From embedding PriventSecurityNode inside your execution graph to understanding ACARS scoring and APE transformation — a complete reference for engineering and security teams building on agentic AI.
Three steps to embed Privent inside your agent execution graph and start intercepting risk in real time.
Embed the security node
Drop PriventSecurityNode into your LangGraph StateGraph between tool-call nodes, add the CrewAI middleware at Agent/Task level, or place the custom n8n node in your workflow canvas.
Configure your API key
Provide apiKey and deploymentGroupKey via environment variables or the SDK initializer. Your organization's policy — category weights, block and warn thresholds — applies automatically from the first call.
Verify in dashboard
Detection events appear in the admin dashboard immediately. ACARS signal breakdown, per-category risk score, APE transformation log, and decision outcome are recorded per event.
Every agent execution passes through a four-stage pipeline before data reaches an external model.
PriventSecurityNode sits inside the orchestration graph — between tool-call nodes and the external model call. It reads the agent's full runtime state at that boundary: accumulated context, tool call arguments, inter-step messages, and session memory. No proxy. No network interception. The agent doesn't know it's there.
ACARS applies six weighted signals to the full payload: entity sensitivity (structured PII, credentials), semantic risk (NLP-based implicit sensitivity), contextual amplification (whether the session context raises individual low-risk data into high-risk combinations), destination risk (public API vs. private endpoint), behavioral velocity (rate and volume of data movement), and policy override (org-defined threshold rules). Signals combine into a normalized composite score per risk category.
The composite score is evaluated against your organization's per-category policy thresholds. Four outcomes: LOW (pass-through, audit log only), MODERATE (APE Stages 1–2 applied), HIGH (APE Stages 1–5 dynamically composed), CRITICAL (full composition + optional routing to trusted endpoint or human-in-the-loop). The agent receives a coherent, safe version of the payload.
Every detection event is written to the audit log with ACARS signal breakdown, per-category risk score, APE transformation applied, policy snapshot at time of detection, and deployment group context. Raw prompt text is never persisted. The admin dashboard exposes the full event timeline, category distribution, and per-deployment-group trend charts.
Two proprietary engines at the core - both at IP-filing stage.
A six-signal weighted scoring engine that operates at both browser submit-time and agent node execution boundaries. Each signal is independently normalized before combining into a per-category risk score.
A six-stage composition pipeline that transforms sensitive content without breaking the AI workflow. Runs in milliseconds - users never notice it.
Input "Please review this NDA for Acme Corp. Their CEO John Smith can be reached at john.smith@acmecorp.com for questions." After APE Transform "Please review this NDA for [ORG_REDACTED]. Their [ROLE] [NAME_REDACTED] can be reached at [EMAIL_REDACTED] for questions."
Native security nodes for every major agent orchestration framework — no proxy, no rebuilding.
Designed to analyse without retaining. Your prompts never leave the detection pipeline as plaintext.
Deployment, privacy, and how Privent protects GenAI prompts.
