Solutions · Security & Governance

Governance that runs, not just governance that's written down

A policy document can't tell you whether an agent actually followed it at 2am on a Saturday. Prefactor scores every run's risk, catches sensitive data before it leaves, and writes an immutable record of what happened, mapped to the framework your auditor already asks about.

Maps to EU AI Act, NIST AI RMF, ISO 42001, and SOC 2: evidence generated continuously, not compiled at reporting time.

run-record live
Claims Assistant Medium risk
Data sensitivityHigh (customer PII)
Action consequenceRead-only
PII detectedSSN in response, redacted automatically
EvidenceSOC 2 CC7.2 · EU AI Act Art. 12
§01 / THE GAPproblem: policies without runtime enforcement

Most organizations have the policy. Few can prove it's followed

Most organizations already have the AI principles and risk policies. What's missing is proof an agent actually stayed inside them, and evidence to show a regulator or auditor.

Governance documentation

Defines the rules. No way to check an agent actually followed them.

Prefactor

Scores, enforces, and logs every run against those rules, continuously.

Evidence gaps

Documents, not runtime proof

When audit, risk, or a regulator asks what an AI system actually accessed or changed, most teams have governance documents but limited runtime visibility into what really happened.

Sensitive data exposure

PII leaves before anyone notices

Agents connected to customer data, internal tooling, and communication platforms can expose names, emails, SSNs, or credentials in an output without a safeguard catching it.

Ownership spans teams

No one owns the full picture

AI deployments cut across engineering, security, legal, and business teams, so accountability for what an agent can access and do gets harder to pin down as adoption spreads.

Why not just a governance documentation platform?

Documentation tools like Credo AI produce model cards, bias reports, and compliance artefacts, and are genuinely good at that job. Prefactor does the operational half: continuous risk assessment, inline blocking, and approval routing on every agent run. They're complementary, not competing: one documents that governance exists, the other ensures it executes. See Prefactor vs. Credo AI → for the honest breakdown.

§02 / COMPOSITE RISKpath: quality + cost + scope → one score

One score, from three things that actually matter

Rather than one opaque number, every run is scored on three dimensions that combine into a single classification your team reviews.

Outcome quality
92%
Cost efficiency
78%
Scope adherence
100%
Composite: Low risk
Outcome quality

Did it produce the right result?

Scored against the run's own record: inputs, outputs, and whether the task was actually completed correctly, not a generic fleet-wide average.

Cost efficiency

Was the spend proportionate?

Token, API, and compute cost measured against the value of the task, so an expensive run for a trivial task is visible, not averaged away.

Scope adherence

Did it stay in its lane?

Whether the agent operated within its approved permissions and boundaries, the same signal runtime policies and approval routing act on.

§03 / MCP GOVERNANCEpath: register → scope → log

Tool access is part of the same governance surface

Model Context Protocol connects agents to file systems, databases, and APIs. Ungoverned, that's tool poisoning and data exfiltration waiting to happen, and the same governance layer covers it.

1
Register
Only verified MCP servers, cryptographically checked
2
Scope
Per-agent tool permissions, violations blocked inline
3
Log
Every tool call, parameters and response, immutable
EU AI Act NIST AI RMF ISO 42001 SOC 2 HIPAA DORA PCI-DSS OWASP LLM Top 10

Frequently asked questions

How is Prefactor different from governance documentation tools like Credo AI?
Credo AI produces governance documentation: model cards, bias reports, compliance artefacts. Prefactor enforces governance operationally: continuous risk assessment, inline blocking, and approval routing on every agent run. They're complementary; Credo documents that governance exists, Prefactor ensures it executes.
How does Prefactor calculate risk scores for agents?
A composite score from three dimensions: outcome quality (did the agent produce the right result), cost efficiency (was the spend proportionate), and scope adherence (did it stay within approved boundaries). Each is scored per run, and the composite drives enforcement.
Can Prefactor detect and block sensitive data in agent outputs?
Yes. Prefactor detects PII, names, emails, SSNs, API keys, credentials, in agent outputs in real time and can redact or block it before it leaves your infrastructure.
Does Prefactor support our existing compliance framework?
Prefactor is framework-agnostic and maps to EU AI Act, NIST AI RMF, ISO 42001, SOC 2, HIPAA, DORA, PCI-DSS, and OWASP LLM Top 10. The controls and audit trails adapt to your framework rather than imposing a new one.
How does Prefactor secure MCP server connections?
Prefactor sits between agents and their MCP servers: an approved server registry, per-agent tool permission scopes, a full tool-call audit trail, and real-time anomaly detection for unusual call patterns.

See your own risk score, not a demo one

Book a demo and we'll walk through what composite risk scoring and audit evidence look like against your own agents.

Agent Performance Platform
Unified performance platform for agents, authentication, and risk management
All Systems Operational
3Global Agents
7Instances
5Services
12%Human Intervene
4High Risk
$2,360Monthly Spend
Mission ControlLive agent health with 7-day activity heartbeat
Claims Proc...68
$330/moRed
Claims Proc...65
$160/moRed
Claims Proc...82
$170/moAmber
ChatGPT74
$150/moAmber

See how every agent performs — and make it better

Prefactor helps teams observe, evaluate, and improve their AI agents in production — across every framework and provider.