What does Sentinel sit between?
Sentinel sits in the control path between agent activity and provider continuation. It works with Gateway, PriviShield, Vault, MKS, and receipts so prompts, tools, memory, credentials, outputs, and provider responses are governed, controlled, and recorded before execution continues.
Is Sentinel just prompt filtering?
No. Prompt filtering usually looks at one input and tries to clean it up. Sentinel controls pathways across prompt, retrieval, tool output, output, memory, approval, supply chain, runtime, and availability. It also tracks behavior across turns, tools, sessions, and temporal chain families, where embedded and multimodal risks can move from one surface to another.
What does Gateway do?
Gateway gives agent and application traffic one controlled route to model providers. Instead of provider calls scattering across tools, SDKs, services, and API keys, Gateway centralises the path so requests can be scanned, controlled, recorded, and continued only when approved. It is the routing layer that makes provider access visible before Sentinel applies execution control.
Do I need to replace OpenAI, Anthropic, or my model provider?
No. Sentinel is designed to control the path to providers, not replace them. Gateway gives provider calls one controlled route so requests can be scanned, governed, controlled, recorded, and continued only when approved.
What is PriviShield?
PriviShield detects and sanitizes PII, secrets, unsafe prompt material, and encoded credential-like content before model exposure. It redacts sensitive material, produces receipt evidence for the sanitized pass, and helps stop provider-bound requests from carrying data the model should never see.
What does Vault do for agents?
Vault keeps credentials, API keys, OAuth grants, and sensitive access material outside model context. Agents can request access, but they should not receive raw secrets. Vault stores protected material as encrypted data tied to key material and access context, so captured ciphertext is not useful without the required keys and authorised session path. For agent systems, credentials are not just data. They are execution rights.
Does Sentinel store my prompts?
Not by default. Sentinel is designed around evidence rather than raw conversation storage: receipts, hashes, verdicts, pathway metadata, scan results, and audit records. Managed evidence retention is opt-in.
What happens when Sentinel blocks something?
The action stops before continuation. Sentinel returns a controlled decision with evidence, so operators can see what pathway was involved, what policy applied, and why the action did not continue.
Can small teams use this without a CISO?
Yes. If your agents can use tools, touch customer data, write memory, use credentials, or call providers, you need a control path. Sentinel gives small teams execution control that is usually reserved for larger security organisations.
How is Sentinel different from provider guardrails?
Provider guardrails live inside someone else’s model boundary. Sentinel gives you your own control path before and after provider calls, with visibility across tools, memory, credentials, receipts, and agent behavior over time. Provider guardrails can be affected by long-running sessions, context pressure, and provider-side limits. Sentinel sits outside the model boundary, so the control path does not depend on the model remembering its own guardrails.