Secure your data from autonomous AI agents.

Suprbox sits between your documents and any AI agent that wants to read them. Every request is identified, evaluated against your rules, and logged — before a single byte leaves the vault.

Start free S Documentation D

Works with the agents you already build with

Claude

OpenAI

Gemini

Llama

Mistral

Cursor

LangChain

CrewAI

AutoGen

n8n

Zapier

MCP

Our Approach

01 / 03

WHAT'S BROKEN

AI agents break in ways traditional software doesn't. And since agents are non-deterministic, the same input can pass one run and fail the next. Vulnerabilities surface in those gaps, and attackers exploit these edge cases. So fixing one doesn't mean you're protected from the next.

WHAT WE DO

We sit between your data and your agents. Every read passes through a policy gate — checked against rules you set, signed, and recorded in an immutable audit log. The agent never holds raw credentials to your storage; it holds a scoped key into Suprbox, and Suprbox decides what it sees.

WHY IT HOLDS

Because the protection lives at the data layer, not at the prompt. A jailbroken model, a poisoned tool, a forgotten test key — none of it matters once the rules say no. You stop trusting agents to behave, and start enforcing what they can reach.

FIG.00 · ONE REQUEST, END-TO-END

One request. Three checkpoints. A signed answer.

Every call your agent makes flows through the same gate — authenticated, evaluated against your rules, and logged before a single byte leaves the vault.

Documents in

Streaming

s3://acme-prod/…

4.2 GB · 12k files

Queued

thread_8821.eml

email · 6 attachments

Queued

INV_2026_0420.pdf

invoice · 2 pages

Sealing

patient_chart.json

PHI · structured

Queued

MSA_v3.docx

contract · 14 pages

Queued

suprbox

Documents sealed

1,247,203

Agents requesting

Policy-gated

kyc-verify-agent

read license_scan.png

Allow

sealed ✓

support-summary

read thread_8821.eml

Allow

sealed ✓

claude-finance-bot

read invoices

Allow

sealed ✓

gpt-legal-reviewer

read MSA_v3.docx

Allow

sealed ✓

unknown-agent-7f3a

read patient_chart

Deny

sealed ✓

01Ingest & encrypt

02Evaluate policy

03Sign & deliver

Ingesting

FIG.01 · ARCHITECTURE

Seven layers, one secure box.

Scroll to lift the lid. Each tier is independently isolated, audited, and replaceable — a clear contract from the agent-facing API down to the durable substrate.

AGENT SDK
sdk · rest · X-Suprbox-Op

API KEY AUTH
sb_live_… · scopes · vault bind

SESSION LEASE
session-ttl · per-vault

RULES ENGINE
classification · time · rate · scope

APPROVALS
human-in-loop · bypass window

AUDIT & MONITOR
every read · deny · throttle

VAULT STORAGE
aes-256 · per-vault keys

Core Architecture

Agent Tool Call

API Key Authentication + Vault Scope Resolution

Tool Dispatch

( discover · read · write · query · session )

Identity & Scope Check

Policy Rule Engine

( payload + embeddings + classification + metadata )

Response Routing

Resolved Permissions

Rule Match

Redact

Watermark

Excerpt

Hold

Vault Storage

FIG.02 · POLICY PRIMITIVES

Nine rule types. Every guardrail an agent needs.

Each rule type below is a primitive: a condition you match (sensitivity, content, time, rate, scope, lease) and an action you enforce (allow, throttle, require approval, enforce capability, deny). Stack them per vault to get exactly the policy you want.

Classification

Match document sensitivity, tags, or labels. Wire rules to confidential, internal, or regulated tiers — the agent only sees what its clearance allows.

CONFIDENTIAL

INTERNAL · TIER-2

REGULATED · GDPR

PUBLIC

Data detector

Detect PII, secrets, API keys, and regulated data inline. Mask, redact, or block before a single token reaches the model.

email = jane@acme.io
card = 4242 4242 ····
token = sk_live_7Hx···

PII · 3 hits

Content keywords

Fire when the document text contains any of these phrases. Pattern-match on intent, vocabulary, or business-sensitive terms.

"acquisition"

"layoff"

"merger talks"

"q3 forecast"

+ 12 phrases

Edit & delete

Control write, edit, delete, and export operations. Require approval, hold for review, or block outright with a full audit trail.

read

write

edit

delete

export

download

REQUIRE APPROVAL

Rate limit

Cap how many reads an agent can make per hour, per vault. Throttle runaway loops before they touch the bill or the data.

60 / hr

THROTTLED

Time window

Restrict access to approved hours of operation. Agents that wake at 3am stay locked out unless an on-call human says otherwise.

MON–FRI · 08:00–19:00

22:14 · DENIED

Read scope

Limit what the agent gets back — metadata only, full content, or excerpts up to N pages. Right-size the payload to the task.

METADATA
EXCERPT · 240 chars
full content · withheld

Copy & download

Block raw downloads, watermark every response, or strip attachments. Stop leaks before bytes leave the vault.

AV · KEY_001

NO DOWNLOAD

WATERMARK

Session TTL

Cap how long an agent lease lasts on a vault. After the TTL, every call returns lease_expired until a fresh session is opened.

TTL · 15m

LEASE_EXPIRED

FIG.03 · WHO IS THIS FOR

Companies running real agents against real data.

CASE / 01

A sales team running a customer-research bot.

Bot needs revenue and pipeline data, but should never see the salary file in the same Finance folder. Read-only on Finance, salary restriction rule, audit log on every access.

→ FINANCE / SALES

CASE / 02

A legal team using an AI contract reviewer.

Reviewer reads contracts, must not modify them. Read-only enforcement on Legal vault, human approval on anything tagged Restricted, full chain-of-custody log for compliance.

→ LEGAL / COMPLIANCE

CASE / 03

An engineering org with a fleet of agents.

Twelve agents, six vaults, four teams. Every agent gets its own API key with scoped permissions. The Permissions matrix shows who can do what at a glance, and the Audit log proves it.

→ ENGINEERING / IT

CASE / 04

An HR department with sensitive everything.

Onboarding bot, policy bot, internal-comms bot. PII guard catches accidental exposure. Business-hours rule keeps weekends quiet. Per-vault encryption keys mean even a key leak is contained.

→ HR / PEOPLE OPS

FIG.04 · SECURITY POSTURE

Built like the thing your security team would have built.

No clever shortcuts. Standard, audited primitives, layered the way they should be.

AES-256 at rest

Per-vault encryption keys. Rotatable on demand. Zero-knowledge architecture means even Suprbox staff cannot read your documents.

SOC 2 Type II

Annually audited. Reports available under NDA. Designed for compliance teams who need answers, not promises.

Tamper-proof audit

Every event signed and chained. Exportable to S3, SIEM, or your destination of choice. Retention configurable up to 7 years.

Region pinning

Pick where vaults live: US, EU, APAC. Data never leaves the region you chose. Useful for GDPR, less of a worry for everyone else.

FIG.05 · PRICING

Three tiers. No surprises.

Starter

$0/ forever

For small teams putting together their first agent integration.

1 vault, up to 100 documents
3 API keys
All global rules
30-day audit retention
Per-vault rules
SSO

Start free

Team

Coming soon

$49/ user / mo

For organizations running multiple agents across departments.

Unlimited vaults & documents
Unlimited API keys
Per-vault rules & permissions
1 year audit retention
SSO & SCIM
Priority support

Enterprise

Coming soon

Custom

For regulated industries, compliance-heavy teams, and large fleets.

Everything in Team
Region pinning (US / EU / APAC)
7-year audit retention
SOC 2 reports & DPA
Dedicated support
Self-hosted option

READY WHEN YOU ARE

Your documents. Your rules.

Spin up a vault in two minutes. Audit your first agent request in three.

Open the app Book a demo