Question 1

What is WhiteFin?

Accepted Answer

WhiteFin is Layer 4 of AI security — execution governance. It sits inline between AI agents and the APIs they call, intercepting every tool call at argument level, evaluating against deny-by-default policy, and signing every decision into a tamper-evident audit chain. The platform's three pillars are ToolGuard (the 7-guard chain enforcement proxy), Agent Passport (ECDSA-signed cryptographic identity with lifecycle FSM), and Policy Bootstrap (shadow-mode learning that auto-generates policies in fifteen days instead of ninety).

Question 2

How is WhiteFin different from prompt filters or monitoring tools?

Accepted Answer

WhiteFin is not a prompt filter, not an output scanner, and not a monitoring tool. It is a stateful gateway that intercepts every function call an AI agent makes and enforces deterministic business rules before execution. Prompt filters (Pangea, Lakera) only inspect input. Out-of-band monitors (Zenity, Protect AI) observe but cannot enforce. JIT access tools (Oasis Security) manage permissions but do not audit execution. WhiteFin is the only product that intercepts, governs, and audits at the function-call layer with cryptographic proof.

Question 3

Is WhiteFin OpenAI-compatible?

Accepted Answer

Yes. WhiteFin is a drop-in replacement for the OpenAI API. Change your base_url to https://api.whitefin.ai/v1 and your existing code works unchanged. One line. Full governance. Zero lock-in.

Question 4

What is ToolGuard?

Accepted Answer

ToolGuard is the function-call firewall at the heart of WhiteFin. It is a deny-by-default policy engine that evaluates every tool call through a cost-ordered guard chain — pattern, schema, identity, taint, semantic, and policy stages — so the first block wins. Typical added latency is sub-second; early-deny calls clear in the low-millisecond range. ToolGuard enforces business rules at the execution layer — the only layer where AI agents actually do something.

Question 5

What is Agent Passport?

Accepted Answer

Agent Passport assigns cryptographic identity (ECDSA-signed) to every AI agent in your environment. Each passport carries a scoped tool universe, a lifecycle state machine, and delegation chains with scope narrowing. Trust stages progress based on observed behavior.

Question 6

What is Dry-Run Preview?

Accepted Answer

Dry-Run Preview shows the impact of a destructive tool call before it executes — affected rows, blast radius, estimated cost. Zero of 19 competitors in our State of AI Governance benchmark offer this capability. It is what enables CISOs to approve agentic AI for production systems.

Question 7

Can WhiteFin be deployed air-gapped?

Accepted Answer

Yes. WhiteFin offers three deployment tiers: Cloud Gateway (5 minutes), Private VPC (1 day), and Air-Gapped On-Premise (1 week). The air-gapped tier uses offline licensing and runs with zero outbound connectivity — designed for banking, defense, and government environments that cannot use cloud AI services.

Question 8

What compliance frameworks does WhiteFin support?

Accepted Answer

WhiteFin is designed compliant by architecture: SOC 2, GDPR, HIPAA, ISO 27001, BOI 364, and EU AI Act Article 14 (human oversight of high-risk AI). The WORM audit chain provides cryptographic chain-of-custody that satisfies banking and regulated-industry audit requirements.

Question 9

What is Warden?

Accepted Answer

Warden is WhiteFin's open-source governance scanner. Run it against any AI framework or environment and it produces a 17-dimension governance score out of 100. Across 19 AI frameworks and competing gateways, the market average is 28/100. WhiteFin scores 91/100. Warden is free, runs in 60 seconds, and is the first tool a CISO uses in our evaluation funnel.

Zero Trust for AI Agents

Inside the moat — 14 verification stages

Encryption at Every Layer

TLS 1.3

AES-256-GCM

Ed25519

ECDSA P-256

RAG Shield

Canary Tokens

Tag-Escape Prevention

Sub-Millisecond Blocking

Threat Detection

Behavioral Baselines

Kill Switch

Salami Detection

Cross-Session Anomaly

Audit Chain

Mutual Signing

WORM Storage

Crypto Shredding

HTTP 451: Unavailable for Legal Reasons

Compliance Mapping

SOC 2 Type II

GDPR

ISO 27001

BOI 364

EU AI Act

Download the WhiteFin Whitepaper

See It Running