Question 1

What is Ferentin?

Accepted Answer

Ferentin is the trust layer for AI agents. It provides identity-centric, Zero-Trust policy enforcement from prompt to tool call — enabling organizations to authenticate every identity, authorize every action and audit every interaction across LLMs, agents and MCP tools.

Question 2

What is Zero-Trust AI access?

Accepted Answer

Zero-Trust AI access means every request to an AI service is authenticated, every action is authorized against fine-grained policies and every interaction is logged. No implicit trust is granted. Users, teams and AI agents must all prove their identity and permissions before accessing any AI resource.

Question 3

What LLM providers does Ferentin support?

Accepted Answer

Ferentin supports direct providers like OpenAI, Anthropic and Google, plus cloud service providers like AWS Bedrock, Azure AI Foundry, Google Vertex AI and Nvidia that host multiple model families. All providers and their models are cataloged in the LLM Registry with training policies and data residency information. You can route, secure and observe traffic across all of them through a single integration point.

Question 4

Which MCP servers does Ferentin support?

Accepted Answer

Ferentin maintains a growing registry of first-party and hosted MCP servers ready to use out of the box. You can also add your own MCP servers to the registry and apply the same zero-trust policies to govern access across all of them.

Question 5

What are MCP Apps?

Accepted Answer

MCP Apps are visual, web-based applications built on top of MCP servers. They let business users interact with AI tools through dashboards, charts and workflows instead of a chat interface. Ferentin ships with MCP Apps for ECharts, Mermaid diagrams, Maps and more, with the same governance and access policies applied automatically. Think of them as the UI layer for your MCP infrastructure.

Question 6

What auth methods does Ferentin support for MCP servers?

Accepted Answer

Two modes. User mode uses OAuth 2.1 for assistants and interactive clients, with scoped access tied to the logged-in user. Agent mode supports private key JWTs, client credentials and API keys for non-interactive, machine-to-machine access. Both are governed by the same zero-trust policies.

Question 7

How does Ferentin isolate tenants?

Accepted Answer

Every tenant gets dedicated encryption keys for secrets and sensitive configuration, and dedicated signing keys for tokens and assertions. Data is logically isolated at every layer. No tenant can access another tenant’s keys, policies or audit logs, even in a shared deployment.

Question 8

Is my data used for training?

Accepted Answer

Ferentin never trains on tenant data. Not on LLM calls, not on MCP tool invocations, not on anything that passes through the platform. Upstream LLM providers have their own training policies. Ferentin publishes each provider’s training and data residency information in the LLM registry so your teams always have up-to-date knowledge when choosing a model.

Question 9

What is Zero Data Retention (ZDR)?

Accepted Answer

Ferentin operates on a Zero Data Retention architecture. The platform does not store, cache or log any request or response payloads. The only data Ferentin retains is audit events: who accessed what, when and whether the action was allowed or denied. No prompts, no completions, no tool inputs, no tool outputs. Your AI traffic passes through the Service Edge and is gone. This means there is nothing to breach, nothing to subpoena and nothing that can be used for training. If you need payload storage for compliance or debugging, you can explicitly opt in on a per-policy basis, with payloads encrypted using your tenant-specific keys.

Question 10

How does Ferentin handle privacy?

Accepted Answer

Privacy is the default, not an option. Ferentin does not store request or response payloads unless you explicitly enable payload storage. When enabled, payloads are encrypted using tenant-specific data encryption keys. Ferentin cannot read your payloads. User identities can be anonymized in audit trails. For full isolation, deploy a Private Service Edge inside your VPC so that all AI traffic stays within your network boundary.

Question 11

Is Ferentin SOC 2 certified?

Accepted Answer

Yes, Ferentin is SOC 2 Type II certified and VAPT assessed. The platform features end-to-end encryption, tenant isolation and granular access controls. Your data never leaves your trust boundary.

Question 12

How does Ferentin handle AI agent governance?

Accepted Answer

Ferentin enforces fine-grained policies on AI agent behavior. Every action an agent takes is authorized against configurable rules, and every decision is fully auditable, giving enterprises complete control over what AI agents can and cannot do.

Question 13

What is a Security Service Edge?

Accepted Answer

A Security Service Edge (SSE) is a Gartner-defined architecture that converges multiple security services into a single, cloud-delivered platform at the network edge. Traditional SSEs bundle Secure Web Gateways, Cloud Access Security Brokers and Zero Trust Network Access to protect users accessing web apps and SaaS. Ferentin applies this same architectural pattern to AI agents. Instead of web traffic, Ferentin secures agent traffic — from prompt to tool call. It authenticates identities, enforces access policies, routes requests to LLM providers and MCP servers and produces a full audit trail. One trust layer, one integration point, all AI security services in one place.

Question 14

What security services does Ferentin provide for AI?

Accepted Answer

Ferentin delivers a complete security stack for AI workloads. For LLMs: identity-based access control, model-level authorization, provider routing, rate limiting, cost governance and full request/response audit logging. For MCP servers: OAuth 2.1 and agent-mode authentication, tool-level authorization, context boundary enforcement and toxic flow detection. For AI clients like Claude Code, ChatGPT, Cursor and custom agents: SSO integration, session-level policy enforcement, per-user and per-team access rules and real-time observability. All services are delivered through a single Service Edge with unified policy management.

Question 15

What is the difference between a Public and Private Service Edge?

Accepted Answer

A Public Service Edge is Ferentin-hosted and shared across tenants. You configure your AI clients to route through it and you are up and running in minutes with no infrastructure to deploy. Data is logically isolated with tenant-specific encryption keys. A Private Service Edge is a dedicated instance deployed inside your own VPC or cloud account. All AI traffic stays within your network boundary and never traverses the public internet. Both connect to the same Ferentin control plane for unified policy, identity and audit. Start with the Public Service Edge for speed, move to a Private Service Edge when compliance or data residency requirements demand full network isolation.

Question 16

What are Enterprise Identity Providers?

Accepted Answer

Enterprise Identity Providers (IdPs) are the systems your organization uses to manage employee identities and access. Think Okta, Microsoft Entra ID, Google Workspace or any SAML/OIDC-compliant provider. Ferentin integrates with your existing Enterprise IdP so that users authenticate with their corporate credentials before accessing any AI resource. This means no separate passwords, no shadow accounts and full alignment with your existing access policies. When a user is offboarded from your IdP, their AI access is revoked automatically.

Question 17

What are Workload Identity Providers?

Accepted Answer

Workload Identity Providers issue identities to non-human actors: AI agents, backend services, CI/CD pipelines and automated workflows. Unlike Enterprise IdPs that authenticate people, Workload IdPs authenticate machines and software. Ferentin supports workload identity through private key JWTs, client credentials and API keys. Each workload gets a distinct identity with its own authorization policies, rate limits and audit trail. This is how you give an AI agent scoped access to specific MCP servers or LLM providers without sharing a human user’s credentials.

The Trust Layerfor AI Agents.

Your security stack can't see what agents do.

Invisible intent

Identity ends at the front door

No receipts

Toxic flow

Trust, enforced at every layer

Every request, fully governed

Know what AI is doing across your organization

Toxic Flow

Context-aware policy enforcement

Built for enterprise from day one

Zero Trust AI Access

Compliance Ready

Toxic Flow Detection

Insights on AI security

"The Mother of All AI Supply Chains" — Or Just the Same Old CLI Problem

Trustworthy Agents Need Zero Trust Infrastructure

What the LiteLLM Supply Chain Attack Revealed About AI Credential Security

Frequently asked questions

Add trust to your AI stack in minutes, not months