Strategy
Positioning, category boundary, wedge, ICP, and early package strategy for Agent Assurance.
Decision
PolicyStrata Agent Assurance should lead with a narrow operating claim:
CI/CD release gates for AI agents that touch governed data.
The product should not position itself as another LLM observability platform, generic eval tool, AI governance suite, or runtime guardrail. The wedge is the release gate between agent engineering and enterprise security: self-hosted checks for agents that touch customer data, governed analytics, policies, schemas, runbooks, or other changing context.
Category Boundary
Observability tools tell teams what happened in production. Agent Assurance tells teams whether a release candidate should be allowed to reach production.
AI governance platforms document and orchestrate risk programs. Agent Assurance generates technical evidence those programs can use.
Runtime security tools block malicious or unsafe interactions. Agent Assurance checks release candidates before runtime and produces auditable go/no-go evidence.
Data governance tools enforce access policy in data platforms. Agent Assurance verifies that agents, prompts, retrieval layers, SQL, RLS assumptions, and source context continue to respect the policies a release depends on.
Competitive Landscape
| Segment | Examples | They own | Our opening |
|---|---|---|---|
| AI observability and evals | Logfire, LangSmith, Langfuse, Braintrust, Arize Phoenix, Galileo | Traces, prompts, online evals, dashboards, production debugging | Integrate with them and turn selected traces/evals into release evidence. |
| Eval and red-team CLIs | promptfoo, DeepEval, Giskard | Prompt tests, model/RAG benchmarks, adversarial tests, CI checks | Focus on customer-specific policy, context, tenancy, PII, SQL, and RLS evidence. |
| AI security and guardrails | Lakera, Lasso, Prompt Security, Cisco AI Defense | Runtime protection, prompt injection defense, data leakage controls, agent inventory | Own pre-production release gates and evidence packs rather than inline blocking. |
| AI governance and GRC | Credo AI, Holistic AI, Securiti | AI registries, risk workflows, regulatory mapping, governance reporting | Feed them concrete technical evidence instead of competing for broad GRC ownership. |
| Data access governance | Immuta, Privacera | Data policy enforcement, role vending, masking, audit trails, data access controls | Verify behavior across the agent layer, retrieval layer, policy text, context packs, and generated queries. |
Wedge
Start with B2B SaaS teams shipping AI agents that touch governed data:
- Text-to-SQL copilots.
- BI and analytics agents.
- Customer-support agents that retrieve account, contract, ticket, or policy data.
- Internal copilots that operate over governed docs, schemas, runbooks, and APIs.
The pain is not "we need more observability." The urgent buying trigger is:
- Security asks for proof before launch.
- Engineering wants to stop arguing in Slack about whether the agent is safe to ship.
- A release might leak one tenant's data to another tenant.
- The agent depends on source docs, schemas, or policies that changed.
- The team needs a waiver, approval, or block decision with evidence attached.
- Existing eval tools produce scores, but not a release artifact a reviewer can trust.
Buyer
The first buyer is likely not the Chief Compliance Officer. Start with teams close to shipping:
| Buyer | What they care about |
|---|---|
| VP Engineering or Head of AI Platform | Ship agents without ad hoc security review blocking every release. |
| AppSec or Product Security | Know which agents can touch what data before production. |
| Data Platform or Governance lead | Prevent cross-tenant, PII, SQL, schema, and RLS drift. |
| CISO org | Evidence, audit trail, release blockers, and no raw data in the SaaS by default. |
ICP
Start with B2B SaaS companies that have:
- A production-bound agent or copilot touching governed data.
- Tenant isolation, PII, RLS, contractual entitlement, or regulated workflow exposure.
- An AI platform, data, security, or product owner who can require release evidence.
- Enough maturity to run CI or a self-hosted runner, but not enough dedicated AI assurance infrastructure to have already solved this internally.
Avoid early prospects that only want generic chatbot quality evals, brand-safety moderation, employee AI usage monitoring, or broad AI inventory.
Product Thesis
The durable artifact is the release evidence pack.
A good evidence pack answers:
- What changed in this release candidate?
- Which source sets and policy suites were tested?
- Which context dependencies are stale, missing, or uncited?
- Which policy, tenancy, PII, SQL, RLS, or governance invariant failed?
- What witness or affected surface proves the finding?
- Who reviewed, waived, approved, or blocked the release?
- Can this agent ship?
The control plane should store the review state and history. The runner should own local execution. The OSS engines should remain independently useful.
The simplest product promise:
A release candidate cannot ship unless evidence exists and blockers are resolved.
Messaging
Primary headline:
Release gates for AI agents that touch governed data.
Supporting copy:
PolicyStrata Agent Assurance blocks unsafe agent releases before they reach production. Self-hosted runners check live context, tenant boundaries, SQL/RLS assumptions, PII exposure, and release policies, then upload an audit-ready evidence pack.
Positioning contrast:
Observability shows what happened after traffic hits production. Agent Assurance decides whether this release candidate is allowed to ship.
Best positioning sentence:
PolicyStrata Agent Assurance is a release-control plane for enterprise AI agents. Self-hosted runners verify context freshness and governed-data policies; the SaaS stores evidence, blockers, approvals, and audit history.
First Offers
The first paid product should be narrow: Agent Release Gate for RAG + SQL agents.
| Offer | Price | Scope | Goal |
|---|---|---|---|
| Agent Context Audit | $5k | One support/docs agent, source inventory, DocPull run, context freshness and citation report | Fast trust and source-risk entry |
| Policy Drift Audit | $10k-$15k | One data agent, policy text, schemas, representative traces, PolicyStrata findings | Higher-severity wedge around governed data |
| Agent Assurance Pilot | $25k-$50k | Self-hosted runner, dashboard, evidence packs, release review workflow | Convert into annual software |
Trust Features
| Capability | Why it matters |
|---|---|
| No raw customer data by default | Reduces procurement and security friction. |
| Self-hosted runners | Keeps sensitive docs, schemas, traces, and policies inside customer infrastructure. |
| Scoped runner tokens | Limits blast radius for CI and self-hosted execution. |
| Signed evidence packs | Makes release evidence tamper-resistant. |
| Artifact references and hashes | Proves what was checked without copying source data. |
| Organization, project, and release isolation | Required for enterprise SaaS review workflows. |
| CI blocking mode | Turns the product from dashboard into control point. |
| Reviewer decisions | Creates audit trail and accountability. |
Product Priorities
- Runner path that works in CI and customer environments.
- Stable JSON contracts for assurance runs, findings, and evidence packs.
- Built-in policy suites for RAG + SQL agent risk: context freshness, citation coverage, tenant scope required, PII minimization, SQL/RLS drift, and contract entitlement checks.
- GitHub Checks, JUnit, SARIF, and JSON output for release workflows.
- Dashboard review flow: latest run, blocker list, evidence pack, waiver, and approval state.
- Import/reference hooks for Logfire, LangSmith, Langfuse, Braintrust, Phoenix, promptfoo, and CI artifacts.
- Export hooks for Credo, Securiti, GRC workflows, and customer audit storage.
Anti-Goals
- Do not build a generic tracing product.
- Do not compete head-on with LangSmith, Logfire, Langfuse, Braintrust, Arize, or Galileo.
- Do not build a broad AI governance/GRC platform before proving the evidence wedge.
- Do not make hosted-only execution the default for enterprise pilots.
- Do not merge DocPull and PolicyStrata into one OSS package.
- Do not rewrite Python engines in TypeScript for aesthetic consistency.
- Do not overbuild dashboards before the runner, evidence contract, and first design-partner evidence pack are strong.