Guava
AI Firewall & Antivirus for Orchestration
Real-time monitoring, logging, and gatekeeping for AI agents and automated processes. Know what actions your AI is taking, where data is going, and enforce policies before damage is done.
GUAVA IN ACTION
AI Agent Request
Agent attempts to call external API
Guava Intercept
Request analyzed in real-time
Policy Evaluation
Allow / Deny / Hold / Redact
Controlled Execution
Logged, traced, compliant
Think of Guava As...
Familiar security concepts applied to AI and automation
LIKE A FIREWALL
For AI + Automation
Egress controls, allow/deny rules, destination filtering. Control what leaves your environment.
LIKE ANTIVIRUS
For Orchestration
Real-time protection, quarantine/hold, policy packs and signatures. Stop threats before they execute.
LIKE OBSERVABILITY
For Agentic Systems
Traces, timelines, alerts, dashboards. Full visibility into what AI is doing.
Core Capabilities
Complete visibility and control over AI-driven actions
01 Observe
Capture what AI agents and automations are doing across API calls, orchestration steps, and OS-level operations. Full telemetry for every action.
02 Record
Create an auditable, immutable record of all AI-driven activity. Structured logs with retention controls and export capabilities for compliance and forensics.
03 Control
Real-time enforcement on outbound actions. Allow, deny, hold for approval, or redact sensitive data before it leaves your boundary. This is the firewall behavior for AI.
Protection Modes
Simple controls for everyday users, powerful policies for enterprises
Monitor
Visibility without intervention. Log everything, block nothing.
- Full telemetry collection
- Dashboard visibility
- Alert generation
- No action blocking
- Ideal for initial rollout
Warn
Allow actions but generate alerts for policy violations.
- Actions proceed normally
- Violations flagged
- Alert routing
- Incident queue population
- Good for policy tuning
Protect (Shield Mode)
Full enforcement: allow, deny, hold, and redact.
- Real-time blocking
- Hold-for-approval flows
- Automatic redaction
- Zero-trust enforcement
- Production recommended
What Guava Protects Against
Security for both everyday users and enterprise environments
π€ Everyday Users & Small Teams
Accidental Secret Leakage
API keys, passwords, tokens accidentally sent to third parties
Document Exposure
Private documents sent to unapproved services
Wrong Recipient
Automation sending to incorrect destinations
Runaway Agents
Unexpected API calls and tool usage spiraling out of control
Cost Blowups
Uncontrolled tool usage leading to unexpected bills
π’ Enterprise
Data Exfiltration
PII/PHI/PCI/secrets leaving via tool/API egress
Shadow AI
Unapproved AI tools and services being used
No Audit Trail
Untracked automated actions creating compliance gaps
Policy Drift
Inconsistent controls across teams and environments
Audit Findings
Inability to demonstrate control of AI-driven actions
Packages
From essential monitoring to enterprise-grade policy engineering
Guava Core
Essential AI monitoring + logging with simple gatekeeping. Includes Guava Console.
Includes
- Monitoring + trace timelines
- Logging + retention controls
- Standard detectors (secrets/PII)
- Allow/Deny/Hold + basic redaction
- Alerts + incident queue
- Basic approvals (single-step)
- RBAC (basic)
- Standard exports
Guava Enterprise
Policy engineering and governance at scale. Includes Console + Studio.
Everything in Core, plus
- Guava Studio policy IDE
- Policy simulation + trace replay
- Policy test harness + regression
- Policy-as-Code + GitOps
- Advanced approvals (multi-step, SLAs)
- Detection tuning + false-positive mgmt
- Advanced RBAC + org hierarchy
- SIEM/SOAR integrations
ComplianceSphere
Compliance workflows and audit-ready evidence built on Guava telemetry.
Adds to Core or Enterprise
- Compliance dashboards
- Evidence packs (who/what/when/why)
- Framework mappings (SOC2/PCI/HIPAA)
- Auditor-friendly exports
- Retention profiles
- Control attestation
Use Cases
See how Guava protects real-world AI deployments
AI Agent Prepares Request
Agent attempts to include an API key in an outbound tool call to a third-party service.
Guava Intercepts
The request is analyzed in real-time before leaving your environment.
Detector Triggers
Secret pattern detector identifies the API key in the payload.
Policy Enforces
Based on policy, the key is redacted and/or the request is held for approval.
OUTCOME
Operator sees the trace timeline with the detected secret and the policy decision. The sensitive credential never leaves your environment. Full audit trail captured.
Agent Targets External API
AI agent attempts to send customer data to an unapproved external domain.
Destination Check
Guava evaluates the target against your destination allowlist/blocklist.
Policy Denies
Destination is not on the approved list; request is blocked.
Alert Created
Security team is notified via configured alert channel.
OUTCOME
Data never reaches the unapproved destination. Alert is routed to security for investigation. Full trace shows what was attempted and why it was blocked.
High-Risk Action Detected
Agent requests to email an attachment to an external recipient.
Policy Triggers Hold
External email with attachment matches hold-for-approval policy.
Approval Request Sent
Designated approver receives notification with action details.
Human Decision
Approver allows or denies with reason; decision is logged.
OUTCOME
Sensitive action only proceeds with explicit human approval. Full audit trail captures who approved, when, and why. Compliance requirements satisfied.
Architecture
High-level view of Guava's data and control flow
Ready to Secure Your AI?
See Guava in action. Our team will walk you through how Guava can protect your AI agents and automated processes from day one.