Skip to main content
PromptGuard goes beyond access control to provide four governance capabilities that Chris Hood identified as missing from every AI security platform: agent identity, behavioral drift detection, tamper-evident audit trails, and runtime behavioral evaluation.

Why Governance Is Not Access Control

Access control answers “is this request allowed?” Governance answers harder questions:
  • Who is this agent? (Agent Identity)
  • Is it behaving the same way it did last week? (Behavioral Drift Detection)
  • Has anyone tampered with the audit trail? (Tamper-Evident Audit)
  • Can we prove compliance to an auditor? (Runtime Behavioral Evaluation)
PromptGuard handles all four.

Agent Identity

The Problem

Most AI security platforms accept a free-form agent_id string. Anyone with the project API key can claim to be any agent. There is no verification.

The Solution

PromptGuard offers verified agent credentials. Each agent is registered and receives a cryptographic secret (pgag_...) that authenticates requests. 
# Register an agent
curl -X POST https://api.promptguard.co/api/v1/agent/register \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"agent_name": "customer-support-bot"}'
Response (secret shown only once): 
{
  "agent_id": "agent_a1b2c3d4e5f67890",
  "agent_name": "customer-support-bot",
  "agent_secret": "pgag_Kx9mP2qR...",
  "credential_prefix": "pgag_Kx9mP2"
}
Use the credential in subsequent requests: 
curl -X POST https://api.promptguard.co/api/v1/guard \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Agent-Credential: pgag_Kx9mP2qR..." \
  -H "Content-Type: application/json" \
  -d '{"messages": [...]}'

Backward Compatibility

Requests without X-Agent-Credential still work. They are treated as unverified — the agent_verified field in responses and audit logs will be false.

Credential Rotation

curl -X POST https://api.promptguard.co/api/v1/agent/{agent_id}/rotate-credential \
  -H "Authorization: Bearer YOUR_API_KEY"
The old credential is immediately revoked and a new one is issued.

Behavioral Drift Detection

The Problem

An agent that normally uses search and calculator suddenly starts calling send_email and http_post exclusively. Per-request validation sees each call as individually safe. Only stateful behavioral analysis detects the drift.

The Solution

After an agent accumulates enough observations (configurable, default 50 tool calls), PromptGuard freezes a behavioral baseline — a snapshot of the agent’s normal tool-usage distribution. Every subsequent request is compared against this baseline using Jensen-Shannon divergence, a symmetric, bounded (0–1) measure with no division-by-zero issues. If the divergence exceeds the configured threshold (default 0.3), a BEHAVIORAL_DRIFT alert fires with:
  • Divergence score
  • Top changed tools (baseline vs. current distribution)
  • Recommended action

Example Alert

{
  "alert_type": "behavioral_drift",
  "severity": "warning",
  "message": "Behavioral drift detected (JS divergence=0.47)",
  "details": {
    "divergence": 0.47,
    "threshold": 0.3,
    "baseline_sample_size": 120,
    "changed_tools": {
      "send_email": {"baseline": 0.0, "current": 0.35, "delta": 0.35},
      "search": {"baseline": 0.6, "current": 0.15, "delta": -0.45}
    }
  }
}

Tamper-Evident Audit Trail

The Problem

An audit log that can be silently modified is not an audit log. Most platforms hash individual events but do not chain them — meaning a deleted or altered event goes undetected.

The Solution

Every audit event’s SHA-256 integrity hash incorporates the previous event’s hash (previous_hash), forming a cryptographic append-only chain. If any event is modified, inserted, or deleted, the chain breaks. 
Event 1: integrity_hash = SHA256(fields + previous_hash=null)
Event 2: integrity_hash = SHA256(fields + previous_hash=Event1.integrity_hash)
Event 3: integrity_hash = SHA256(fields + previous_hash=Event2.integrity_hash)

Verify the Chain

curl -X POST https://api.promptguard.co/dashboard/audit-log/verify-chain \
  -H "Cookie: session=YOUR_SESSION_COOKIE" \
  -d "start_date=2026-01-01T00:00:00Z" \
  -d "end_date=2026-04-10T00:00:00Z"

{
  "valid": true,
  "verified_count": 12847,
  "first_break_at": null
}

Runtime Behavioral Evaluation

The Problem

Compliance auditors need narratives, not data dumps. They need to understand what happened, what controls were in place, and whether those controls worked.

The Solution

PromptGuard generates governance reports with narrative sections for auditors: 
curl -X POST https://api.promptguard.co/dashboard/compliance/governance-report \
  -H "Cookie: session=YOUR_SESSION_COOKIE" \
  -d "framework=soc2&days=30"
The report includes:
SectionContents
Agent IdentityRegistered agents, verification rates, unverified access attempts
Behavioral DriftDrift alerts triggered, agents that drifted, resolution actions
Audit IntegrityChain verification result for the period
Security DecisionsBlock/allow/redact counts with explanation summaries
Incident TimelineChronological narrative of critical events
Supports SOC 2, EU AI Act, and NIST AI RMF frameworks.

Next Steps

Audit Logs

View and export audit events

Compliance

Security certifications and data handling

Agent Security

API reference for agent endpoints

Enterprise

Enterprise deployment guide