Now in early access

Govern every
AI agent
across your enterprise

Privify discovers every AI agent running in your environment — sanctioned or shadow — maps every interaction, and enforces policy in real time. Three pillars: Discovery, Observability, Governance.

Request early access See how it works
66
API endpoints
24
Built features
11
Compliance frameworks
11
SIEM integrations
privify — fleet dashboard
Active agents
47
Critical risk
3
Today cost
$84
Violations
12
API calls / hour
research-agent-v2
autonomous · 94% conf
Active
unknown-agent-7f2
shadow · unregistered
Critical
sales-copilot-prod
api_consumer · 78%
Review
ollama-local-3
local_llm · endpoint
Governed
Powered by FORGE

Where AI governance
is forged.

Every AI agent in your enterprise shaped, governed, and held to policy — the moment it acts. FORGE is the control plane that makes it possible.

FORGE — AI governance hammer striking hot metal on an anvil, surrounded by policy nodes and data streams
FORGE Federated Oversight & Risk Governance Engine
Designed for teams running agents on
OpenAI Anthropic Google Gemini LangChain CrewAI AutoGen vLLM Ollama AWS Bedrock Azure OpenAI
Platform

Three pillars. One control plane.

Privify is not a single tool. It is an integrated governance layer operating at every point where AI agents exist in your enterprise.

01 /

Discovery

Find every agent — sanctioned or shadow, cloud or local. Four parallel probes across endpoints, network traffic, filesystem, and behaviour patterns.

  • Endpoint probe: detects AI library imports & local LLMs (Ollama, LM Studio, vLLM)
  • Network probe: maps outbound calls to 116 AI providers
  • File probe: finds prompt artifacts, API keys, agent configs
  • MCP server auto-discovery with security assessment
  • Participant registry: humans, agents, tools, APIs
02 /

Observability

See what agents do — not just that they ran. Full interaction graph across human↔agent, agent↔agent, and agent↔tool. The delegation chain made visible.

  • Live interaction graph: every delegation, message, and tool call
  • Trace DAG with 800ms animated replay
  • Quality scoring: 6-dimension radar per agent
  • Anomaly detection with baseline deviation alerts
  • OpenTelemetry OTLP receiver — no rip-and-replace
03 /

Governance

Stop bad things before they complete. Policy evaluation on every interaction, mid-flight intervention, human approval gates, cost budgets, and quality SLAs.

  • Policy engine: condition DSL, simulation mode, versioned rules
  • DLP scanning: 12 patterns including SSN, PHI, API keys
  • AI firewall: 10 threat signatures including prompt injection & jailbreak
  • Human-in-the-loop: pause any interaction for approval
  • Cost governance: per-agent budgets with threshold alerts
Live dashboard

Your entire AI fleet. One screen.

11 real-time panels powered by WebSocket and SSE streams. Every agent, every interaction, every policy match — visible the moment it happens.

localhost:8000 — Privify Fleet Dashboard
Overview
Dashboard
Interactions
Traces
Discovery
Participants
MCP Servers
Governance
Policies
Approvals
Quality
Security
Compliance
Reports & SIEM
Event Logs
Active agents
47
↑ 3 since yesterday
Policy violations
12
↑ 4 this hour
Today's AI cost
$84.20
84% of $100 budget
Pending approvals
2
Awaiting review
Detected agents — risk level
unknown-agent-7f2a
shadow · unregistered
Critical
research-agent-v2
autonomous · 94%
Compliant
sales-copilot-prod
api_consumer · 78%
Review
ollama-local-3
local_llm · endpoint probe
Governed
Live event feed
DLP_MATCH
SSN detected in outbound agent message
2s ago
THREAT
Prompt injection in agent↔agent delegation
14s ago
COST_ALERT
research-agent-v2 at 84% daily budget
1m ago
APPROVAL
Interaction paused — awaiting human review
3m ago
AI API call volume — last 12 hours
Capabilities

Everything you need to govern AI at scale

Shadow AI detection

Discovers agents nobody registered — including local LLMs running on Ollama or LM Studio that generate zero outbound traffic. Process-level scanning, not proxy-level.

Discovery

Interaction graph

Live SVG graph of every human→agent, agent→agent, and agent→tool interaction. Colour-coded by policy status. Click any edge for full context, token counts, and latency.

Observability

Real-time intervention

BLOCK, REDACT, FLAG, or PAUSE any interaction before the response reaches its destination. Policy evaluation runs on every message the moment it's captured.

Governance

DLP scanning

12 patterns scan all interaction content: SSN, credit cards, API keys (OpenAI sk-*, AWS AKIA*), PHI, connection strings. Catches data in agent↔agent messages too.

Security

AI firewall

10 threat signatures covering the OWASP LLM Top 10: prompt injection, jailbreak (DAN), system prompt extraction, data exfiltration, indirect injection via tools.

Security

Cost governance

Per-agent cost ledger with team attribution, daily/weekly/monthly budgets, threshold alerts, and monthly spend forecasting. Chargeback-ready reports.

FinOps

Quality SLAs

6-dimension quality scoring (relevance, accuracy, safety, compliance, helpfulness, hallucination risk) with per-agent thresholds and automatic ALERT or SUSPEND on breach.

Governance

Human-in-the-loop

Approval queue pauses policy-violating interactions. Reviewer sees full context — interaction graph, participants, risk score, matched policy — before approving or denying.

Governance

Compliance reporting

11 frameworks: GDPR, HIPAA, SOC2, PCI-DSS, DPDP Act (India), EU AI Act, NIST AI RMF, ISO 42001, CCPA, DSA, California SB53. Tamper-evident SHA256 audit chain. CSV export.

Compliance
Deployment

Meets you where your agents run

Six deployment components. Layer them for defence in depth. Start with one in five minutes. Scale to global enterprise without rearchitecting.

SMB — up to 50 agents

Single appliance or Docker

One Docker container or a compact network appliance. Plug it in, run one command, govern your entire team's AI usage in under 15 minutes.
Docker container Endpoint agent DNS sinkhole
15 min
Time to deploy
~2ms
Added latency
Contact us
Pricing
Mid-market — 50–500 agents

Network probe + HA appliance pair

DNS sinkhole discovers shadow AI across every device. Network probe at egress inspects payloads. Endpoint agents catch local LLMs. HA pair for production uptime.
DNS sinkhole Network probe HA appliance pair PostgreSQL
1–2 days
Full deployment
11 SIEMs
Supported
Contact us
Pricing
Enterprise — 1,000+ agents

All layers · global · per-region compliance

All six deployment components. Regional Privify hubs feed a central governance cluster. Per-region compliance — GDPR in EU, DPDP Act in India, CCPA/NIST in US. Data residency enforced.
All 6 layers Regional hubs RBAC Multi-SIEM
Global
Deployment
HA pairs
Availability
Contact us
Pricing
Cloud-native — Kubernetes

Admission webhook · zero config per pod

One Helm install. Admission webhook auto-injects our sidecar into every AI pod at creation. No code changes. Integrates with Istio/Linkerd, exposes Prometheus metrics.
Helm chart K8s sidecar Admission webhook Istio / Linkerd
1 cmd
Helm install
~1ms
Sidecar latency
EKS/GKE/AKS
Supported
Why Privify

Built differently. Governed deeper.

Most governance tools sit at the network boundary. Privify reaches further — into the endpoint, into the delegation chain, into the cost ledger.

OS-level endpoint detection

Privify's endpoint probe scans running processes, detects AI library imports, and discovers local LLM servers (Ollama, LM Studio, vLLM) that generate zero outbound traffic. Network-only tools are completely blind to these. We aren't.

Unique capability

Full interaction graph including agent↔agent

When Agent A delegates to Agent B who calls Tool C, we see and govern the entire chain. Most platforms only see the first hop — human sends prompt, AI responds. The real risk — data leakage, prompt injection, unauthorised delegation — lives in the delegation path.

Unique capability

Mid-flight intervention — not post-hoc alerting

Policy evaluation runs the moment an interaction is captured — before the response reaches its destination. BLOCK halts instantly. REDACT strips sensitive content and allows through. PAUSE suspends and opens a human approval queue. This is control, not just visibility.

Unique capability

Quality SLAs linked to governance

Quality scoring (6 dimensions, every interaction) feeds directly into the governance engine. A quality SLA breach — hallucination rate exceeds threshold, task completion drops — triggers the same ALERT or SUSPEND workflow as a security policy violation. One control plane for both.

Unique capability

Per-agent cost governance

Token costs tracked per agent, attributed to teams and cost centres, measured against daily/weekly/monthly budgets. Forecasting projects end-of-month spend from 14-day trend data. The only platform that can answer: which agent cost your team $4,200 last month?

Unique capability

SIEM-native, not SIEM-replacing

11 SIEM platforms supported across 6 export formats — CEF for Splunk, LEEF for QRadar, ECS for Elastic, STIX 2.1 for threat intel platforms. Every event auto-forwards in real time. Your SOC team gets AI agent telemetry in the platform they already use.

Enterprise ready
Integrations

Fits into your existing stack

116 AI providers seeded. 11 SIEM platforms. Cloud discovery for AWS, GCP, and Azure. You don't rebuild your infrastructure — Privify slots into it.

AI providers

OpenAI / Azure OpenAI
Anthropic
Google Gemini / Vertex
AWS Bedrock
Ollama / vLLM / LM Studio
+111 more providers

SIEM & Security

Splunk (CEF / HEC)
Microsoft Sentinel
IBM QRadar (LEEF)
Elastic SIEM (ECS)
Datadog / CrowdStrike
STIX 2.1 threat intel

Cloud platforms

AWS (ECS, Lambda, Bedrock)
GCP (Vertex, Cloud Run)
Azure (OpenAI, AKS, Functions)
Kubernetes (EKS / GKE / AKS)
Run:ai / NVIDIA workloads
Serverless (Lambda, Cloud Run)

Observability & ITSM

OpenTelemetry (OTLP)
Langfuse
Datadog / New Relic
ServiceNow
Jira
Slack / PagerDuty / Teams
Compliance

11 frameworks. Audit-ready out of the box.

Every AI agent interaction is mapped to regulatory controls. SHA256 hash chain on every event. CSV export for audit submission. No manual work for your GRC team.

GDPR
7 controls mapped
Fully covered
HIPAA
6 controls mapped
Fully covered
SOC 2
7 controls mapped
Fully covered
PCI-DSS
5 controls mapped
Fully covered
DPDP
6 controls mapped
Fully covered
Also covers
🇮🇳 DPDP Rules 2025🇪🇺 EU AI Act 🇺🇸 NIST AI RMF 🌐 ISO 42001 🇺🇸 CCPA 🇪🇺 DSA 🇺🇸 California SB53
Easy adoption

Running in minutes. Not months.

Start with zero infrastructure changes. Add layers as your needs grow. Each step delivers immediate value — independently.

1

Single container

FORGE runs as a single Docker container. No database to configure, no agents to install, no proxy to route traffic through. Up and running in minutes.

2

DNS sinkhole

One config change to your internal DNS resolver. Instantly see every AI domain lookup from every device on your network — no agent install needed on any machine.

3

Endpoint agents

Deploy lightweight endpoint agents on developer machines and servers. Detects local LLMs, AI library imports, and filesystem artifacts — invisible to network-only tools.

4

SIEM integration

Connect your existing Splunk, Sentinel, or QRadar. All events forward automatically in CEF, LEEF, ECS, or STIX 2.1 — your SOC team sees AI telemetry immediately.

Each deployment layer works independently. Start with Step 1 and add coverage when you need it — no rearchitecting required.