"48.9% of organizations are entirely blind to AI agent behavior" — Salt Security, April 2026
ORILink is a foundational architecture that gives AI agents the context to understand what they see — annotating tokens with origin and trust before inference, enforcing intent before execution.
WAFs parse network traffic, not semantic intent. Framing attacks, context switching, and payload splintering bypass them routinely.
Every token is annotated with origin metadata and trust weight. Untrusted tokens are blocked before inference begins.
0% false positive rate. Trusted instructions pass through cleanly with sub-millisecond latency overhead.
A trusted operator instruction and a malicious injection are identical at the token level. The model cannot tell them apart — it executes both. This is not a model flaw. It's a fundamental property of how transformers process input.
WAFs and prompt guards operate above the language layer. Framing attacks, context switching, and payload splintering bypass them routinely — without triggering any signature match.
Autonomous agents execute instructions — that's their purpose. Without enforcement below the language layer, a compromised instruction chain is indistinguishable from a legitimate one. Compliance is the vulnerability.
Two mandatory, unconditional gates. Pre-inference inbound. Pre-execution outbound. Model-agnostic across the full hardening spectrum.
Pre-inference token annotation and trust weighting from a seven-domain taxonomy.
Every token is annotated with origin metadata and a trust weight from a seven-domain taxonomy. Untrusted tokens are blocked before inference. The attack never reaches the model.
Four-layer semantic classifier before any action fires.
Execution graph analysis, action chain memory, scope boundary check, deception detection. Evaluates what the agent is about to do — not what the instruction calls it. Blocked unconditionally.
ORILink doesn't just protect a single agent. Trust annotations travel with content — through every handoff, every agent-to-agent message, every tool call. A single compromised instruction cannot silently elevate its own trust weight as it moves through your agent network.
Complete inbound and outbound enforcement. The agent operates freely within its authorized scope — and cannot be weaponized outside it.
Provenance envelopes travel with every A2A message. A compromised agent cannot elevate its trust weight when forwarding to peers — contagion stops at the first hop.
Every action — cleared or blocked — is logged with full provenance: instruction origin, trust weight, classifier layer, and timestamp.
Every action is logged: agent ID · instruction origin · trust weight assigned · classifier result · timestamp. Operators are notified in real time on any block.
Full Gate 1 + Gate 2 enforcement. Safe to deploy anywhere.
Provenance travels with every A2A message. No contagion.
Complete audit trail. Real-time operator control at any scale.
Okta tells you the agent authenticated. ORILink tells you what it's about to do — and stops it if it shouldn't.
| Capability | Perimeter / WAF | Identity (Okta) | ORILink |
|---|---|---|---|
| Token-level trust annotation | |||
| Pre-inference blocking | |||
| Outbound intent classification | |||
| A2A provenance enforcement | |||
| Agent continues after block | |||
| Model-agnostic deployment |
Early access open to agent infrastructure teams. Patent pending.