Enterprise AI Security Demo

FERPA Identity-Scoped RAG Retrieval

Without identity-scoped filtering a vector store returns documents from all students — a structural FERPA violation. This demo shows the two-layer enforcement boundary: vector store filter + application layer defence-in-depth.

Student ID (from verified auth token)

Institution ID

academic_record

financial_record

policy_document (shared)

Scenario	Setting	Expected
Own records only	`stu-alice / univ-east`	Alice's docs + shared policy docs
Cross-student boundary	`stu-bob / univ-east`	Bob's records — Alice's blocked
Cross-institution	`stu-alice / univ-west`	All alice+east records blocked
Restricted category	Uncheck `financial_record`	Financial record blocked for all

RAG Pipeline: OWASP LLM Top 10 2025 Defense

Four sequential filter layers protect a RAG retrieval pipeline from the four most impactful OWASP LLM 2025 risks. A document must pass all four layers to reach the LLM context window.

Document under evaluation

Document content

LLM01 — Injection signals

Flagged as Indirect Prompt Injection (IPI)

Flagged as tool output injection

Query anomaly score

0 1

LLM08 — Embedding integrity

Missing document checksum

Embedding provider unverified

Similarity score anomaly

LLM06 — Sensitive disclosure

Contains PII

Contains credentials / API keys

LLM09 — Output validation

Output schema valid

Hallucination detected

Quick test	What to set
Indirect injection attack	Check IPI flag
Try direct injection	Type `ignore previous instructions` in document content
Credential leak	Check Contains credentials
Poisoned embedding	Check Missing checksum + Embedding provider unverified
Suspicious anomaly	Set anomaly score above 0.75

Model Context Protocol (MCP) Security Validation

MCP servers can be weaponized for command injection (CVE-2025-6514 class), unauthorized tool execution, and privilege escalation. This demo validates an MCP tool invocation against enterprise security controls.

Tool name

MCP server origin

SHA-256 checksum present

Origin in allowlist

Invocation count (last 60s)

0 200

Rate limit (per 60s)

10 200

Action is high-risk (irreversible)

Human approval obtained

Quick test	What to set
Dangerous tool	Type `delete_all` or `drop_table` as tool name
Unknown MCP server	Select `https://unknown-server.io` as origin
Rate limit breach	Set invocation count above the rate limit
High-risk without approval	Check high-risk and uncheck human approval
Missing checksum	Uncheck SHA-256 checksum present

OWASP Agentic AI Top 10 2026 — Runtime Threat Analysis

Ten threat categories published in the OWASP Agentic AI Top 10 (2026). Toggle any combination to see how the governance filters respond to each threat vector.

Quick test scenario	What to enable
Prompt injection attack	ASI01 + ASI03
Privilege escalation	ASI04 + ASI08
Data exfiltration	ASI07
Compromised supply chain	ASI06 + ASI05
Resource abuse	ASI09 + ASI10

Trilogy Enterprise AI Security Audit

Holistic security gap analysis covering all three layers — RAG security, agentic AI security, and governance framework compliance. Produces a combined score (weighted: RAG 35% + Agent 35% + Gov 30%), maturity level (Sandbox → Controlled → Trusted → Autonomous), and cross-layer gap analysis.

System ID

Maturity target	What to enable
Sandbox → Controlled	Query injection detection + Namespace isolation + NIST GOVERN
Controlled → Trusted	Add DLP scan + Agent identity + ISO policy + 5+ more controls
Trusted → Autonomous	Enable all controls; set filter placement to `pre`; enable HITL
Full Autonomous	All 35 controls enabled; no cross-gaps detected

Enterprise AI Security — Live Demos

FERPA Identity-Scoped RAG Retrieval

RAG Pipeline: OWASP LLM Top 10 2025 Defense

Model Context Protocol (MCP) Security Validation

OWASP Agentic AI Top 10 2026 — Runtime Threat Analysis

Trilogy Enterprise AI Security Audit

RAG Security Controls

Agentic Security Controls

Governance Framework Controls