# What is Highflame

Highflame is security infrastructure for AI agents and autonomous systems. It provides a shared control plane for defining what agents are allowed to do, enforcing those rules at runtime, observing behavior across products and environments, testing systems adversarially, and producing an audit trail for what happened.

If your organization is deploying agents that call tools, connect to MCP servers, modify code, invoke APIs, or operate across long-running workflows, Highflame is the layer that makes that autonomy safe to ship.

***

### What Highflame Does

Highflame secures AI systems across four responsibilities:

**Discover** — AI applications, agents, MCP servers, models, tools, and usage patterns across the organization. Understand where autonomy is running and where risk is accumulating.

**Govern** — AI behavior with typed Cedar policy, identity-aware controls, scoped permissions, and runtime guardrails. Shared enforcement across applications, agents, and platforms.

**Monitor** — AI traffic and runtime decisions through distributed traces, threat telemetry, session-aware observability, and audit-ready records.

**Protect** — AI systems with inline threat detection, tool and workflow enforcement, adversarial red teaming, and model supply chain validation.

***

### Technical Architecture

| Layer            | Components                                                                                                                                             | Role                             |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |
| **Studio**       | Dashboards, Policy Management, Playground, Operator UX                                                                                                 | Configuration and visibility     |
| **Observatory**  | ClickHouse, Collector Pipeline, Traces, Events                                                                                                         | Observability and audit          |
| **Products**     | Guardrails, Code Agents (Overwatch), MCP Gateway, Browser Security (Sentry), Red Team, Palisade                                                        | User-facing integration surfaces |
| **Shield**       | Tiered Detection: built-in (secrets, PII, injection) → ML (Raudra, toxicity, hallucination, GRU) → Cloud (DLP, ModelArmor, CheckPhish) + BYOD webhooks | Runtime threat detection         |
| **Cedar Engine** | Per-service schemas (5), explain and debug modes, context projection                                                                                   | Policy evaluation                |
| **Core**         | Policy packages, Taxonomy, Identity (ZeroID), Authorization, Tenancy                                                                                   | Platform foundation              |

**Detection** — 25+ built-in detectors (sub-5ms), ML classifiers (10-200ms), and cloud APIs (50-500ms). Detectors declare their output keys; the projection layer normalizes them into stable semantic context for Cedar.

**Policy** — Cedar policies read projected context and emit permit/deny. Deny always wins. Five service-specific schemas (Guardrails, Overwatch, Sentry, MCP Gateway, Palisade) with typed actions, entities, and context attributes. The same policy framework governs MCP tool calls, IDE file operations, and Shield API evaluations.

**Observability** — Every evaluation produces a trace with latency breakdowns, detector results, Cedar decisions, and session state. OpenTelemetry-native. Feeds into Observatory for threat dashboards, session analysis, and command center.

***

### Product Surfaces

Highflame is a platform, not a single-point solution. Product surfaces share the same detection, policy, and observability layers:

| Product              | What it protects                                     | Integration                                |
| -------------------- | ---------------------------------------------------- | ------------------------------------------ |
| **Guardrails**       | LLM prompts, tool calls, model responses, files      | SDK (Python, TypeScript, Rust) or REST API |
| **Code Agents**      | IDE agents — Cursor, Claude Code                     | VS Code / JetBrains extension              |
| **MCP Gateway**      | MCP server connections, tool calls, resource access  | HTTP proxy or SDK                          |
| **Browser Security** | AI chat in browsers — ChatGPT, Gemini, Claude        | Browser extension                          |
| **Red Team**         | Agent, prompt, and workflow vulnerability testing    | Studio UI or API                           |
| **Palisade**         | ML model artifacts — safetensors, GGUF, pickle, ONNX | CI/CD (GitHub Actions, Azure DevOps)       |

***

### Framework Coverage

Detections, policies, and findings map to industry security frameworks:

| Framework            | Coverage                                                                         |
| -------------------- | -------------------------------------------------------------------------------- |
| **OWASP LLM Top 10** | Prompt injection, data leakage, tool misuse, model DoS, insecure output handling |
| **OWASP MCP Top 10** | Tool poisoning, server impersonation, cross-origin escalation, rug pull          |
| **MITRE ATLAS**      | Adversarial ML techniques mapped to detection signals and red team categories    |
| **NIST AI RMF**      | Risk measurement, governance controls, audit evidence, compliance reporting      |

***

### Who This Is For

| Role                                                       | Start here                                                                                           |
| ---------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| **Developers** integrating guardrails into AI applications | [Quickstart](https://github.com/highflame-ai/highflame-docs/blob/main/getting-started/quickstart.md) |
| **Security engineers** defining policies and controls      | [For Security Teams](broken://pages/dxPPGv7amkoZzgCpWsvw)                                            |
| **Platform engineers** managing multi-team rollout         | [Production Patterns](/guides/production-patterns.md)                                                |
| **Red team practitioners** testing for vulnerabilities     | [Agent Red Teaming](/red-teaming/agent-red-teaming.md)                                               |
| **DevOps** deploying Highflame infrastructure              | [Deployment Guides](broken://pages/NUuDyyNQYwDPRCacBTVw)                                             |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.highflame.ai/overview/what-is-highflame.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.