WhiteFin is Layer 4 of AI security — execution governance. It sits inline between AI agents and the APIs they call, intercepting every tool call at argument level, evaluating against deny-by-default policy, and signing every decision into a tamper-evident audit chain. The platform's three pillars are ToolGuard (the 7-guard chain enforcement proxy), Agent Passport (ECDSA-signed cryptographic identity with lifecycle FSM), and Policy Bootstrap (shadow-mode learning that auto-generates policies in fifteen days instead of ninety).

How is WhiteFin different from prompt filters or monitoring tools?

WhiteFin is not a prompt filter, not an output scanner, and not a monitoring tool. It is a stateful gateway that intercepts every function call an AI agent makes and enforces deterministic business rules before execution. Prompt filters (Pangea, Lakera) only inspect input. Out-of-band monitors (Zenity, Protect AI) observe but cannot enforce. JIT access tools (Oasis Security) manage permissions but do not audit execution. WhiteFin is the only product that intercepts, governs, and audits at the function-call layer with cryptographic proof.

Is WhiteFin OpenAI-compatible?

Yes. WhiteFin is a drop-in replacement for the OpenAI API. Change your base_url to https://api.whitefin.ai/v1 and your existing code works unchanged. One line. Full governance. Zero lock-in.

ToolGuard is the function-call firewall at the heart of WhiteFin. It is a deny-by-default policy engine that evaluates every tool call through a cost-ordered guard chain — pattern, schema, identity, taint, semantic, and policy stages — so the first block wins. Typical added latency is sub-second; early-deny calls clear in the low-millisecond range. ToolGuard enforces business rules at the execution layer — the only layer where AI agents actually do something.

What is Agent Passport?

Agent Passport assigns cryptographic identity (ECDSA-signed) to every AI agent in your environment. Each passport carries a scoped tool universe, a lifecycle state machine, and delegation chains with scope narrowing. Trust stages progress based on observed behavior.

What is Dry-Run Preview?

Dry-Run Preview shows the impact of a destructive tool call before it executes — affected rows, blast radius, estimated cost. Zero of 19 competitors in our State of AI Governance benchmark offer this capability. It is what enables CISOs to approve agentic AI for production systems.

Can WhiteFin be deployed air-gapped?

Yes. WhiteFin offers three deployment tiers: Cloud Gateway (5 minutes), Private VPC (1 day), and Air-Gapped On-Premise (1 week). The air-gapped tier uses offline licensing and runs with zero outbound connectivity — designed for banking, defense, and government environments that cannot use cloud AI services.

What compliance frameworks does WhiteFin support?

WhiteFin is designed compliant by architecture: SOC 2, GDPR, HIPAA, ISO 27001, BOI 364, and EU AI Act Article 14 (human oversight of high-risk AI). The WORM audit chain provides cryptographic chain-of-custody that satisfies banking and regulated-industry audit requirements.

Warden is WhiteFin's open-source governance scanner. Run it against any AI framework or environment and it produces a 17-dimension governance score out of 100. Across 19 AI frameworks and competing gateways, the market average is 28/100. WhiteFin scores 91/100. Warden is free, runs in 60 seconds, and is the first tool a CISO uses in our evaluation funnel.

State of AI Agent Governance — April 2026

ORIGINAL RESEARCH — APRIL 2026

State of AI Agent Governance

A benchmark of 20 AI security and governance vendors, scored across 24 dimensions on a normalized /100 scale. This is the first structured comparison of agentic AI governance capabilities using a reproducible methodology.

As of April 2026, the average AI agent governance score across 20 evaluated vendors is 28/100 — classified as "Ungoverned." Only one vendor scores above 80 (the "Governed" threshold). Adversarial resilience, post-execution verification, and data flow governance represent genuine market whitespace, with near-zero adoption across competitors. The industry lacks a Layer 4 — execution governance for AI agents.

Vendors Analyzed

Capability Dimensions

28/100

Market Average

1 of 20

Above "Governed" (≥80)

The Best-of-Breed Gap

The math the procurement team needs to see.

What if you bought the best vendor in each layer? Three vendors stacked together still leave Layer 4 unaddressed. WhiteFin alone — or WhiteFin alongside the existing stack — are the only configurations that close the gap.

3 vendors

Best-of-Breed (L1–L3)

44%

Layer 4 unaddressed. The gap remains open.

1 vendor

WhiteFin alone

85%

Inline enforcement included.

4 vendors

Best-of-Breed + WhiteFin

93%

For enterprises with existing BoB investment.

Total Defense = (L1 × 0.15) + (L2 × 0.20) + (L3 × 0.15) + (L4 × 0.50). L4's 50% weighting reflects research consensus that execution-time enforcement is the only layer that catches damage regardless of how upstream defenses fail.

Complementary, Not Competitive

Their question. The follow-up Layer 4 forces.

WhiteFin doesn't replace Layer 1–3 vendors. It completes them. For every vendor already in the stack, there's a follow-up question their architecture can't answer — and Layer 4 must.

Palo Alto Networks

Is the model safe? Is the endpoint tool secure?

What happens when a safe model acts on poisoned content via a permitted tool?

Microsoft Agent 365

Who is the agent? What agents exist in my environment?

What is the agent actually doing right now — and should it be permitted?

Cisco AI Defense

Who is the agent? What NHIs are in my environment?

What happens when a known identity performs an ungoverned tool call?

SentinelOne

Is the prompt clean? Is sensitive data being leaked?

What about attacks delivered through tool results, not prompts?

CrowdStrike

Is the input to the LLM safe?

What about execution of tool calls after the prompt is clean?

Zenity

Which agents exist in Microsoft 365?

What are those agents permitted to do at the tool call level?

Open methodology

Vendors are invited to submit corrections. All scores derive from publicly available product documentation, demos, and API testing. Full evidence table with source URLs available at whitefin.ai/methodology. If a score is wrong, write to info@whitefin.ai with verifiable public evidence and we will re-score.

Methodology

Each vendor is evaluated across 24 capability dimensions organized into 4 security layers (Model · Prompt · IAM/Endpoint · Execution Governance). Raw scores are normalized to a /100 scale. Scoring is based on publicly available documentation, product demos, and API testing.

Core Governance

Tool Inventory25pts

Risk Detection20pts

Policy Coverage20pts

Credential Management20pts

Log Hygiene10pts

Framework Coverage5pts

Advanced Controls

Human-in-the-Loop15pts

Agent Identity15pts

Threat Detection20pts

Ecosystem

Prompt Security15pts

Cloud / Platform Integration10pts

LLM Observability10pts

Data Recovery10pts

Compliance Maturity10pts

Unique Capabilities

Post-Execution Verification10pts

Data Flow Governance10pts

Adversarial Resilience10pts

Scoring thresholds: ≥80 GOVERNED · ≥60 PARTIAL · ≥33 AT RISK · <33 UNGOVERNED

Vendor Rankings

Normalized governance scores across all 24 dimensions, four security layers. The dashed line marks the market average (28/100).

WhiteFin

Zenity

Wiz

Noma Security

Oasis Security

HiddenLayer

Portkey

Protect AI (Palo Alto)

Lasso / Intent Security

Kong

Rubrik

Robust Intelligence / Cisco

Pangea / CrowdStrike

NeuralTrust

Knostic

Prompt Security

Cloudflare AI Gateway / Envoy

mcp-scan / Snyk

Lakera

aiFWall

Governed (≥80)

Partial (60-79)

At Risk (33-59)

Ungoverned (<33)

Market Whitespace

Critical governance capabilities where fewer than 25% of vendors have any implementation. These represent genuine gaps in the AI agent security market.

Capability	Market Avg	WhiteFin	Vendors with Capability
Adversarial Resilience	5%	90%	1 of 19
Post-Execution Verification	3%	100%	1 of 19
Data Flow Governance	6%	90%	0 of 19
Agent Identity Management	10%	100%	2 of 19
Human-in-the-Loop Approval	12%	100%	3 of 19

Key Findings

The governance gap is structural, not incremental

The market average of 28/100 is not a score that improves gradually — it reflects fundamental architectural gaps. Most vendors focus on input filtering (prompt injection) while ignoring post-execution verification, data flow tracking, and cryptographic audit chains.

Post-execution is the blind spot

Zero vendors besides WhiteFin verify what an AI agent actually did after tool execution. This means enterprises have no way to detect silent failures, hallucinated tool calls, or unauthorized data access that occurs during multi-step agent workflows.

Compliance readiness is superficial

While 12 of 20 vendors mention SOC 2 or GDPR in marketing materials, only 3 provide cryptographic audit trails that would survive a regulatory investigation. Most "compliance" is checkbox documentation, not technical enforcement.

The data plane is missing

AI agent governance today resembles network security before firewalls — security is applied at the perimeter (input/output filtering) with no inspection of the actual data plane. The industry needs a deterministic layer that sits between agents and tool execution.

What "Governed" Looks Like

WhiteFin's moat — ToolGuard 7-guard chain, Agent Passport identity, Policy Bootstrap. Inline · argument-level · deny-by-default. There are no shortcuts.

STEP 1-2<1ms

Rate Limit + Auth

API key validation, client binding, rate enforcement

STEP 3-4~8ms

DLP + PII Scan

55+ entity types detected, 350+ DLP rules, parallel execution

STEP 5-6~5ms

RAG Shield + Policy

Context integrity scan, policy enforcement, memory isolation

STEP 7<15ms avg

ToolGuard Chain

7 guards in cost order: regex, keyword, length, schema, policy, semantic, LLM

STEP 8-11~12ms

Context Assembly

PII tokenization, memory injection, double-DLP scan, MCP tool binding

STEP 12Variable

LLM Routing

Cost-optimized routing across providers with automatic failover

STEP 13~8ms

Response Scan

PII + DLP scan on LLM output before client delivery

STEP 14<2ms

Non-Repudiation

Hash-linked audit record, cryptographic signature, WORM storage

Scan Your AI Governance Posture

Warden is open source. Run it locally to see how your organization scores across all 24 dimensions. No data leaves your machine.

GET WARDEN VIEW ON GITHUB