII such as email address can be rewritten on the fly to protect identity data from AI servers.

Training and RAG
AgentCloak can cloak protected data before training an LLM or loading into a RAG vector database.
- Fits into existing workflows with Web Services Proxy and integration with ETL tools.
- Creates digital twins as part of loading process.
- Can uncloak data with authorization when data is used downstream by users and agents.

AgentCloak Cross-Border
AgentCloak Cross-Border uses InCountry Data Residency to fully isolate PII, PHI, PFI within a country and compliantly extends a global AI into any country.
- Protected data always stays within a country.
- MCP, A2A, and web services proxies are available in numerous countries worldwide.
The AgentCloak solution is fully sovereign and provides:
- Sovereign AI cloaking and uncloaking.
- Sovereign digital twins that are fully managed in Sovereign clouds or on-premises.

Sovereign AI Integration
AgentCloak Cross-Border uses the most effective and regulator friendly Sovereign AI in each country, along with InCountry Data Residency to ensure complete data isolation.

Sovereign AI’s are very effective at detecting protected data using local dialects and slang. Agentforce can also use the Sovereign AI to translate to and from English and other global languages so the global AI can be more effective and predictable when responding to multiple countries.

Local Generative AI
AgentCloak can invoke the local Sovereign AI to intelligently combine global responses such as customer service articles with local protected data that is isolated to the digital twin in the country.

Local Email Integration
AgentCloak uses the InCountry Data Residency Email proxy to isolate email addresses for global AI agents that interact with email. The proxy can automatically cloak and uncloak protected email data, and even cloak the source email address and proxy email sent to the target country.

Cloaking Configuration
AgentCloak’s Portal provides an easy-to-use interface to setup cloaks for agents.
- Setup MCP Servers, MCP Proxies, and A2A Proxies.
- Define cloak settings and fields.
- Setup different cloak settings for different roles from identity servers.

Agentic Flow Integration
The simplest way to get started is to invoke AgentCloak as an MCP Server with Cloak and Uncloak tools.

For more sophisticated implementations, AgentCloak can proxy agentic flows such as MCP and A2A and seamlessly cloak and uncloak protected data. The AgentCloak proxy is compatible with API and MCP gateways. AgentCoak can protect data for human user interfaces, AI agents, and training data flows.
