ATBASH
The boundary before irreversible action
You define the red lines. Atbash stops agents before they cross them.
A control boundary that sits at the last irreversible step of agent-initiated workflows. Built for the Risk and Compliance teams that have to defend the decision — months after the agent moved on.
Rolling out selectively to teams with agents in sensitive workflows. We want the conversation more than the signup.
YOSEF SHAFTALCo-founder
OR PERELMANCo-founder
VERDICT RECORD · LIVELR-2026-04-29-c802
REFERENCEACC-2026-04-29-771044
ACTION CLASSclassified_data_access
TARGETrecords · customer-financial · 84,212 rows
COUNTERPARTYRequesting agent · presenting as analytics-svc-09 · registry mismatch detected
POLICY VERSIONdata_authority.v.2026.04 · clause 9.2
POTENTIALLY POISONED AGENT · JAILED
RED LINES EVALUATED · CLIENT-DEFINED
RL-41Agent identity asserted does not match cryptographic registry record✗ TRIGGERED
RL-43Access request to classified dataset from unverified provenance✗ TRIGGERED
RL-46Prompt chain shows reframing pattern consistent with injection✗ TRIGGERED
RL-44Originating workload registered in service mesh✓ PASSED
REASONING
Agent attempted to access classified customer-financial records while presenting an identity (analytics-svc-09) inconsistent with its cryptographic registry record. The originating workload is registered in the mesh, but the agent operating inside it has been reshaped: upstream prompt chain shows a reframing injection pattern. Identity laundering combined with classified-data target triggers full containment per clause 9.2.
EVIDENCE · RECONSTRUCTIBLE ON AUDIT
DECISION TIME5.8 s
ESCALATEDSecurity Authority · queue S-1 · sandboxed
AUDIT REFLR-2026-04-29-c802 · p1–p5
Reconstructible when the incident review begins.