TrustLoop — AI Agent Governance Infrastructure

6 min read Original article ↗

Intercepting live

The governance layer for AI.

Every AI action — agent tool calls, model API requests, and employee AI usage — passes through TrustLoop first. Logged, governed by your rules, and blockchain-anchored as tamper-proof evidence.

Start free

⚠ High-risk action intercepted

approve_wire_transfer

amount: "£142,000"
payee: "unknown recipient"
ref: "INV-9921"

Rule: transfers > £10,000 require approval

Agent is waiting for your decision…

Governs agents, models & employee AI —

Claude· ChatGPT· Gemini· Llama· Mistral· DeepSeek· Cursor· LangChain· AutoGen· CrewAI· n8n· OpenAI API· Claude· ChatGPT· Gemini· Llama· Mistral· DeepSeek· Cursor· LangChain· AutoGen· CrewAI· n8n· OpenAI API·

How TrustLoop works

One line of code. Complete control.

Connect via MCP, REST, or our npm SDK. From that moment every tool call is governed — before anything executes.

1

Intercept

Every tool call — send email, move money, read data, delete files — is captured before it executes. Your agent cannot skip this step.

2

Evaluate

TrustLoop checks the call against your rules (written in plain English), your kill-switch list, and a risk score — all within 50ms.

3

Decide & prove

The action is allowed, blocked, or escalated to a human. Either way — it's logged, PII-masked, and anchored to the blockchain as permanent cryptographic proof.

Live intercept flow

Watch a tool call move through TrustLoop.

The same flow — thousands of times per second — for every action every agent makes.

Your AI Agent

Making a tool call

// agent executes...

TrustLoop

Evaluating…

Authenticate request

Check kill-switch list

Score risk level

Evaluate rules

Log & anchor

Decision Log

All decisions recorded

Kill switch

Block any tool, instantly. No code deployment.

Toggle any tool off from the dashboard. Takes effect in under 100ms across all your agents. Turn it back on just as fast.

Why this matters: Without TrustLoop, stopping a misbehaving agent means an emergency code push. With TrustLoop, it's one click — and everything before and after is logged.

send_email

18,412 calls · last used 2s ago

approve_wire_transfer

34 calls · HIGH risk

delete_files

2,101 calls · BLOCKED 89%

read_document

241,880 calls · LOW risk

export_customer_data

891 calls · HIGH risk

Audit trail

Every action. Timestamped. Risk-scored. Blockchain-anchored.

The audit log is external to your agent — your agent cannot edit it. Every entry is PII-masked before storage and included in an hourly blockchain anchor on Polygon Mainnet.

Not like your agent's own logs. Logs inside the agent are controlled by the same system that made the action. TrustLoop's log is independent, immutable, and publicly verifiable.

14:23approve_wire_transferHIGHESCALATED

14:22export_customer_dataHIGHBLOCKED

14:21send_emailLOWALLOWED

14:20read_documentLOWALLOWED

14:19delete_filesHIGHBLOCKED

14:18update_crm_recordMEDALLOWED

Human-in-the-loop

The agent asks. You decide. Logged either way.

Write approval rules in plain English. When triggered, the agent pauses and emails the right person. One-click Approve or Deny. The decision is logged with the responder's identity and timestamp.

Example rules: "Escalate any wire transfer over £10,000" · "Require approval for bulk exports over 1,000 records" · "Block all file deletions at weekends"

Your AI agent is waiting for approval

Toolapprove_wire_transfer

Amount£142,000

Payeeunknown recipient

Rule triggeredtransfers > £10,000

Blockchain proof

A public record no one can alter. Not even us.

Every hour, TrustLoop computes a keccak256 hash of your audit log and writes it to Polygon Mainnet. Raw data never leaves your environment — only the hash goes on-chain.

Why it matters: When a regulator, auditor, or enterprise customer asks "how do you know that log wasn't altered?" — you point to the blockchain. Public. Permanent. Verifiable by anyone.

Blockchain anchor · Polygon Mainnet

Latest anchor — 14:00:00 UTC

keccak256:
0x8f3a2b1c9e4d7f6a0b5c8d2e3f4a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a

Contract0xd254...c46F

NetworkPolygon Mainnet · confirmed

Entries anchored2,847 log entries

Next anchorin 38 minutes

Raw data on chainNone — hash only

Global compliance

Built for every framework that governs AI — now and next.

Regulation is arriving in every jurisdiction. TrustLoop's audit trail, approval workflows, and blockchain proof are designed to satisfy them all.

Europe

EU AI Act

High-risk AI systems require audit logs, human oversight mechanisms, and incident reporting. TrustLoop covers all three.

UK

UK AI Principles

DSIT and ICO guidance requires demonstrable human oversight and accountability records for consequential AI decisions.

Global

SOC 2 Type II

Enterprise procurement increasingly requires evidence that AI systems have access controls and tamper-proof audit evidence.

Privacy

GDPR / UK GDPR

Records of processing activities for AI touching personal data. Automatic PII masking ensures raw data is never stored in logs.

Healthcare

HIPAA

AI agents accessing patient records require access controls and audit logs. TrustLoop's PII masking and immutable log satisfy both.

Finance

FCA / FINRA

Regulators in the UK and US require financial firms to demonstrate controls over AI that touches transactions or customer accounts.

Security

ISO 27001

Information security management requires documented evidence of access controls and change logging for systems processing sensitive data.

USA

NIST AI RMF

The NIST AI Risk Management Framework requires governance, monitoring, and evidence of human oversight for trustworthy AI deployment.

Integration

Connect your agent in minutes.

Three ways to integrate — pick whichever fits your stack.

// Zero code changes — works with Claude Desktop, Cline, Cursor, Continue... // Add to your MCP config: { "mcpServers": { "trustloop": { "url": "https://api.trustloop.live/sse?api_key=tl_your_key" } } } // That's it. Every tool call your agent makes is now governed.

// Any agent, any language, any framework POST https://api.trustloop.live/api/intercept x-api-key: tl_your_key Content-Type: application/json { "tool_name": "approve_wire_transfer", "arguments": { "amount": "£142,000", "payee": "unknown" } } // Response: { "status": "escalated", "rule": "transfers > £10,000", "log_id": "log_4f8a..." }

// npm install trustloop const { TrustLoop } = require('trustloop'); const tl = new TrustLoop({ apiKey: process.env.TRUSTLOOP_API_KEY }); // Wrap any tool call: const result = await tl.intercept('send_email', { to: user.email, body: message }); if (result.status === 'allowed') { await sendEmail(result.sanitizedArgs); // PII already masked }

Pricing

Start free. Scale when you're ready.

Month-to-month billing. Upgrade or cancel anytime from your billing portal.

Free

$0

5,000 calls/mo · 1 agent


Full audit log

Kill switch

Risk scoring

7-day retention

Get started

Starter

$29/mo

100K calls/mo · 3 agents


Everything in Free

Approval workflows

Plain-English rules

30-day retention

Get started

Most popular

Growth

$249/mo

1M calls/mo · 10 agents


Everything in Starter

Blockchain anchoring

PII masking

90-day retention

Get started

Business

$649/mo

5M calls/mo · unlimited agents


Everything in Growth

Priority support

1-year retention

SSO (coming soon)

Get started

Enterprise

Custom

Unlimited · BYOC · custom SLA


Your own cloud (BYOC)

SSO / SAML / Okta

MSA + DPA contract

Dedicated SLA

Contact us

Annual plans get 2 months free. Talk to us about Enterprise →

Overages: $5 per 10K extra calls (Starter) · $25 per 100K (Growth) · $99 per 500K (Business)

Get started

Start governing your AI agents today.

Free tier. No credit card. Your first 5,000 tool calls are on us.

Polygon Mainnet · 100% uptime · SOC 2 in progress

Talk to our team

Tell us about your setup and we'll reach out within 24 hours.

Message sent!

We'll be in touch within 24 hours — usually sooner.