Frequently Asked Questions
Everything you need to know about QuilrAI, how it works, how it integrates, and what it protects.
General
5 questions
QuilrAI is an AI security platform that finds every AI agent, LLM API, and enterprise copilot running in your org, sets what each one is allowed to do through Guardian Agents, and blocks policy violations at runtime with sub-50ms latency. Engineers change one URL to integrate. Nothing else changes.
A Guardian Agent is an autonomous security agent QuilrAI creates for each AI agent it governs. It reads the agent's purpose statement, asks clarifying questions about required permissions, auto-detects data sensitivity, and enforces least-privilege access at runtime, blocking policy violations inline before they reach any data.
AI Security Posture Management (AI-SPM) is continuous discovery and risk assessment of all AI agents, models, and tools running in your environment. QuilrAI's AI-SPM finds shadow AI on developer machines, maps every agent's permissions, detects policy drift, and maintains a real-time inventory of your full AI attack surface.
Traditional DLP tools were built for humans pasting data into browsers. They can't parse agent tool calls, MCP schemas, multi-hop delegation chains, or real-time inference requests. QuilrAI is purpose-built for agentic AI: it understands intent, enforces at the skill level, and operates inside the LLM request path, not after the fact.
QuilrAI serves two audiences simultaneously. For CISOs and security teams: complete visibility, policy enforcement, and compliance coverage across every AI agent in the enterprise. For engineers and AI builders: a transparent, low-latency proxy that adds governance without changing a line of agent code.
Still have questions?
Our team can walk you through any scenario, your agents, your environment, your policies.
What is QuilrAI?
QuilrAI is an AI security platform that finds every AI agent, LLM API, and enterprise copilot running in your org, sets what each one is allowed to do through Guardian Agents, and blocks policy violations at runtime with sub-50ms latency. Engineers change one URL to integrate. Nothing else changes.
What is a Guardian Agent?
A Guardian Agent is an autonomous security agent QuilrAI creates for each AI agent it governs. It reads the agent's purpose statement, asks clarifying questions about required permissions, auto-detects data sensitivity, and enforces least-privilege access at runtime, blocking policy violations inline before they reach any data.
What is AI-SPM?
AI Security Posture Management (AI-SPM) is continuous discovery and risk assessment of all AI agents, models, and tools running in your environment. QuilrAI's AI-SPM finds shadow AI on developer machines, maps every agent's permissions, detects policy drift, and maintains a real-time inventory of your full AI attack surface.
How is QuilrAI different from traditional DLP tools?
Traditional DLP tools were built for humans pasting data into browsers. They can't parse agent tool calls, MCP schemas, multi-hop delegation chains, or real-time inference requests. QuilrAI is purpose-built for agentic AI: it understands intent, enforces at the skill level, and operates inside the LLM request path, not after the fact.
Who is QuilrAI built for?
QuilrAI serves two audiences simultaneously. For CISOs and security teams: complete visibility, policy enforcement, and compliance coverage across every AI agent in the enterprise. For engineers and AI builders: a transparent, low-latency proxy that adds governance without changing a line of agent code.
How does QuilrAI integrate with existing AI tools?
QuilrAI exposes an OpenAI-compatible LLM Gateway and an MCP Gateway. One base_url change routes all AI traffic through QuilrAI's enforcement layer. There's no SDK to install, no prompts to rewrite, and no agent refactoring required. It works with Claude Code, Cursor, ChatGPT, GitHub Copilot, Ollama, vLLM, and any OpenAI-compatible model.
How long does setup take?
Initial setup takes under 30 minutes. The AI-SPM discovery scan runs in the background and typically surfaces your first agents within 15 minutes. Guardian Agent configuration for a single agent, including the 6-phase setup wizard, takes 5–10 minutes. Most customers go from demo to production in 48 hours.
Do I need to change my agent code or prompts?
No. QuilrAI is a transparent proxy. Your agents point at QuilrAI's gateway instead of the LLM provider directly. Everything else, system prompts, tool schemas, conversation history, stays exactly the same. QuilrAI intercepts, inspects, and enforces without modifying the underlying request.
Does QuilrAI work with self-hosted and open source models?
Yes. QuilrAI's gateway is compatible with any OpenAI-compatible API, including Ollama, vLLM, HuggingFace TGI, and LM Studio. The Endpoint Agent also discovers self-hosted models running on developer machines that aren't routing through any gateway, making shadow AI visible before governance is applied.
Does QuilrAI work with MCP servers?
Yes, MCP governance is a core capability. The MCP Gateway sits between AI agents and MCP servers, enforcing per-tool permissions, blocking over-privileged tool calls, and logging every tool invocation. Community MCP packages are scanned at install time for over-permission, dependency CVEs, and known malicious patterns.
What attack types does QuilrAI cover?
QuilrAI covers the full modern agentic attack surface: code execution escape (agents accessing files or commands outside their scope), browser/computer-use screenshot leakage, RAG memory poisoning, multi-agent privilege escalation, MCP scope violations, model supply chain backdoors, and cross-channel prompt injection.
How does the Red Team Agent work?
QuilrAI assigns a dedicated Red Team Agent to every Guardian before it goes live. It runs 24/7, generating prompt injection attacks, privilege escalation attempts, data exfiltration vectors, and tool abuse scenarios. When it finds a gap, the Guardian automatically updates its rules. The same attack vector is never allowed to succeed twice.
What is RAG poisoning and how does QuilrAI prevent it?
RAG poisoning is when a malicious document is inserted into a vector store, injecting hidden instructions into every future retrieval that touches it. QuilrAI prevents it via provenance tracking (every retrieved chunk is tagged with its source), content scanning at ingestion time, and real-time detection of instruction-like patterns in retrieved context before they reach the model.
Can QuilrAI block prompt injection attacks?
Yes. QuilrAI's Decision Engine analyzes every prompt and tool response for injected instructions, including indirect prompt injection via tool outputs, retrieved documents, or external API responses. It classifies injection attempts in real time and blocks or sanitizes them before the model processes them.
How does QuilrAI handle data exfiltration by agents?
QuilrAI monitors all outbound connections from agents, LLM API calls, tool calls, webhook triggers, and network requests. It detects PII, credentials, confidential content, and MNPI in payloads, and blocks or redacts them according to your policy before data leaves the trust boundary. All blocked events are logged to your SIEM.
What compliance frameworks does QuilrAI support?
QuilrAI's audit trail and policy enforcement is designed to support SOC 2 Type II, HIPAA (PHI redaction in AI interactions), PCI-DSS (payment data detection), and NIST AI RMF alignment. Every agent action, permission decision, and policy violation is logged immutably with full context for audit purposes.
What AI agents and tools does QuilrAI secure?
QuilrAI secures all major AI surfaces: coding agents (Claude Code, Cursor, GitHub Copilot, Windsurf, Devin), employee AI (ChatGPT, Microsoft Copilot, Google Gemini, Slack AI), embedded AI (Salesforce Einstein, ServiceNow, Zendesk), open source models (Ollama, vLLM), and any MCP server or multi-agent framework.
What is the performance impact?
QuilrAI adds sub-50ms latency per request at the gateway layer. For most LLM interactions, where model inference itself takes hundreds of milliseconds to seconds, this is imperceptible. The gateway is deployed in your cloud region or on-premise to minimize network round-trip time.
Where is QuilrAI deployed, cloud or on-premise?
QuilrAI supports both deployment models. Cloud-hosted deployment gets you running in hours with no infrastructure to manage. On-premise or VPC deployment is available for regulated industries (healthcare, finance, government) where data must not leave the corporate network. Model weights and customer data never leave your environment.
How does QuilrAI handle multi-tenant or shared AI infrastructure?
QuilrAI enforces tenant isolation at the guardian level, each team, department, or application gets its own Guardian with its own permission set. Cross-tenant data access is blocked by default. Shared infrastructure (like a company-wide LLM gateway) can serve multiple teams while enforcing different policies per team based on user identity and request context.