AegisAI
Contact Book a demo
Enterprise AI control plane

The deterministic gate between your AI and your data.

AegisAI sits between your AI copilots and your SAP, AWS, Azure, and GCP data systems. Every request is identity-propagated, policy-evaluated, parameterised, field-masked, and recorded into a tamper-evident audit chain. Same identity, same intent, same data — same answer, every time.

Book a demo See the architecture
Production-ready v1.0 SAP · AWS · Azure · GCP Fail-closed by default
Who AegisAI is for

One control plane, three audiences.

The same nine-stage pipeline that makes a security team confident makes engineers shippable and an investor's diligence team comfortable.

Security & Compliance

For the CISO, SAP Basis lead, and compliance officer.

  • Identity-propagated SAP authority checks (no service-account sleight of hand).
  • Tamper-evident HMAC audit chain. Recompute the entire chain on demand.
  • Fail-closed defaults. Redis down, Postgres down, JWKS down — deny.

Engineering teams

For the platform team putting AI in front of real systems.

  • FastAPI gateway with pluggable connectors for SAP, AWS, Azure, GCP.
  • Parameterised SafeQuery planner. No string interpolation, ever.
  • OpenTelemetry exporter; structured trace ID across every stage.

Investors & founders

For the diligence call after the demo.

  • v1.0 production-ready, with Phase 1–3 hardening passes documented.
  • SAP, multi-cloud, AI-mediated — at the intersection of three trillion-dollar markets.
  • Architecture, threat model, runbook, and roadmap shipped with the code.
Why now

Your AI copilot already wants the keys to your SAP system.

Generative AI is moving from chat to action. Joule, Copilot, and a long tail of internal LLM apps are about to read — and write — against the same SAP, RDS, Synapse, and BigQuery surfaces your auditors already worry about. The default integration pattern is a service account with broad scope and no per-request explainability. That's not a future problem. That's a Q1 problem.

  • Identity dilution. Service accounts erase the human asking — auditors can no longer prove who saw what.
  • Probabilistic guardrails. Prompt-engineering "do not return PII" is a hope, not a control.
  • Schema drift. An AI that hallucinates a column name once a thousand requests is a leak vector at scale.
  • Audit gaps. Most LLM platforms log the prompt. Few log the resolved data, the policy decision, or the masking applied.
How it works

Nine deterministic stages. Any one of them can deny.

Same identity, same intent, same context, same data — same response, every time. No probabilistic security decisions. No black-box LLM in the policy path. Defense in depth across seven independent layers.

1

Rate-limit & request ceiling

ASGI middleware caps body size, URL length, and per-request wall time. Per-user and per-tenant rate limits. 429 / 413 / 414 / 504 before the app touches Redis.

2

Authenticate

JWT verification — HS256 / RS256 / ES256 / PS256 with JWKS rotation. Issuer, audience, exp, nbf all verified.

3

Authorise

SAP BAPI_USER_GET_DETAIL + SUSR_GET_PROFILE_AUTH_OBJECTS; AWS / Azure / GCP IAM checks for any system the request touches.

4

Adaptive trust

Frequency, scope expansion, coverage growth, coordination across users. Trust score drives rate-limit bands and request restrictions.

5

Policy

Priority-weighted expression set evaluated by a safe AST — no eval, no dunders, no imports. Deny-by-default.

6

Plan

Intent compiles into a parameterised SafeQuery. :named placeholders only. Tenant isolation as a row policy on every entity.

7

Execute

MODE-gated dispatch to the real backend. SAP simulation refuses to run in PRODUCTION. In-memory fixtures refuse to run in PRODUCTION.

8

Mask

Schema-driven response firewall. Per-field classification × user clearance × auth-object gate. Drop / redact / hash / partial / aggregate.

9

Audit

Tamper-evident HMAC chain. Postgres-backed, row-locked append. GET /api/audit/verify walks the chain and reports the first break.

What you get

The control plane your audit team will sign off on.

Identity-propagated

The user's JWT, tenant, and SAP credentials flow all the way to the backend. No service-account masking. SAP enforces the same identity AegisAI did.

Field-tag firewall

Every field carries a classification, PII kind, and mask strategy. Salary aggregates. Email partial-masks. Tenant ID drops. Untagged PII fails the request.

Tamper-evident audit

Every decision becomes a row in a Postgres-backed HMAC hash chain. Recompute end-to-end on demand; the first break is reported by row id.

Adaptive trust signals

Frequency, scope expansion, coverage growth, cross-user coordination. Trust score drives per-user rate limits and request-shape restrictions.

Parameterised by construction

SafeQuery uses :named placeholders. User input never enters the SQL string. Tenant isolation is a real row policy on every entity.

OpenTelemetry from day one

aegis.requests, aegis.policy.deny, aegis.trust.score, aegis.audit.chain_break exported via OTLP HTTP. Wire to whatever you already run.

Coverage

Built-in connectors for the systems your data already lives in.

System Identity / IAM Query path Status
SAP S/4HANA · ECC BAPI_USER_GET_DETAIL + SUSR_GET_PROFILE_AUTH_OBJECTS RFC / BAPI · OData v2/v4 v1.0
AWS RDS · Redshift iam:SimulatePrincipalPolicy RDS Data API · Redshift Data API v1.0
Azure Synapse Azure RBAC role assignments Synapse SQL endpoint v1.0
GCP BigQuery testIamPermissions BigQuery client API v1.0
SAP SuccessFactors OAuth 2.0 SAML bearer OData Roadmap
Snowflake OAuth 2.0 / external token SQL API Roadmap

Ready to put a deterministic gate in front of your AI?

Book a 30-minute call. We'll walk through your data sources, your auth model, and what a production rollout actually looks like for your team.

Book a demo