Description:FIELD OF THE INVENTION
The present invention relates to the field of artificial intelligence and agent-based systems. More particularly, it pertains to a secure system and method for checking and controlling artificial intelligence model requests, such as inferencing and fine-tuning, based on organization-specific rules and policies.
BACKGROUND OF THE INVENTION
An agentic workflow is a series of connected steps dynamically executed by an agent, or series of agents, to achieve a specific task or goal. It is an AI-driven process where autonomous AI agents make decisions, take actions and coordinate tasks with minimal human intervention. These workflows leverage core components of intelligent agents such as reasoning, planning and tool use to execute complex tasks efficiently.
In the conventional system, agentic workflows enable autonomous task execution through coordinated AI agents that dynamically plan, adapt, and collaborate to complete complex goals. These agents operate under orchestration frameworks that manage the flow of information, delegate tasks, and monitor inter-agent dependencies. Each agent typically handles a specific sub-task and can independently access tools, APIs, or even other agents as needed. The system incorporates advanced techniques such as chain-of-thought prompting, self-reflection, and iterative feedback loops to enhance decision-making and output quality in real time. While highly flexible and efficient, current agentic systems often lack strong security controls, centralized governance, and standardized policy enforcement, leaving them vulnerable in sensitive or regulated operational contexts.
Prior Arts:
US20240414204A1 focuses on disclosed embodiments and provides techniques for cybersecurity AI-driven workflow generation using policies. A set of cybersecurity threat protection applications is accessed and managed by a security orchestration, automation, and response (SOAR) platform. The cybersecurity threat protection applications are deployed across a managed cybersecurity network. One or more cybersecurity network compliance requirements are assimilated into the SOAR platform by translating the compliance requirements into one or more cybersecurity application policies and work processes. The assimilation is accomplished using an AI user interface with natural language processing. The cybersecurity application policies provide conformity with the compliance requirements. The application policies generate one or more cybersecurity application workflows for the managed cybersecurity network. The SOAR platform executes the cybersecurity workflow. The workflow is enabled by an embedded universal data layer that maps the cybersecurity threat protection application inputs and outputs to the SOAR platform.
US20250047698A1 Disclosed embodiments provide techniques for cybersecurity AI-driven workflow modifications. A security orchestration, automation, and response (SOAR) platform used to manage a plurality of cybersecurity threat protection applications deployed across a cybersecurity network is accessed. A cybersecurity workflow is executed using the SOAR platform and one or more cybersecurity actions related to the workflow are captured and analyzed for workflow relevance. The cybersecurity actions can include steps taken by security operations center staff and automated cybersecurity threat protection applications. The analysis can be performed by machine learning, and can include evaluations of repeated cybersecurity incidents, operation regression exercises, and suggested remedial steps. The workflow analysis can include identifying recidivistic security operations responses. Based on the analysis, the cybersecurity workflow is updated to improve workflow quality. The updating can include reordering the workflow steps, automating responses of operations staff, or executing actions recommended by separate AI cybersecurity systems.
DEFINITIONS
The expression “system” used hereinafter in this specification refers to an ecosystem comprising, but is not limited to a system with a user, input and output devices, processing unit, plurality of mobile devices, a mobile device-based application to identify dependencies and relationships between diverse businesses, a visualization platform, and output; and is extended to computing systems like mobile, laptops, computers, PCs, etc.
The expression “input unit” used hereinafter in this specification refers to, but is not limited to, mobile, laptops, computers, PCs, keyboards, mouse, pen drives or drives.
The expression “output unit” used hereinafter in this specification refers to, but is not limited to, an onboard output device, a user interface (UI), a display kit, a local display, a screen, a dashboard, or a visualization platform enabling the user to visualize, observe or analyse any data or scores provided by the system.
The expression “processing unit” refers to, but is not limited to, a processor of at least one computing device that optimizes the system.
The expression “large language model (LLM)” used hereinafter in this specification refers to a type of machine learning model designed for natural language processing tasks such as language generation. LLMs are language models with many parameters, and are trained with self-supervised learning on a vast amount of text.
The expression “agentic workflow” used hereinafter in this specification refers to an autonomous execution process involving one or more artificial intelligence agents, especially in autonomous multi-agent environments, where agents can independently invoke powerful inference or fine-tuning operations to perform tasks such as code generation, summarization, decision-making, and orchestration.
The expression “request fingerprint” used hereinafter in this specification refers to the fingerprint generated for a request based on a semantic embedding of intent, prompt pattern classification, model access tier needed, and risk level estimate using a fine-tuned classifier.
The expression “orgpolicygraph” used hereinafter in this specification refers to a graph-based structure that stores an organization’s policies as dynamic graphs in the form of user-task-resource-condition relationships, which are matched and traversed to evaluate request compliance.
The expression “intent-permission alignment” used hereinafter in this specification refers to the process of comparing the request fingerprint against allowed policy embeddings and scoring the alignment between request intent and permissions, with the score ranging from 0 to 1.
The expression “risk classifier” used hereinafter in this specification refers to a lightweight model trained on prior violations and incidents to estimate the risk level associated with a given request.
The expression “rewrite module” used hereinafter in this specification refers to the module that uses a large language model to rewrite prompts in order to comply with policy, for example by redacting sensitive data or stripping disallowed portions.
The expression “lineage tracking” used hereinafter in this specification refers to the tracking of nested agent calls within multi-agent systems, implemented as an agent lineage trace, for end-to-end policy enforcement and auditable coverage.
OBJECTS OF THE INVENTION
The primary object of the present invention is to provide a secure gateway system for enforcing organization-specific policies in agentic workflows involving artificial intelligence model interactions.
Another object of the invention is to intercept and analyze inferencing and fine-tuning requests in real time within autonomous multi-agent environments.
Yet another object of the invention is to evaluate requests using request fingerprinting, policy graph traversal, and intent-permission alignment.
A further object of the invention is to assign risk classifications and make real-time decisions such as allow, rewrite, block, or flag.
An additional object of the invention is to support lineage tracking across agent calls and maintain auditable traces for compliance.
SUMMARY
Before the present invention is described, it is to be understood that the present invention is not limited to specific methodologies and materials described, as these may vary as per the person skilled in the art. It is also to be understood that the terminology used in the description is for the purpose of describing the particular embodiments only and is not intended to limit the scope of the present invention.
The present invention discloses a system and method for enforcing organization specific security policies within agentic workflows using a secure gateway system. The method includes intercepting and enriching each request issued by an agent, generating a semantic and structural fingerprint of the request, and evaluating its compliance against organization defined policy graphs. The fingerprint includes intent embedding, prompt pattern classification, model access tier, and a risk level estimate generated by a fine-tuned classifier. The OrgPolicyGraph is then traversed to assess whether the user-task-resource-condition combination is permitted under active policies. The intent-permission alignment module computes a similarity score between the request and allowed policy embeddings. Based on this evaluation, the system determines whether to allow the request, rewrite it to remove disallowed portions, or block it. All enforcement decisions are logged for auditability and policy refinement.
According to an aspect of the present invention, in the given system and method, every request generated within an agentic workflow is monitored by the secure gateway layer. This gateway intercepts the request before it reaches the model endpoint and processes it through multiple modules, including metadata enrichment, fingerprinting, policy graph traversal, alignment scoring, and risk classification. The decision engine then applies a multi-tier trust classification strategy based on the alignment score and risk level. If the alignment score is greater than or equal to 0.9 and the risk is within acceptable threshold, the request is allowed. If the score falls between 0.6 and 0.9, the request is rewritten to redact disallowed components. If the score is below 0.6 or the risk is high, the request is blocked and flagged. Every interaction including the original request, fingerprint, policy path, decision, and final outcome is logged in the audit service. This logging creates a continuous feedback mechanism to enhance policy coverage and improve decision accuracy in dynamic multi-agent environments.
BRIEF DESCRIPTION OF DRAWINGS
A complete understanding of the present invention may be made by reference to the following detailed description which is to be taken in conjugation with the accompanying drawing. The accompanying drawing, which is incorporated into and constitutes a part of the specification, illustrates one or more embodiments of the present invention and, together with the detailed description, it serves to explain the principles and implementations of the invention.
FIG. 1 illustrates a flowchart of the workflow of the present invention.
FIG. 2 illustrates the system architecture of the secure gateway for agentic workflows.
FIG. 3 illustrates the SECURE-AI-GATE algorithm for secure request processing.
FIG. 4 illustrates the decision engine based on trust and risk classification.
DETAILED DESCRIPTION OF INVENTION:
Before the present invention is described, it is to be understood that this invention is not limited to methodologies described, as these may vary as per the person skilled in the art. It is also to be understood that the terminology used in the description is for the purpose of describing the particular embodiments only and is not intended to limit the scope of the present invention. Throughout this specification, the word “comprise”, or variations such as “comprises” or “comprising”, will be understood to imply the inclusion of a stated element, integer or step, or group of elements, integers or steps, but not the exclusion of any other element, integer or step, or group of elements, integers or steps. The use of the expression “at least” or “at least one” suggests the use of one or more elements or ingredients or quantities, as the use may be in the embodiment of the invention to achieve one or more of the desired objects or results. Various embodiments of the present invention are described below. It is, however, noted that the present invention is not limited to these embodiments, but rather the intention is that modifications that are apparent are also included.
The present invention describes a system and method for enforcing organization-specific security policies in agentic workflows through a secure gateway that intercepts and analyzes artificial intelligence model interaction requests. The present invention introduces a secure and intelligent enforcement layer that operates between any inference or fine-tuning request and the model endpoint. The invention addresses the limitations of static rule-based systems by providing real-time, context aware decision making based on request fingerprinting, policy graph traversal, semantic intent alignment, and risk classification.
To address these limitations, the present invention introduces a dynamic and adaptable policy enforcement mechanism within agentic workflows that operate using large language models. The system intelligently evaluates each request by considering factors such as the user's intent, the nature of the task, the level of model access requested, and the estimated risk associated with the request. By combining request fingerprinting, traversal of the OrgPolicyGraph, and evaluation through a fine-tuned risk classifier, the system is then able to determine whether a request should be allowed, rewritten to comply with policy, or blocked. All actions taken by the system are recorded in a secure audit trail, ensuring traceability and supporting organizational compliance over time.
According to the embodiment of the present invention, the system comprises of an input unit, a processing unit and output unit, wherein the processing unit further comprises a request interceptor, a metadata enricher, a request fingerprinting module, a policy graph traversal engine, an intent-permission alignment module, a decision layer, and an audit and logging service. The input unit receives requests generated in agentic workflows for tasks such as inferencing or fine-tuning. The request interceptor captures all incoming requests directed to the model. The metadata enricher then enhances each request with user-specific and contextual information, such as the type of task being performed, the role of the user, session details, and the agent lineage trace. The agent lineage trace keeps track of any nested agent interactions, for example, when agent A1 invokes agent A2, and so on all the way through to the final model endpoint.
The request fingerprinting module generates a fingerprint FP(R) for the request. This fingerprint includes a semantic embedding of intent, prompt pattern classification, model access tier, and a risk level estimate using a fine-tuned classifier. The fingerprinted request is then passed to the OrgPolicyGraph traversal engine. The OrgPolicyGraph stores dynamic, organization-specific policies as graphs structured around user-task-resource-condition relationships. The system checks whether the user-task-resource triple matches an allowed subgraph and applies any associated conditional constraints.
The intent-permission alignment module performs semantic comparison between the fingerprinted request and policy embeddings. It computes a similarity score in the range [0, 1], indicating how well the request aligns with authorized behaviors. Based on the alignment score and the risk classification, the decision layer applies one of three actions: allow, rewrite, or block. For example, if the alignment score is greater than or equal to 0.9 and the risk is below threshold, the request is allowed. If the score is between 0.6 and 0.9, the request is rewritten by removing disallowed portions. If the score is below 0.6 or the risk is high, the request is blocked and flagged.
According to an embodiment of the invention, the process flow begins when a user provides a request to the input unit of the system. The request is intercepted by the request interceptor, then sent to the metadata enricher. The enriched request is passed to the fingerprinting module, which produces FP(R). This fingerprint is processed by the OrgPolicyGraph traversal engine and the intent-permission alignment module. The outputs are evaluated by the decision layer.
Based on this evaluation, the decision layer instructs whether the request is allowed, rewritten, or blocked. If applicable, the rewritten version is passed forward to the output unit for final delivery to the model endpoint. The audit and logging service captures the original request, fingerprint, policy path, decision action, and final outcome. This modular and auditable design ensures secure, policy-aligned, and trustworthy interaction with language models in agentic workflows.

According to the embodiment of the present invention, the method for enforcing organization-specific security policies in agentic workflows through a secure gateway, as illustrated in FIG. 1, comprises the steps of:
● Receiving request from an agentic system at the request interceptor (FIG. 2): The method begins when a request is generated within the agentic workflow. This request may relate to inferencing, fine-tuning, or other model interactions and is intercepted by the request interceptor before reaching the model endpoint.
● Enriching the request with metadata by the metadata enricher (FIG. 2): The intercepted request is passed to the metadata enricher, which augments it with additional context such as user role, task type, session details, and agent lineage trace. The agent lineage trace captures nested agent interactions (e.g., agent A1 → agent A2 → M).
● Generating fingerprint by the request fingerprinting module (FIG. 2): The enriched request is processed by the request fingerprinting module to generate a fingerprint FP(R), which includes a semantic embedding of the request’s intent, prompt pattern classification, model access tier, and a risk level estimate using a fine-tuned classifier.
● Evaluating policy compliance using the OrgPolicyGraph traversal engine (FIG. 3): The fingerprinted request is forwarded to the OrgPolicyGraph traversal engine. The engine checks if the user-task-resource-condition combination exists in the organization’s policy graph. Conditional constraints are evaluated where applicable (e.g., “summarize PII only if encrypted”).
● Performing intent-permission alignment (FIG. 3): The intent-permission alignment module compares the fingerprinted request against allowed policy embeddings and computes a semantic similarity score in the range [0, 1], indicating how well the request aligns with permitted actions.
● Making a decision in the decision layer (FIG. 4): Based on the alignment score and the estimated risk, the decision layer determines whether to allow the request, rewrite it to remove disallowed portions, or block and flag it. For instance:
If score ≥ 0.9 and risk is within threshold: allow,
If score is between 0.6 and 0.9: rewrite,
If score < 0.6 or high risk: block + flag.
● Logging data in the audit and logging service (FIG. 2): All stages of the request including the fingerprint, alignment result, decision action, and final outcome are logged in the audit and logging service to maintain a secure, auditable trace. These logs support compliance, review, and improvement of organizational policy enforcement.
According to the embodiment of the invention, the present invention discloses a method for enforcing organization specific security policies within agentic workflows using a secure gateway system. The method includes intercepting and enriching each request issued by an agent, generating a semantic and structural fingerprint of the request, and evaluating its compliance against organization defined policy graphs. The fingerprint includes intent embedding, prompt pattern classification, model access tier, and a risk level estimate generated by a fine-tuned classifier. The OrgPolicyGraph is then traversed to assess whether the user-task-resource-condition combination is permitted under active policies. The intent-permission alignment module computes a similarity score between the request and allowed policy embeddings. Based on this evaluation, the system determines whether to allow the request, rewrite it to remove disallowed portions, or block it. All enforcement decisions are logged for auditability and policy refinement.
According to the embodiment of the present invention, in the given system and method, every request generated within an agentic workflow is monitored by the secure gateway layer. This gateway intercepts the request before it reaches the model endpoint and processes it through multiple modules, including metadata enrichment, fingerprinting, policy graph traversal, alignment scoring, and risk classification. The decision engine then applies a multi-tier trust classification strategy based on the alignment score and risk level. If the alignment score is greater than or equal to 0.9 and the risk is within acceptable threshold, the request is allowed. If the score falls between 0.6 and 0.9, the request is rewritten to redact disallowed components. If the score is below 0.6 or the risk is high, the request is blocked and flagged. Every interaction including the original request, fingerprint, policy path, decision, and final outcome is logged in the audit service. This logging creates a continuous feedback mechanism to enhance policy coverage and improve decision accuracy in dynamic multi-agent environments.

According to the embodiment of the present invention, the secure gateway system performs a comprehensive suite of policy validations on incoming requests within agentic workflows to ensure that each request is contextually appropriate, policy-compliant, and risk-mitigated before reaching the model endpoint. These validations include:
1. Request Fingerprinting: The system generates a fingerprint FP(R) for each request, which includes a semantic embedding of the request’s intent, prompt pattern classification, model access tier, and a risk level estimate generated using a fine-tuned classifier. This fingerprint is used for downstream policy evaluation and decision-making.
2. OrgPolicyGraph Traversal: The system evaluates the request against an organization’s policy graph, which stores user-task-resource-condition relationships. This traversal checks whether the user’s request is allowed under current policies, including any conditional constraints.
3. Intent-Permission Alignment Scoring: The system compares the semantic representation of the request with the policy embeddings. It then computes an alignment score in the range [0, 1] to assess how well the request matches allowed behaviors.
4. Risk Classification: A fine-tuned classifier estimates the risk level of the request based on contextual features and historical violation data. This risk score is considered alongside the alignment score when making decisions.
5. Rewrite Handling: If the alignment score falls between 0.6 and 0.9, the system rewrites the request to remove disallowed portions. The modified request is then allowed to proceed to the model endpoint.
6. Decision Logic: The system determines one of three outcomes based on the alignment score and risk estimate:
(i) allow the request if the score is ≥ 0.9 and the risk is within threshold;
(ii) rewrite the request if the score is between 0.6 and 0.9; or
(iii) block and flag the request if the score is below 0.6 or if the risk is high.
7. Audit Logging: All steps including request metadata, fingerprint, policy traversal, alignment score, risk classification, and final action are recorded in a secure audit trail. This enables traceability, compliance review, and improvement of policy enforcement over time.
Advantages:
The disclosed method offers several advantages, including the ability to enforce organization-specific security policies in real time without interrupting the normal functioning of agentic workflows. It enables dynamic validation of requests through semantic fingerprinting, structured traversal of the OrgPolicyGraph, and adaptive decision-making based on alignment scores and risk classification. The system also maintains a secure audit trail and incorporates a feedback mechanism that helps refine policy enforcement over time.
By intercepting and evaluating requests based on both structural and semantic information, the method effectively detects and prevents unauthorized access, non-compliant operations, and high-risk behaviors before the request reaches the model endpoint. Its modular design allows for seamless integration with existing agentic systems and supports flexible deployment in both centralized and distributed environments. As a model-agnostic framework, it can operate with various large language model endpoints, making it suitable for scalable and policy-compliant artificial intelligence deployments.
This approach is applicable to a wide range of use cases, including multi-agent orchestration platforms, workflow automation systems, and security-focused environments where large language model requests need to be validated for compliance, risk, and policy alignment.
, C , Claims:We claim,
1. A system and method for secure gateway for policy enforcement in agentic workflows
characterized in that
the system comprises of an input unit, a processing unit and output unit, wherein the processing unit further comprises a request interceptor, a metadata enricher, a request fingerprinting module, a policy graph traversal engine, an intent-permission alignment module, a decision layer, and an audit and logging service;
the method for secure gateway for policy enforcement in agentic workflows, comprises the steps of:
● receiving request related to inferencing, fine-tuning, and other model interactions from an agentic system and is intercepted by the request interceptor before reaching the model endpoint;
● enriching the request with metadata including user role, task type, session details, and agent lineage trace by the metadata enricher;
● generating fingerprint by the request fingerprinting module that includes a semantic embedding of the request’s intent, prompt pattern classification, model access tier, and a risk level estimate using a fine-tuned classifier;
● evaluating policy compliance using the OrgPolicyGraph traversal engine;
● performing intent-permission alignment by comparing the fingerprinted request against allowed policy embeddings and computing a semantic similarity score in the range of 0 to 1 indicating how well the request aligns with permitted actions;
● making a decision in the decision layer, based on the alignment score and the estimated risk such that the decision layer determines whether to allow the request, rewrite it to remove disallowed portions, or block and flag it;
● logging data in the audit and logging service to maintain a secure, auditable trace.

2. The system and method as claimed in claim 1, wherein the input unit receives requests generated in agentic workflows for tasks such as inferencing or fine-tuning; the request interceptor captures all incoming requests directed to the model; the metadata enricher then enhances each request with user-specific and contextual information, such as the type of task being performed, the role of the user, session details, and the agent lineage trace that keeps track of any nested agent interactions.
3. The system and method as claimed in claim 1, wherein if the alignment score is greater than or equal to 0.9 and the risk is below threshold, the request is allowed; if the score is between 0.6 and 0.9, the request is rewritten by removing disallowed portions and if the score is below 0.6 or the risk is high, the request is blocked and flagged.
4. The system and method as claimed in claim 1, wherein the method includes intercepting and enriching each request issued by an agent, generating a semantic and structural fingerprint of the request, and evaluating its compliance against organization defined policy graphs.
5. The system and method as claimed in claim 1, wherein the OrgPolicyGraph stores dynamic, organization-specific policies as graphs structured around user-task-resource-condition relationships.
6. The system and method as claimed in claim 1, wherein the system checks whether the user-task-resource triple matches an allowed subgraph and applies any associated conditional constraints.
7. The system and method as claimed in claim 1, wherein every request generated within an agentic workflow is monitored by the secure gateway layer such that this gateway intercepts the request before it reaches the model endpoint and processes it through multiple modules, including metadata enrichment, fingerprinting, policy graph traversal, alignment scoring, and risk classification.
8. The system and method as claimed in claim 1, wherein the logging in the audit service creates a continuous feedback mechanism to enhance policy coverage and improve decision accuracy in dynamic multi-agent environments.