Sentinel Gateway is a security middleware layer for autonomous AI agents. It addresses a structural problem in current agent systems: when agents process external content (documents, emails, web pages), there is nothing fundamentally preventing instructions embedded in that content from altering the agent’s behavior. Most current defenses operate at the reasoning layer; prompt filtering, guardrails, or model tuning, which means they can still be bypassed. Sentinel instead enforces security at the execution layer through two mechanisms: Layer 1 : Separate instruction and data channels Only cryptographically authorized instructions accompanied by a signed token are treated as prompts. Everything else the agent reads is processed strictly as data. Layer 2 : Granular execution scope Each prompt receives a scoped capability token defining which tools are available. If a tool is not within scope, the agent cannot access it at execution time regardless of what instructions appear in the content. Sentinel is model-agnostic, integrates with existing agent stacks in about 20 minutes, and provides SOC2-grade audit logs that record every agent action with associated prompt and user identifiers. I’ve attached a screenshot showing a real example where an agent processes a prompt-injection file. The malicious instructions are treated as data, and the attempted actions are blocked and logged. A follow-up “delete file” request is also blocked because that tool wasn’t included in the original scope. submitted by /u/vagobond45
Originally posted by u/vagobond45 on r/ArtificialInteligence