Beta — Launch July 2026

The Governance Gateway
Feature Deep-Dive

TrustLens is not a monitoring tool. It's an enforcement engine. Here's how every component works to ensure no AI agent operates outside your governance framework.

Layer 1

Agent Registration Gateway

No AI agent operates in your enterprise without an identity card. TrustLens catches shadow AI at the point of deployment — not months later in an audit.

Agent Identity Card

Every agent gets a structured profile before it can make a single API call.

  • Name, owner, business unit, purpose statement
  • Data classification level (Public → Top Secret)
  • Model provider (Claude, GPT, Gemini, open-source)
  • Auto risk tier: LOW / MEDIUM / HIGH / CRITICAL

Mandatory Pre-Activation DPIA

Auto-generated Data Protection Impact Assessment based on the agent's profile and data access scope.

  • Auto-populated from registration fields
  • Risk scoring: data sensitivity x access scope x model risk
  • EU AI Act risk category classification
  • Mitigation recommendations auto-generated

Multi-Party Approval Workflow

No single person can approve an AI agent. Business owner, security, and privacy must all sign off.

  • Configurable approval chain per risk tier
  • LOW: business owner only. CRITICAL: CISO + DPO + CTO
  • Time-bound approvals with auto-expiry
  • Re-certification required every 90/180/365 days
Layer 2

Policy Enforcement Point (PEP)

TrustLens sits as a gateway between your AI agents and the resources they access. Every API call, every prompt, every data request is evaluated against your organisation's policies in real-time.

Enforcement Capabilities

What the Gateway Evaluates in Milliseconds

Every request passes through 6 enforcement checks before reaching the target resource or model.

PII Gate

Scans prompts for personal data (names, emails, credit cards, health data, biometrics). PII detected? Check PrivacyVault for valid consent. No consent = blocked. Consent expired = blocked.

Scope Enforcement

Agent registered for "customer support" trying to query HR payroll API? Denied. Agent approved for "marketing analytics" requesting credit card numbers? Denied. Hard scope enforcement, not just logging.

Data Classification Gate

Every data source has a classification level (PUBLIC, INTERNAL, CONFIDENTIAL, RESTRICTED). Agents can only access data at or below their clearance. Like military classification for AI.

Threat Detection

Jailbreak attempts, prompt injection, DAN attacks, system prompt extraction, CEO impersonation — all detected and blocked at the gateway before the prompt reaches the model.

Rate & Cost Controls

Per-agent token budgets, API call rate limits, and cost circuit breakers. Agent consuming 10x normal volume? Auto-throttled. Monthly budget hit? Suspended until next period.

Model Provider Controls

Restrict which LLM providers each agent can use. Classified data? Anthropic only (in-region). Customer-facing? Approved models only. No unapproved open-source models.

Declarative Policy Engine

Define governance rules as declarative policies. No code required. UI or YAML.

# TrustLens Policy: Customer Support AI Agent agent: "cs-bot-prod" scope: "customer-support" data_access: allowed: ["customer_name", "order_history", "support_tickets"] denied: ["credit_card", "ssn", "payroll", "hr_records"] model_providers: ["anthropic", "azure-openai"] rate_limits: requests_per_minute: 60 monthly_token_budget: 5000000 cost_circuit_breaker: "$500/day" pii_handling: "block_and_redact" consent_required: true kill_switch: "enabled"
Gateway Decisions

Real-Time Enforcement Scenarios

See how TrustLens evaluates and decides on actual AI agent requests:

Customer Support Bot requests HR payroll data

GET /api/hr/payroll?employee=all | Agent: cs-bot-prod | Scope: customer-support
DENIED — Scope violation: "hr_records" not in allowed data access

Marketing AI sends prompt containing 200 customer emails

POST /v1/messages | PII detected: 200 email addresses | Consent: NOT_VERIFIED
BLOCKED — PII gate: consent not verified in PrivacyVault for bulk email processing

Fraud Detection Agent queries transaction patterns

POST /v1/messages | Scope: fraud-detection | Data: transaction_patterns (INTERNAL) | Model: anthropic
ALLOWED — Scope valid, clearance sufficient, model approved, no PII

Report Generator exceeds daily token budget

POST /v1/messages | Tokens today: 4.8M / 5M limit | Cost today: $487 / $500 limit
THROTTLED — Cost circuit breaker: $500/day limit reached, queued until tomorrow
Layer 3

Continuous Compliance & Evidence

The verification layer proves your governance is working. Auto-generated evidence for regulators, auditors, and board reporting.

Governance Dashboard

Real-time view of all AI agents: compliant, non-compliant, pending review, killed.

  • Agent compliance score (0-100%)
  • Policy violation trends over time
  • Gateway decision breakdown (allowed/denied/throttled)
  • Risk heat map by business unit

Automated Evidence Collection

Every gateway decision generates compliance evidence automatically.

  • EU AI Act Article 13 transparency logs
  • NIST AI RMF GOVERN and MAP function evidence
  • ISO 42001 AI management system records
  • Integration with Activitee Evidence Vault

Board-Ready AI Reports

Quarterly AI governance reports that non-technical board members can actually understand.

  • Total agents, risk distribution, violation trends
  • Top blocked threats (jailbreaks, PII, scope violations)
  • Cost control savings (prevented runaway bills)
  • Regulatory readiness score per framework
Integration

Built on the Activitee Platform

TrustLens isn't standalone — it's the AI governance arm of the Activitee platform, deeply integrated with identity governance, privacy, and compliance.

Activitee Platform

Agent inventory, prompt monitoring, kill switch, access grants, certification campaigns — the operational layer that TrustLens enforces.

PrivacyVault

Consent verification for PII processing. TrustLens checks PrivacyVault before allowing any agent to access personal data.

BackupVault

Agent service account and IAM config backup. If a breach occurs, BackupVault restores agent governance configurations.

Beta Programme

Shape the Future of AI Governance

20 enterprise beta spots. Priority access, direct product input, and launch-day pricing lock. Apply now — beta closes June 2026.

Apply for Beta Access View Pricing