03 — Trust

Cortex Guard.

Identity, permission, audit for every AI conversation.

Cortex Guard — trust gateway between conversation and company systems

The problem

Most AI deployments quietly assume one user.

The default assumption in every AI agent demo is one user, one trust boundary, ask anything. That model works for a personal assistant. It breaks the moment AI talks to a real company. A company has employees, clients, contractors, vendors. Some people can see every claim. Some can see only their own. Some can read but not write. Some can see commercial terms; most cannot.

The mid-market shortcut — wiring an agent to a database with no-code automation — makes the problem worse. Making the data queryable without permissions is the same as opening the database to the public. Every agent on an unguarded database becomes a public-facing endpoint by default.

What it is

The trust layer in front of every conversation.

Cortex Guard sits between the user and the Cortex. Every conversation begins with a resolved identity — Teams account, Slack identity, email, phone. Every request is checked against what that identity is allowed to ask. Every exchange is recorded in a tamper-evident log that anyone in compliance, IT, or leadership can review later.

Three pillars, named simply: identity — who is on the other side of this conversation; authorization — what they are allowed to read, ask, and act on; audit — a complete record of what was asked and what was answered, kept for as long as the company needs it kept.

The parallel

Glean does this for enterprise. We do it for service companies.

Glean is a multi-billion-dollar enterprise AI company whose cornerstone differentiator is permission preservation across hundreds of connected SaaS apps. The lesson their valuation makes obvious: in any AI deployment that touches real company data, the trust layer is not plumbing. It is the product buyers pay for first.

The shape of the problem is different at our altitude. Mid-market service companies do not have twenty mature SaaS apps with their own ACLs to federate. They have a few systems and an open-database culture. Cortex Guard creates the permission layer that does not yet exist, rather than federating one that does. Different problem. Same principle. Same load-bearing role in any deployment that survives a CIO review.

Audit, not just access

The conversation log is a compliance asset.

Regulated industries already require this for humans — every call recorded, every customer interaction logged, every decision traceable. Almost nobody has it for AI yet. Once AI agents are talking to customers, employees, and systems on a company's behalf, the same standard applies.

Cortex Guard's audit layer is not a debug log. It is a permanent, queryable record of every question asked, every answer given, and every action taken — by which identity, in which conversation, at which time. The first time a regulator asks “what did your AI tell that customer,” the answer is one query away.

Where it fits

The third of three — and often the first to ship.

Cortex Guard sits in front of Company Cortex and mediates access to Company Memory — but it is also a discrete first engagement. A company that wants to deploy any AI at all, against any of its data, with identity and audit handled properly, can start with Guard alone. The Guard engagement is smaller, lower-risk, and establishes the trust boundary the rest of the Cortex will later live inside.

In the order the buyer actually decides: Guard first, Cortex second, Memory alongside both.

Deploying AI against real company data?

Thirty minutes. We listen to what the deployment looks like, and tell you what the Guard layer should cover before the first conversation hits production.

Book a Conversation