Eloryn — Platform Overview

Eloryn is a deterministic, zero-trust governance architecture built for organizations deploying autonomous AI agents — agents that can execute code, modify databases, and call external APIs. It provides a provable guarantee: an agent can only execute actions explicitly permitted by a cryptographic trust chain.

The premise is simple. A system prompt is a speech explaining to a model why it should behave. A speech can be argued with — through prompt injection, jailbreaks, or novel inputs. Eloryn replaces the speech with structure: policy and capability boundaries compiled into cryptographic tokens, WASM sandboxes, and typed schemas.

What it means for security and compliance teams

• Provable security — agent behaviour is gated behind deterministic logic, not probabilistic guardrails.
• Regulatory alignment — built around Canadian AI policy (AIDA, PIPEDA, the Directive on Automated Decision-Making) and prepared for the EU AI Act, with an immutable audit trail.
• Systemic-risk mitigation — protects core infrastructure from prompt injection, data exfiltration, and lateral movement by a compromised agent.

The 5-Layer Guardian Stack

Eloryn runs every agent action through a sequential, defence-in-depth pipeline written in memory-safe Rust and TypeScript.

• Identity — Biscuit tokens signed with Ed25519 carry Datalog policies. A sub-agent’s token is a mathematically provable subset of its parent’s authority, so privilege escalation fails at the signature level.
• Cage — agent code runs in a Wasmtime capability sandbox that starts with deny-all; only the exact capabilities required for the approved intent are provisioned, just-in-time.
• Semantic Firewall — a fast Rust proxy canonicalizes Unicode (defeating homoglyph attacks), scans outbound payloads for canary tokens, and classifies harmful content before it reaches a user or database.
• Supervisor — every action is scored against the organization’s policy using Ternary Moral Logic and co-signed over gRPC before execution.
• Circuit Breaker — health-score anomaly detection trips and terminates the process when an agent behaves erratically or repeatedly probes its limits.

Model- and framework-agnostic

Eloryn governs the intent and tool calls a model produces, not the model itself. It sits over agent orchestrators (such as LangGraph or AutoGen) and works identically whether the reasoning engine is Claude, Gemini, GPT, or a locally hosted open-source model — with no change to the security logic.

Status

Eloryn is live at eloryn.io (v0.25.3), running a demonstration on synthetic data ahead of governing real production traffic. The codebase spans 11 TypeScript packages and 4 Rust crates, with multi-jurisdiction compliance content for CA, US, UK, AU, NZ, and the EU.