Enterprise AI Governance: SOC2 Required Control

Every AI agent in your org, accounted for

CISOs lose sleep over three questions: Which agents are running? What can they access? Who owns the incident? Pretense answers all three: enforcement, not just visibility.

Get Agent Governance Demo View Security Architecture

The 80-point enterprise readiness gap: answered

Which agents are running?

Pretense auto-discovers every AI agent routing through your network. Enrolled agents are profiled; unregistered agents trigger an immediate alert.

What are they authorized to do?

Define per-agent policies: which codebases, which data classes, which actions. Pretense enforces at the request level, not just logs after the fact.

Who is accountable when one goes wrong?

Every agent has a named owner. Every incident auto-creates a Jira/Linear ticket with CISO escalation SLA. Audit trails are 7-year retention for SOC2.

Agent Inventory

All active AI agents (live view)

Live: updated every 30s

Agent	Status	Risk	Mutations	Secrets Blocked	Owner	Last Active
Claude Code (eng-team) Anthropic	Protected	low	1,284	7	Platform Eng	2 min ago
GitHub Copilot (IDE) OpenAI	Protected	low	892	3	DevEx	8 min ago
Cursor (product team) Anthropic / OpenAI	Scanning	medium	341	1	Product Eng	23 min ago
Unregistered Agent Unknown	Threat Detected	critical	0	0	Unassigned	47 min ago

Critical: Unregistered AI agent detected

An agent not enrolled in Pretense policy was detected making LLM API calls. All traffic is blocked until policy is assigned. Incident #INC-2847 created. Escalation sent to CISO.

Authorization Matrix

Define what each agent can and cannot touch

Traditional DLP tools log what happened. Pretense prevents it. Set per-agent policies at the data class level, and Pretense enforces them inline, before any request leaves your network.

Per-agent policies: allow/block by data class (PII, secrets, IP)
Per-repo rules: different sensitivity for frontend vs. payments code
Time-bound access: temporary elevated permissions with auto-expire
Emergency revoke: kill a compromised agent in < 60 seconds

Claude Code: Policy Editor

# Agent: claude-code@eng-team

allow_codebases:["apps/*", "packages/*"]

block_patterns:["*.env", "secrets/*"]

block_data_classes:["PII", "API_KEYS", "SSN"]

mutation_level:"aggressive"

owner:"platform-eng@company.com"

escalation_sla_min:15

audit_retention_years:7

Last updated: 2 days ago● Active

Incident Accountability

When something goes wrong, who owns it?

Pre-defined escalation paths so no one scrambles when a breach happens. SOC2 requires documented accountability. Pretense builds it in.

Incident Scenario	Primary Owner	Escalation Path	Response SLA
Agent leaks proprietary code to API	CISO	Legal + Engineering VP	< 15 min
Secret (API key) detected in prompt	Security Eng	CISO	< 5 min
Unregistered agent detected	Platform Eng	CISO	< 30 min
Agent authorization violation	Compliance	Legal	< 1 hour
High-volume data exfiltration attempt	Security SOC	CEO + Legal	Immediate

Integrates with your existing security stack

SplunkMicrosoft SentinelElastic SIEMJiraLinearPagerDutySlackServiceNowOkta SSOAzure AD

Ready to answer your CISO audit?

Enterprise teams get full agent governance: inventory, authorization, accountability, SIEM integration in one deployment.

Book Enterprise Demo Read Docs

SOC2 Type II in progress • HIPAA ready • ITAR compatible • 7-year audit retention