Layered AI security architecture for real enterprise control.
Impenetrix is organized as security planes: discovery, enforcement, privacy, reasoning, ingestion, tool governance, operations, and evidence.
Architecture overview
Users, applications, agents, and IDEs send AI-bound activity through AI Traffic Control. Policy enforcement and redaction govern the path to model providers, internal model gateways, retrieval systems, and tools. Every decision creates evidence.
Core planes
Each plane has a job. Together they create a chain of custody from AI activity to policy decision to evidence.
Enforcement plane
AI egress proxying, provider controls, prompt/response scanning, redaction, findings, alerts, policy simulation, evidence capture, and admin workflows.
Reasoning plane
Defensive AI security analysis, cited answers, risk explanation, control mapping, incident triage, prompt-injection review, and remediation support.
Control plane
Workers, queues, Postgres, Redis, NATS, MCP lifecycle, faasd/serverless execution, audit, rate limits, metrics, and source ingestion.
Privacy plane
Detection and redaction for PII, secrets, credentials, sensitive prompts, retrieved context, logs, outputs, and training/evaluation data.
Operations plane
Service health, queue lag, disk usage, worker state, certificate expiry, deployment status, backup status, and control operation.
Technical depth: data flow
The important part is not a dashboard. It is a defensible chain from AI activity to policy decision.
- Capture AI request metadata and payload context.
- Classify provider, user, app, model, data type, destination, and tool intent.
- Run redaction and data-protection rules.
- Evaluate policy and exceptions.
- Allow, block, redact, route, or require approval.
- Inspect responses and tool outputs.
- Write evidence, policy version, findings, and response history.
Need a technical architecture review?
Send us your AI path, model providers, tool plans, and current controls. We will map likely enforcement points.