Defensive Intelligence
Defensive
Intelligence

The platform

Every AI use case. One security gateway.

From governed chat to autonomous agents to developer CLI tools - every capability in OBEL runs through the same ARGUS-i classification and PII scrubbing pipeline before a token reaches any model. No exceptions.

Start free trialWhy OBEL is different
Governed ChatAgentic FoundrySpacesIntelligence HubARGUS-i PacksDeveloper CLIDocument StudioGoverned RAGComplianceSIEM ConnectorTokenization

Governed Chat

Your team gets the best AI. Your security team gets the audit trail.

Every frontier model - GPT-4o, Claude, Gemini, Llama, Mistral - through one governed interface. Users choose the model. ARGUS-i governs the prompt. Nobody has to think about it.

PII removed before any model call

Names, emails, phone numbers, and credentials are replaced with typed tokens in real time. The model never sees the original. Every scrub event is written to the audit record.

Sovereign content blocked at the gate

ARGUS-i classifies every message against PSPF, ISM, NIST, and NATO schemas. PROTECTED+ content is hard-blocked - the model is never called. Fail-shut by architecture.

Every session cryptographically attributed

Prompt received, classification result, scrub events, model used, tokens billed, response - all committed to an immutable vault before inference completes.

6+

Model providers governed through one interface

100%

Of prompts classified before inference

Zero

Raw PII reaches any model, ever

Instant

Fallback to alternate model if primary is unavailable

Agentic Foundry

Autonomous agents that can act on real systems - with a human safety net.

Most enterprise teams are not ready to trust an AI agent to act without oversight. OBEL's authority level system makes that trust graduated and auditable. Agents do only what they are configured to do. Every tool call is logged. High-risk actions pause for human approval.

L1Read-Only

Agents observe, retrieve, and report. Write and modify tool calls are blocked at the gateway regardless of what the LLM requests. Safe for pilots, analysis, and monitoring workflows.

L2Supervised

Agents can act - but write and modify calls surface a proposed action to an administrator and wait for approval before executing. The SSE stream stays live throughout. No blind execution.

L3Autonomous

Full tool execution within a configured budget ceiling. Every call is still logged and MITRE ATT&CK classified. Requires ADVANCED tier and explicit administrator configuration per agent.

@mention dispatch

Route tasks to agents directly from chat. Type @AgentName and a task in any conversation and OBEL dispatches it instantly - no separate interface, no context switch.

MITRE ATT&CK logging

Every tool call is classified against 17 MITRE ATT&CK technique patterns. Read-only tools are excluded to prevent false positives. The result feeds directly into the Intelligence Hub cyber view.

Quality scoring

An independent LLM judge scores every completed agent run across task adherence, quality, and safety. Results are visible in the conversation thread and tracked in Prompt Analytics.

Scheduled execution

Run agents and workflows on any schedule - cron, daily, weekly. Every scheduled run is governed identically to interactive runs: classification, scrubbing, HITL gates, full audit trail.

Spaces

A governed workspace for every project. Shared context. Shared memory.

Spaces bring your team's conversations, knowledge bases, and outputs together in one place - with full ARGUS-i governance on every message. Attach data pools once and every conversation in the space queries them automatically. No manual selection. No context drift.

Space-scoped RAG on every message

Attach knowledge bases to a space once. Every message sent by every member automatically retrieves from those pools - classified by ARGUS-i before injection. The space enforces context so your team doesn't have to.

Space Memory KB — organisational memory that accumulates automatically

Every 6 message exchanges, OBEL summarises the conversation and stores it in the Space Memory KB. Future conversations in the space receive that accumulated context. Your team gets smarter without any manual effort.

Role-based sharing — Edit and View

Share a space with org members as Edit (full chat) or View (read-only). A data access warning lists all attached pools at share time so the owner always knows what they are sharing before granting access.

Chat

Full embedded chat with model selector, Tools menu, Security Monitor, and ARGUS-i governance. Conversation list shows all threads in the space with counts and timestamps.

Library

Every artifact generated in the space - documents, images, outputs - saved together and searchable by type. One place for everything the team has produced on this project.

Logs

Per-request run history. Model, tokens, cost, latency, which knowledge bases were queried, whether web search was used, and all ARGUS-i events - for every message ever sent in the space.

Cost

Total space spend, average cost per conversation, and a per-conversation cost breakdown. Budget visibility at the project level without needing to query org-wide analytics.

Intelligence Hub

The question every board is now asking: what is our AI actually doing?

Most enterprises have deployed AI. Very few can answer the follow-up: what data touched it, what was blocked, what passed through, and why? Without that answer, governance is a policy document, not a control.

Because every interaction passes through ARGUS-i before it reaches any model, the governance record is written before inference - not reconstructed after. That is the only architecture that produces an audit trail a regulator will accept.

"We can't get board sign-off without an audit trail."

OBEL

Decision Trace Ledger writes a structured governance record for every interaction before the model call. Export it on request. When the regulator asks, the answer is a query.

"We don't know if our agents are behaving consistently."

OBEL

Agentic APM traces every tool call against MITRE ATT&CK. Quality and judge scores are applied to every run automatically. Worst-performing agents surface immediately.

"We've changed the prompt three times and nothing improves."

OBEL

Prompt Analytics and Model Arena give you quality, cost, and latency per version and per A/B variant. Improvement becomes measurable, not a matter of opinion.

"IT Security flagged AI as a SIEM gap."

OBEL

CEF-format event streaming to Splunk, Sentinel, and QRadar. Cursor-based NDJSON polling API for direct SIEM integration with no additional instrumentation.

Decision Trace Ledger

Every interaction generates a trace written before the model call: classification level, PII rules triggered, sovereign block decision, scrubber output. The ledger is live, filterable by event type, and available for export. When a regulator, insurer, or auditor asks for evidence of AI governance - this is what you hand them.

Trace Patterns

Aggregates the ledger into a frequency view: which rules fired most, across how many interactions, how many distinct matches. In a typical 30-day window, PII:EMAIL leads by a wide margin - followed by CREDIT_CARD, AU_PHONE, and NER:PERSON_NAME. Most organisations are surprised by the volume.

MITRE ATT&CK Cyber

Every agent tool call is inspected against 17 MITRE ATT&CK technique patterns. Read-only tools are excluded from command-pattern matching to prevent false positives. The result feeds directly into existing security operations workflows.

Model Arena + Prompt Analytics

When A/B testing is enabled, every agent run fires Variant A and Variant B simultaneously. Quality score, independent judge score, cost, and latency are tracked per variant per version. Prompt selection becomes quantitative rather than subjective. No more arguing about which version is better.

Context Memory

After each completed agent run, OBEL extracts key decisions and summaries and stores them in the organisation's context memory. Future runs on matching topics receive that memory automatically. Agents improve with use - without retraining, without model access, without vendor dependency.

Context Router

Simple formatting tasks go to fast, cheap models. Complex reasoning and analysis tasks go to frontier models. The Context Router makes that decision automatically on every request based on task complexity - cutting compute costs without sacrificing capability.

See it in your organisationRead the Intelligence deep-dive →

ARGUS-i Detection Packs

PII detection that knows your jurisdiction.

The built-in scrubber covers Australian, UK, US, and EU data formats. Detection Packs extend it with jurisdiction-specific rules - HIPAA, GDPR, PSPF, Five Eyes classification markings, and more. Install from the pack registry. No configuration required.

Healthcare (HIPAA, My Health Record)
Government (PSPF, DSPF, Five Eyes)
Financial Services (PCI-DSS, Basel III)
Legal (privilege markers, court filing formats)
Custom rules for internal data formats
ninthLABS Certified

Global Privacy Essentials v1.0.0

GDPR, CCPA, PIPEDA, and LGPD personal data detection across all languages. Pre-installed on all orgs.

ninthLABS Certified

Australian Government Pack v1.0.0

PSPF classification markers, PROTECTED/SECRET/TOP SECRET blocking, APS-specific PII formats.

ninthLABS Certified

Healthcare Compliance Pack v1.0.0

HIPAA 18 identifiers, My Health Record formats, clinical note PII, and prescription data patterns.

ninthLABS Certified

Financial Services Pack v1.0.0

PCI-DSS card numbers, BSB/account numbers, SWIFT codes, trading account identifiers.

ninthLABS Certified

Five Eyes Intelligence Framework v1.0.0

FVEY classification marking detection and sovereign blocking for intelligence community use.

Developer Governance

Your developers are running AI with the full codebase in context. Is any of that governed?

Claude Code, Aider, Gemini CLI, and Goose operate outside every web-based governance layer. They hit provider APIs directly with no PII scrubbing, no injection detection, no audit log, and no organisational visibility. OBEL's CLI proxy is the only product that puts developer AI tools inside the same governance pipeline as everything else.

A single environment variable governs all of them.

# Claude Code ANTHROPIC_BASE_URL=https://api.useobel.ai/proxy/anthropic # Aider, Goose, Codex CLI OPENAI_BASE_URL=https://api.useobel.ai/proxy/openai # Gemini CLI GEMINI_API_BASE=https://api.useobel.ai/proxy/google

The developer's experience is unchanged - same models, same responses, same latency. Governance runs invisibly in the path: PII scrubbing, prompt injection detection, OWASP code scanning, and a complete audit trail on every CLI AI call.

Full governance pipeline on every CLI call

PII scrubbing, injection detection, ARGUS-i classification, and audit logging on every Claude Code, Aider, Gemini CLI, and Goose request.

OWASP code security scanning

Code sent to AI tools is scanned for hardcoded credentials, injection vulnerabilities, insecure patterns, and dependency risks before reaching the model.

Per-repository spend attribution

Every CLI request is attributed to a repository and developer. Spend, request volume, and security events are broken down by repo in the Intelligence Hub.

Identity-bound API keys

Each developer authenticates with their OBEL identity. Shared or leaked API keys cannot be used anonymously - every request is tied to a verified user.

Full Developer tier details →

Document Studio

AI document generation where every output is a governed artifact.

Contracts, reports, code, briefings, diagrams - every generation request passes through ARGUS-i before a word is drafted. Every output is stored, version-controlled, attributable, and exportable as a branded PDF with a full governance chain.

Template library

Every org starts with pre-built NDAs, employment contracts, SOWs, service agreements, and consulting agreements. Define custom types for proprietary document workflows.

Governed generation

ARGUS-i classifies every generation request - intent, PII, sovereign violations - before a word is drafted. Generated documents are treated as governed artifacts, not free text.

Version control + export

Artifacts are stored in your org vault, version-controlled, and tied to the audit session that produced them. Export any document as a branded PDF with full attribution.

Governed RAG

A knowledge base your AI can use. With the same governance as everything else.

Upload documents, policies, technical references, and internal knowledge. Connect to your existing repositories. Every retrieval chunk is classified by ARGUS-i before it is injected into a prompt - so the knowledge base cannot be used to bypass the governance layer.

Every chunk classified before injection

Retrieved content passes through ARGUS-i classification and PII scrubbing before it reaches the LLM context window. RAG cannot be used to smuggle sovereign content.

Source attribution in every response

Responses cite the specific document chunks used to generate them. Attribution is stored in the audit record alongside the response.

Role-scoped access control

Documents are visible only to the roles and users you configure. Knowledge base access is enforced at the retrieval layer, not the prompt layer.

Standard RAG vs Governed RAG

Document ingestionStored as embeddingsStored as embeddings, classified on ingest
RetrievalChunk injected into contextChunk classified by ARGUS-i before injection
PII in source documentsPassed to modelScrubbed before injection
Sovereign contentPassed to modelBlocked at retrieval gate
Audit trailNoneFull trace: query, chunks retrieved, response
Access controlApplication-layer onlyEnforced at retrieval layer per role

Compliance Framework Mapping

Compliance evidence, not compliance policy.

Most AI compliance approaches produce a policy document. OBEL produces live, queryable evidence tied to real platform controls - 58 controls mapped across four frameworks, with the specific OBEL control and audit evidence for each one.

EU AI Act

Articles 9, 10, 13, 14, 17, 26, 29 - risk management, data governance, transparency, human oversight

NIST AI RMF

GOVERN, MAP, MEASURE, MANAGE functions - risk identification, measurement, response, and post-deployment monitoring

SOC 2 Type II

CC1-CC9, A1.1 - logical access, change management, incident response, cryptography, availability

ISO/IEC 27001:2022

A.5-A.8 Annex A controls - information security policies, access control, data masking, logging, DLP

58

controls mapped across four frameworks, each with the OBEL control, the requirement, and the audit evidence an auditor can verify.

What "audit evidence" means in practice

Each control shows the specific OBEL platform feature, the requirement it satisfies, and the evidence - log exports, configuration records, enforcement history - that an auditor can independently verify. Not a self-attestation. Verifiable evidence.

SIEM / CEF Connector

AI governance events in your SIEM. Without custom integration work.

OBEL streams governance events in CEF 0 format - the standard security event format used by Splunk, Microsoft Sentinel, and IBM QRadar. Security operations teams get AI threat data in the same place they already work.

Native CEF 0 format

Events stream as RFC 5424-compatible CEF - no transformation required for Splunk HEC, Sentinel Logic Apps, or QRadar Universal DSM.

Cursor-based NDJSON polling

SIEM connectors poll GET /api/audit-stream with a cursor timestamp. Each response includes the next cursor. No missed events. No duplicate processing.

Severity-mapped per event type

sovereign_blocked=9, MITRE ATT&CK match=7, PII detected=6, agent failed=5. Standard SIEM severity scale so alert thresholds work without reconfiguration.

HMAC-signed authentication

Long-lived tokens scoped to your org. Generated in Settings - Communications. Rotate by changing AUDIT_STREAM_SECRET. No OAuth flow required for SIEM polling.

# Example CEF event CEF:0|ninthLABS|OBEL|3.0|OBEL-001|Sovereign Block|9| rt=1751234567000 dvchost=obel-platform cs1Label=orgId cs1=f8a3c... cs2Label=event cs2=sovereign_blocked cs3Label=classification cs3=PROTECTED cs4Label=agentName cs4=Briefing Officer

Stateful Tokenization

Zero enterprise data at the provider. Full context at the model.

Standard PII scrubbing removes context along with risk. Stateful Tokenization replaces PII entities with stable, indexed tokens - the LLM reasons about [EMAIL_001] and [ORG_001], preserving every relationship across the conversation. Real values never leave your boundary. Responses are re-hydrated locally before reaching users.

Entity relationships preserved

The same entity always maps to the same token within a conversation. The LLM can reason: [EMAIL_001] works at [ORG_001] - without ever seeing real values.

Vault-encrypted token maps

Each conversation's token map is AES-256-GCM encrypted with your vault key and stored per conversation. Nothing stored in plaintext.

Secrets always hard-redacted

API keys, passwords, and private keys are never tokenized - they are blocked outright by the scrubber regardless of tokenization settings.

Audit logs unaffected

PII detection events are still recorded in security logs and audit trails. Compliance reporting is identical whether tokenization is on or off.

Scrubbing vs Tokenization

Standard Scrubbing
Stateful Tokenization
john@acme.com
[EMAIL_001]
→ [REDACTED:EMAIL]
→ re-hydrated on return
Entity context lost
Entity context preserved
LLM cannot cross-reference
LLM reasons across entities

Available on STANDARD+

Enable from Settings - Governance - ARGUS-i. Requires vault configured. Toggle on; existing conversations are unaffected.

Start free. Scale when you're ready.

14-day trial with no credit card required. Upgrade or cancel any time.

Create free accountCompare plans