Security Rules

Merge Agent Handler’s Security Gateway scans tool inputs and outputs, and allows you to configure rules to prevent sensitive data being sent to and from your AI Agent.

Within the Rules page of the Dashboard, you have the ability to activate a set of out-of-the-box entity rules, and configure actions on the Outbound (Merge Agent Handler to third party) tool call inputs. Entity Types are predefined recognizers for PII (Personally Identifiable Information) entities. The Security Gateway scans tool calls for these specific entity types and takes action based on what’s configured within the platform.

Actions include:

1. Warn: Allow the tool call to go through without action
2. Redact: Allow the tool call to go through, while redacting flagged entities
3. Block: Block the tool call from going through to the third party, or block the response from reaching your agent

Available Entity Types

1. Credit Card number
2. Crypto Wallet number
3. Date & Time
4. Email Addresses
5. International Bank Account Number (IBAN) Codes
6. IP Addresses
7. Nationality, Religious, or Political groups (NRP)
8. Location
9. Person details (name)
10. Phone Number
11. Medication License numbers
12. URLs
13. US Bank Number
14. US Drivers License number
15. US Individual Taxpayer Identification Number (ITIN)
16. US Passport number
17. US Social Security Number (SSN)

Creating custom rules

For more granular fine-tuning or customization around security rules, you can create your own custom rules by entering specific regex, scoring, and context key words:

• Regex: Used to match specific patterns within the tool call inputs
• Scoring: Used to determine how likely content is to be sensitive based on matches
• Context key words: Used to provide extra clues to confirm sensitive data