Trace collects AI governance evidence across seven enforcement layers: browser extension, endpoint agent, network gateway, API interceptor, cloud application connectors, AI output inspection, and internal LLM API protection. Each layer monitors a different way AI tools can be accessed.
When an AI interaction is detected, it passes through an eight-stage classification pipeline: preprocessing, deterministic validation, semantic classification, prompt injection detection, context enrichment, file and image inspection, output classification, and policy resolution. The resolved action, block, warn, redact, educate, audit, or allow, is executed immediately.
Every governed interaction produces a forensic evidence record containing: tenant identity, event identity, timestamp, source layer, user reference, action taken, severity, policy reference, data classification results, destination summary, hash references, and lineage. This evidence is committed to the immutable evidence infrastructure using the same proof model as Attest, WORM storage, SHA-256 hashing, and per-tenant hash chaining.
Trace also integrates bidirectionally with existing security platforms (SIEM, XDR, EDR, ITSM, alerting, GRC), sending AI-specific findings to the customer's existing tools while receiving risk signals back where supported.