Launching today

Astra

Launching today

Make AI agents that never see your data

87 followers

Make AI agents that never see your data

87 followers

Visit website

AI Infrastructure Tools

•

Security software

Your AI agent shouldn't see raw sensitive data to do its job. Most of the time it doesn't need to. Astra tokenizes PHI, PCI, and PII before it reaches your agent. It reasons on safe tokens, acts on real values at execution the raw data never touches the model context. Two lines of code. Works with any agent framework.

Free Options

Launch tags:SaaS•Developer Tools•Artificial Intelligence

Launch Team

Tines — Build agents & automations integrated across your workspace

Build agents & automations integrated across your workspace

Promoted

Astra

Maker

📌

Hey everyone 👋, I'm excited to launch Astra today, I built Astra after a hallway conversation at AWS where someone asked how Bedrock prevents LLMs from seeing customer data. Great perimeter story but nobody had solved what the agent sees inside the prompt. The gap is simple: your agent doesn't need to read a patient's SSN to decide what to do with it. It just needs to know a value exists. Astra intercepts before the prompt, agent works on tokens, real values resolve only at execution. Would love to hear from anyone building agents on regulated data and i will be more than happy to answer anything.

Report

23h ago

Product Hunt

What’s the “switching moment” you see: is it a specific incident (PII leaking via tool-call JSON, agent memory, or observability), a compliance review (PCI/HIPAA), or a product requirement—and what would make a team rip out their current proxy/redaction layer for Astra?

Report

1h ago

@obed_mpaka1 the tokenization-before-prompt approach is interesting — what happens when the agent's reasoning output references a token and you need to log or audit that decision? Does the audit trail show the real value or does it stay tokenized end-to-end?

Report

3h ago

Astra

Maker

@jimmypk so the audit log stores tokens, not real values.

[CVT:NAME:A1B2] filled first_name at hospital.com at 14:13:22. Authorized. Uses remaining: 0.

The real value lives in one place, the vault. The reveal log records that a reveal happened, not what was revealed. Those two things are deliberately separate. If they needs to know which patient was affected, they run the token through the executor with proper authorization. The audit trail points to the token. The vault holds the value. Nobody hands them a document full of PHI.

Agent reasoning log : tokens only
Audit trail : tokens, action, timestamp, who triggered the reveal
Vault : real values, access-controlled separately
Reveal log : proof a reveal happened, without storing what was revealed

You can hand that audit log to a regulator as-is. It doesn't become a PHI liability the moment you open it.

That's the point.

Report

3h ago

@jimmypk so the audit log stores tokens, not real values.

[CVT:NAME:A1B2] filled first_name at hospital.com at 14:13:22. Authorized. Uses remaining: 0.

Agent reasoning log : tokens only
Audit trail : tokens, action, timestamp, who triggered the reveal
Vault : real values, access-controlled separately
Reveal log : proof a reveal happened, without storing what was revealed

You can hand that audit log to a regulator as-is. It doesn't become a PHI liability the moment you open it.

That's the point.