WhiteFin — Execution Governance for AI Agents
The Layer 4 of AI security — inline argument-level enforcement of every tool call between agent and API.
Four layers of AI security exist. Only one stops the action. Layer 1 (Model Security) is solved. Layer 2 (Prompt Security) is solved. Layer 3 (IAM & Endpoint) is contested. Layer 4 — Execution Governance — was open until WhiteFin. The platform sits inline between agent and tool, intercepts every call at argument level, denies by default, and signs every decision into a tamper-evident audit chain. Authentication and authorization tell you who the agent is and what tools it can use; only execution governance answers is this specific action permitted, right now?
Three Pillars Hold the Moat
The product is built around three coordinated primitives that make Layer 4 work in practice — and five additional surface products that let a customer adopt WhiteFin without a multi-vendor stitching project.
1. ToolGuard — The Function-Call Firewall
Deny-by-default policy engine for every tool call. A cost-ordered guard chain — pattern, schema, identity, taint, semantic, and policy stages — so the first block wins. Sub-second added latency. This is the centerpiece product.
2. Agent Passport — Cryptographic Identity
ECDSA-signed identity for every AI agent. A lifecycle state machine, scoped tool universe, and delegation chains with scope narrowing. Trust progresses with observed behavior.
3. Dry-Run Preview — Impact Before Execution
See affected rows, blast radius, and estimated cost before a destructive tool call executes. 0 of 19 competitors in our benchmark offer this capability. This is what enables CISOs to approve agentic AI for production.
4. Output Assurance — Post-Execution Verification
Verify that the AI agent did what it claimed. Behavioral comparison, contract validation, page walking, API probing. Closes the loop after the tool call.
5. Kill Switch — Instant Revocation
Immediate halt of any agent mid-execution, with cryptographic proof of the kill signal.
6. WORM Audit Chain — Banking-Grade Chain of Custody
SHA-256 hash-chained, Ed25519-signed, immutable audit logs with 7-year retention and 5-sink fan-out. WORM-compliant. Tamper with one entry, break the entire chain.
7. Warden & the Governance Score
Open-source governance scanner. Scores AI environments across 17 measurable dimensions. WhiteFin scores 91/100. Market average across 19 AI frameworks and gateways: 28/100. Run Warden yourself — it takes 60 seconds.
What WhiteFin Is Not
WhiteFin is not a prompt filter (Pangea, Lakera — input-only). Not an out-of-band monitor (Zenity, Protect AI — observes but does not enforce). Not a JIT access tool (Oasis Security — permissions only, no execution audit). WhiteFin is the only product that intercepts, governs, AND audits at the function-call layer with cryptographic proof.
Technical Architecture
Engineering deep-dive: every request traverses an inline verification pipeline — pre-call (ingestion, rate limiting, broad PII detection, ToolGuard's guard chain, Agent Passport verification, semantic routing), in-call (cache, LLM processing with provider failover), post-call (Output Assurance, PII re-hydration, response validation, audit chain entry with SHA-256 linking, metrics, delivery). Total added latency is sub-second; early-deny calls clear in the low-millisecond range.
Infrastructure: FastAPI, PostgreSQL + pgvector, Redis, Docker/Kubernetes. OpenAI-compatible API — change one line (base_url) and your existing code works unchanged.
Deployment Options
- Cloud Gateway — Cloud-hosted, deploy in 5 minutes.
- Private VPC — Your cloud, our software. 1 day setup.
- Air-Gapped On-Premise — Complete isolation for banking, defense, government. 1 week setup with offline licensing.
Compliance
Designed compliant by architecture, not by audit: SOC 2, GDPR, HIPAA, ISO 27001, BOI 364, EU AI Act Article 14 (human oversight of high-risk AI).
Company
WhiteFin was founded by Gilad Gabay, Co-Founder & Chief Architect. Mission: make enterprise AI adoption safe, governed, and auditable.
LinkedIn · GitHub · info@whitefin.ai
Explore