Where Queldrex fits your AI governance framework.
Queldrex produces signed, tamper-evident evidence of every AI tool decision and enforces controls in the path of your agent. Below is a map of which framework controls that evidence and enforcement can support, so you and your auditors know where to look.
NIST AI RMF
1.0Your organization’s tighten-only rules, allowlist and budgets are enforced on every AI tool call and recorded.
Each tool and server is classified for untrusted-input, sensitive-data and egress capability (the lethal-trifecta map) before use.
A reproducible, versioned adversarial benchmark reports detection and false-positive rates; monitor mode measures against live traffic.
Kill-switch, automatic circuit-breaker quarantine, revocation and real-time alerts provide monitoring and response.
EU AI Act
2024/1689An in-path gate applies risk-based decisions (allow / require approval / deny) to every AI tool action, with your own rules layered on top.
Every decision produces a signed, timestamped receipt, hash-chained into a tamper-evident ledger anchored to an external timestamp authority.
Risky actions are paused for a human in an approvals inbox, and an operator can stop all AI tool activity instantly with the kill-switch.
Deterministic + model + guard-model detection of prompt injection, tool poisoning and exfiltration, fail-safe by design; accuracy is benchmarked.
ISO/IEC 42001
2023Continuous, tamper-evident logging of AI tool decisions supports operational monitoring and after-the-fact review.
A signed evidence bundle documents what was checked and decided over a period for internal audit and management review.
OWASP LLM Top 10
2025Direct and indirect prompt-injection detection on tool definitions and on tool OUTPUT (poisoned pages/emails) before the agent trusts them.
High-confidence secrets are redacted locally before any output leaves the machine, and exfiltration channels in tools are flagged.
The enforcement gate, approved-tools allowlist and per-agent budgets bound what an agent can actually do, with human approval for high-impact actions.
OWASP Agentic
2026Hidden-instruction, chat-template control-token, obfuscated-payload and canary-tripwire detection catch attempts to redirect an agent’s goals.
The approved-tools allowlist and in-path gate bound which tools an agent may call, with poisoned or over-scoped tools flagged and deniable.
Per-agent scope, over-broad and function-vs-scope-mismatch checks, spoofed safety annotations, and credential-harvesting tools are flagged; secrets are scrubbed before egress.
MCP servers and tools are scanned before use, re-verified on a schedule to catch rug-pulls / definition drift, and checked for cloud-metadata SSRF and sensitive-file access.
Parameters that run code, commands or raw SQL are flagged as high-agency and routed to a hard approval gate before the action is allowed.
Tools that write attacker-controlled instructions into the agent’s long-term memory so a payload survives across sessions are flagged as persistent poisoning.
Delegation-abuse detection flags metadata that hands a task to another agent or sub-agent to run an action outside the controls placed on this tool.
Per-agent budgets, an automatic circuit-breaker quarantine and the kill-switch bound the blast radius when one agent or tool starts to fail.
High-impact actions pause for a human in the approvals inbox, and every decision carries a signed, human-readable rationale so approvals are auditable.
Kill-switch, revocation and tighten-only per-agent policy let an operator stop or constrain a misbehaving agent, with every action recorded.
Framework names and control identifiers are the property of their respective owners (NIST, the European Union, ISO/IEC, OWASP) and are referenced here for interoperability. Queldrex is an independent tool and is not endorsed by or affiliated with these bodies.