Start Free Trial
For CDAOs and Data Governance Leaders

Governance that keeps
pace with agentic AI

Your existing data governance frameworks were built for humans querying data. Autonomous agents operate at a fundamentally different speed and scale. AutoPIL enforces policy at the retrieval layer — before sensitive data enters any agent's context window.

Policy enforced at retrieval time Immutable audit log Hot-reload without restarts 12 industries PIL Score — governance health index
The governance gap

Built for humans.
Broken for agents.

"Most enterprise data governance frameworks were designed for humans querying data. Autonomous agents operate at a fundamentally different speed and scale — and the governance tools have to catch up."

  • Agents can make thousands of retrieval calls per minute — manual review doesn't scale
  • Traditional access controls sit at the application layer, not at the data retrieval layer
  • Multi-agent pipelines blur role boundaries — one agent's context becomes another's input
  • Existing audit logs capture queries, not policy-evaluated retrieval decisions with reasons
  • Compliance teams can't reconstruct what data an agent actually used in a decision

Without retrieval-layer enforcement

  • Agent accesses PII it wasn't intended to see
  • No audit record of what data shaped the decision
  • Cross-agent data leakage with no isolation boundary
  • Policy changes require code deploys and restarts
  • Regulators get a query log, not an enforcement log

With AutoPIL

  • Every retrieval evaluated against YAML policy before it executes
  • Immutable log of every decision, policy matched, and reason
  • Strict cross-agent isolation — no shared context windows
  • Hot-reload policies in milliseconds, no restarts
  • Regulator-ready audit trail, exportable on demand
Governance capabilities

Four pillars that give your
compliance team confidence

Each capability is independently useful. Together they give CDAOs the full picture of what every agent accessed, what was blocked, and why.

🔒
Policy enforcement at the retrieval layer
YAML-based policies define exactly which data sources each agent role may access, with sensitivity ceilings, allowlists, and denylists. Each role can also carry a session_ttl_minutes — so a fraud investigator session expires in 60 minutes while a market data analyst runs for 8 hours. A sensitivity_decay schedule tightens the effective ceiling as sessions age, without any operator action. Deny by default. Every retrieval attempt is evaluated before the data is returned — not after the agent has already seen it.
policies/
📋
Immutable audit trail
Every retrieval attempt generates an audit event: the agent role, the data source requested, the decision (ALLOW or DENY), the exact policy matched, the reason text, a hash of the context, and a nanosecond-precision timestamp. Every session revocation records a typed reason — fraud_detected, admin_action, policy_violation — with an exact timestamp. Append-only. No delete API. Cryptographically chained. Your compliance team can present this log to regulators without preparation.
audit_events
🔔
Real-time alerting
Define threshold rules that fire when deny rates spike, when an agent accesses a data source for the first time, or when cross-agent isolation boundaries are breached. Alerts are delivered via webhook or email with configurable cooldowns to prevent alert fatigue. You know about a potential violation before the next retrieval happens, not after a quarterly audit.
AlertEngine
🔄
Policy lifecycle management
Full CRUD for policies via REST API with version history on every change. Who changed what, and when — preserved automatically. Roll back a policy in one API call. Policies are stored as YAML files in your repository, so they go through the same code review and change management process as any other production configuration. Hot-reload propagates to all running agents in milliseconds.
POST /v1/policies
Audit and alerting API

The audit trail your regulators
actually want to see

Every enforcement decision is queryable. Filter by agent role, decision type, time window, or data source. Set alert thresholds that page your team before a violation becomes a compliance incident.

Query the audit log 
# What did loan_underwriter access this week?
curl "https://api.autopil.ai/v1/audit/events\
  ?agent_role=loan_underwriter\
  &since=2026-03-21\
  &limit=100" \
  -H "X-API-Key: apl_yourkey"

# Response
[
  {
    "event_id":     "evt_abc123",
    "agent_role":   "loan_underwriter",
    "source_id":    "credit_scores",
    "decision":     "ALLOW",
    "policy_name":  "loan_underwriter_policy",
    "reason":       "source in allowlist",
    "context_hash": "sha256:7f4a...",
    "timestamp":    "2026-03-26T14:22:01Z"
  }
]
Export for regulators 
# Export last 30 days as CSV
curl "https://api.autopil.ai/v1/audit/export\
  ?format=csv\
  &since=2026-03-01\
  &until=2026-03-31" \
  -H "X-API-Key: apl_yourkey" \
  -o audit_march_2026.csv
Set an alert rule 
# Alert if deny rate exceeds 20%
# in any 10-minute window
curl -X POST \
  "https://api.autopil.ai/v1/alerts/rules" \
  -H "X-API-Key: apl_yourkey" \
  -d '{
    "rule_type":       "high_deny_rate",
    "threshold":       0.20,
    "window_minutes":  10,
    "notify_url":
      "https://hooks.slack.com/..."
  }'
Alert on first access 
# Alert when any agent first accesses
# a source it hasn't touched before
curl -X POST \
  "https://api.autopil.ai/v1/alerts/rules" \
  -H "X-API-Key: apl_yourkey" \
  -d '{
    "rule_type":  "new_source_access",
    "notify_url":
      "https://hooks.slack.com/...",
    "cooldown_minutes": 60
  }'
Regulatory readiness

Questions your regulators will ask.
Answers AutoPIL makes easy.

When your AI agents are operating across sensitive data in regulated environments, the audit conversation is inevitable. Here is what that conversation looks like with AutoPIL in place.

Q Which data sources did your AI agents access during the quarter?
A Every retrieval attempt is logged with the exact source ID, agent role, and timestamp. Export the audit log filtered by date range and data source — the full picture is in one CSV, not reconstructed from application logs.
Q How do you ensure your agents can't access customer PII they aren't authorized for?
A Policies define explicit allowlists and sensitivity ceilings per agent role. AutoPIL evaluates every retrieval request against the active policy before returning data. A DENY is logged with the policy name and reason — the data never enters the agent's context window.
Q If we change an access policy today, how do we know it's in effect across all running agents?
A Policy updates propagate to all running agents in milliseconds via hot-reload — no service restarts required. The version history records who made the change, what changed, and when. You can verify propagation by querying the active policy version across your fleet.
Q How do you prevent one AI agent's outputs from leaking into another agent's context?
A AutoPIL enforces strict cross-agent isolation at the retrieval layer. Each agent role has its own policy and its own context boundary. Multi-agent pipelines pass structured outputs, not raw data contexts. Isolation violations trigger real-time alerts.
Q Can you demonstrate that your audit log hasn't been tampered with?
A The audit log is append-only. There is no delete API. Every event includes a context hash and nanosecond-precision timestamp. The storage layer (Postgres in production) is configured without truncation permissions for the AutoPIL service account. Tampering would require database-level access outside the application.
Q When our board asks whether our AI governance controls are actually working — what's our answer?
A AutoPIL computes a PIL Score — a 0–100 governance health index updated continuously from your live audit activity. It measures five dimensions: whether agents are staying within their data boundaries (Scope Integrity), whether every retrieval is covered by a registered agent and policy (Governance Coverage), whether cross-agent isolation boundaries are holding (Isolation Safety), whether accessed sources are formally registered (Source Registration), and whether governance is improving or declining over time (Trend). The score, its band (Governed / Monitored / At Risk / Critical), and a 30-day sparkline are visible in the dashboard and queryable via API — ready for a board slide or a regulatory briefing without any additional preparation.
Governance health

Know your governance posture
in a single number.

Every enforcement decision your agents make — every ALLOW, every DENY, every policy match — feeds into a continuously updated PIL Score. A composite 0–100 index that tells you, at a glance, whether your AI governance controls are holding.

Governance bands
85+
Governed
Agents operating fully within policy. Controls are effective. Board-ready posture.
65+
Monitored
Acceptable posture with gaps to close. Component breakdown shows exactly where.
40+
At Risk
Material gaps in enforcement. Immediate attention required before a compliance incident.
<40
Critical
Governance controls are failing. Significant unregistered agents, isolation violations, or policy coverage gaps.
Five components — what drives the score
Scope Integrity 35%
Are agents staying within their data boundaries? Penalizes denials weighted by sensitivity — critical violations count 8× a low-sensitivity miss.
Governance Coverage 25%
Is every agent registered and operating under a named policy? Unregistered agents and ungoverned retrievals reduce this score.
Isolation Safety 20%
Are cross-agent session boundaries holding? Steep decay on isolation violations — one breach drops this component to 50%, three or more zeroes it out.
Source Registration 10%
Are the data sources agents are accessing formally registered and governed? Unregistered sources indicate shadow data access.
Trend 10%
Is governance improving? Compares the current 30-day base score against the prior period. Boards want a trajectory, not just a snapshot.
Board and regulator reporting

The PIL Score is queryable via REST API. Pull it into your board reporting dashboard, your GRC platform, or your weekly governance review — no manual aggregation required. The component breakdown tells your compliance team exactly where to focus remediation effort.

GET /v1/audit/pil-score 200 OK 
{
  "overall":    87,
  "band":       "Governed",
  "base_score": 82.4,
  "components": {
    "scope_integrity":     91.2,
    "governance_coverage": 88.0,
    "isolation_safety":    100.0,
    "source_registration": 75.0,
    "trend":               100.0
  },
  "events_analyzed": 1 842,
  "lookback_days":   30
}
Catalog integrations

The governance stack
you already have.

AutoPIL syncs policy metadata from the catalogs your team already runs. No reclassification. No duplicate taxonomy. The policies you defined in your catalog are the policies AutoPIL enforces at the agent retrieval layer — and the classification quality your catalog maintains feeds directly into your PIL Score's Scope Integrity and Source Registration components.

Databricks Unity Catalog Available
Databricks
AutoPIL reads Column-level sensitivity tags, attribute-based access policies, certified asset lists, and row-level security rules. Maps directly to AutoPIL's retrieval policy engine.
Iceberg REST API · Managed MCP server
Collibra Available
Collibra
AutoPIL reads Data classification matches, sensitivity labels, certified asset status, and governance policy metadata. Closes the loop by pushing enforcement events back to Collibra lineage.
REST API · CHIP MCP server
Alation Available
Alation
AutoPIL reads Data trust scores, sensitivity tags, governance flags, and data domain policies. Alation's AI Agent SDK provides a native MCP surface for real-time classification queries.
REST API · Alation AI Agent SDK (MCP)
Microsoft Purview Available
Microsoft
AutoPIL reads M365 sensitivity labels, data classification results, and DSPM policy assignments. If your enterprise runs Azure, Purview labels are already attached to your data — AutoPIL enforces them at agent retrieval with no new taxonomy work.
Microsoft Graph API · Purview REST API
Informatica IDMC Available
Informatica · Salesforce
AutoPIL reads CLAIRE-driven data classifications, sensitivity metadata, and data quality scores from Informatica's Intelligent Data Management Cloud. Relevant for the 80+ Fortune 100 companies running Informatica.
IDMC REST API
Immuta Available
Immuta
AutoPIL reads Attribute-based policy definitions and data entitlement rules from Immuta's policy engine. Immuta governs at the platform query layer — AutoPIL extends that governance to the agent context retrieval layer.
Immuta Policy API
DataHub Available
Acryl Data
AutoPIL reads Glossary terms, sensitivity tags, and data domain classifications from DataHub OSS and DataHub Cloud. Maps metadata governance to AutoPIL retrieval policy enforcement in real time.
GraphQL API
Apache Polaris Available
Apache Software Foundation
AutoPIL reads Table-level sensitivity properties and data classifications from Apache Polaris, the open Iceberg REST catalog standard. Compatible with Polaris OSS and Snowflake Open Catalog. Same Iceberg REST spec as Unity Catalog.
Iceberg REST API
Snowflake Horizon Coming Soon
Snowflake
AutoPIL reads Native sensitivity classification, object tags, and data quality metrics from Snowflake Horizon. Enforces governance defined inside Snowflake at the agent retrieval layer — no reclassification needed.
Snowflake REST API
Ataccama ONE Coming Soon
Ataccama
AutoPIL reads Sensitivity classifications, data quality scores, and governance metadata from Ataccama ONE. Strong fit for financial services and insurance enterprises that run Ataccama for MDM and data governance.
Ataccama REST API
AWS Glue + Lake Formation Coming Soon
Amazon Web Services
AutoPIL reads Column-level sensitivity tags, Lake Formation data access policies, and Glue Data Catalog classifications. Extends AWS-native governance to agent retrieval enforcement without additional tooling.
AWS Glue API · Lake Formation API
Atlan Coming Soon
Atlan
AutoPIL reads Asset classifications, sensitivity labels, and governance metadata from Atlan's modern data catalog. Native MCP server integration enables real-time classification queries at evaluation time.
Atlan MCP Server · REST API
What the enforcement layer does

Four things catalogs
can't do at agent runtime.

Data catalogs are authoritative on what the policy is. AutoPIL is authoritative on whether it was enforced — at the moment it matters, in a format regulators can actually audit.

01
Retrieval interception across any framework
AutoPIL wraps the retrieval call — not the application, not the model, not the query. A LangChain retriever, a LlamaIndex query engine, an MCP tool call, a raw REST request — all intercepted at the same point, all evaluated against the same policy. No framework-specific rework.
02
Context-window governance, not query-level access control
Traditional IAM controls who can run a query. AutoPIL controls what data actually enters the context window after the query runs. A document that passes access control can still be restricted at the context assembly layer — by role, by jurisdiction, by data classification, by time of day.
03
Hot-reload without restarts
Policy changes in your catalog propagate to AutoPIL's enforcement engine in milliseconds. No code deploys. No agent restarts. Regulators impose a new data residency requirement — your agents are compliant before the day ends, not after your next release cycle.
04
An enforcement log, not just a query log
Your catalog logs what changed. Your database logs what was queried. AutoPIL logs what data entered an agent's context, which policy evaluated it, what the decision was, and why — with a context hash and nanosecond timestamp. That is the record a regulator actually needs.
Industry and compliance coverage

12 industries.
135 pre-built policies.

AutoPIL ships with production-ready policy YAML files covering the data access patterns your compliance team already recognizes. Adapt them or use them as-is — the enforcement engine doesn't care where the YAML came from.

Financial Services
SOX · GLBA · FINRA · Basel III
Roles: underwriter, credit analyst, risk officer
Healthcare
HIPAA · HITECH · 21 CFR Part 11
Roles: clinical agent, records manager, billing agent
Insurance
NAIC · GDPR · state insurance regulations
Roles: underwriter, claims adjuster, fraud agent
Telecom
CPNI · TCPA · FCC Part 64
Roles: network agent, billing analyst, fraud detector
Pharmacy
DEA · PDMP · FDA 21 CFR · HIPAA
Roles: dispensing agent, clinical reviewer, audit agent
Public Sector
FISMA · FedRAMP · FOIA · NIST 800-53
Roles: citizen services, records manager, procurement agent
SOX GDPR HIPAA CPNI CCPA GLBA FINRA NAIC DEA Schedule FISMA FedRAMP FOIA HITECH 21 CFR Part 11 NIST 800-53

Start a conversation about your governance architecture

Self-hosted. No vendor lock-in. Bring your own data, your own policies, your own audit storage.

Get in touch Browse industries →