Privacy Infrastructure for Agentic AI

Let AI agents use sensitive data without exposing it

TCrypt lets enterprises select and protect sensitive fields inside the application boundary before context is sent to an external model. It preserves useful format and structure where configured, and places every restoration behind identity-controlled threshold authorization.

Agents need your data.
External models shouldn't receive the cleartext.

The moment an agent queries a database, CRM, or file system, sensitive fields ride along into the model's context window.

Access is non-deterministic

Which records an agent pulls depends on the prompt and the tool calls the model chooses. You cannot enumerate in advance what will cross the boundary.

Context spreads beyond your control

Once sensitive data enters an external context window, it can persist in vector memory, agent logs, and provider logs, outside your visibility and retention policies.

Redaction breaks reasoning

Replacing values with uniform blocks destroys the lengths, delimiters, and relationships that models and downstream systems depend on. Protection shouldn't cost utility.

Three states. One controlled crossing.

Cleartext stays inside your boundary. Models work with structurally useful protected context. Restoration happens only inside a governed workflow.

1 · Inside the Boundary

Your application holds cleartext. Selector rules identify the fields to protect, exactly where they live.

{ "customer": { "name": "Dana Whitfield", "ssn": "612-84-7291", "card": "4532-7182-9381-0293" } }
2 · Presented to the Model

Selected fields are tokenized locally before transmission. Length, delimiters, and structure are preserved where configured.

{ "customer": { "name": "c41f…9b07", "ssn": "347-19-8850", "card": "8430-9247-1563-0293" } }
3 · Governed Restoration

Reversing a token requires an authenticated identity and a threshold quorum. Each restoration leaves a tamper-evident record.

detokenize(token) → identity verified (RBAC) → quorum 3-of-5 reached → access record anchored → cleartext restored locally

Protection applies to the fields you select and configure. Selector-driven rules are deterministic and auditable: a compliance team can read the rule set and know precisely what is protected.

A pre-flight and post-flight loop for every agent

TCrypt ships as a standard Model Context Protocol server: a native, discoverable tool for agent frameworks.

01 · INTERCEPT

Agent pulls the raw payload

The agent retrieves records from an internal source, a database, CRM, file system, or API, before assembling the model's context.

02 · TOKENIZE

Fields protected locally

The TCrypt MCP tool applies your JSONPath, XPath, or pattern rules in a local WebAssembly module using only the system's public key. Cleartext remains inside the application boundary during tokenization.

03 · EXECUTE

Model reasons over protected context

The agent sends the structurally intact, tokenized payload to the external model, which can validate formats and reference records without receiving the underlying values.

04 · RESTORE

Quorum-controlled detokenization

When the model's output references a token, the agent calls a secured gateway that enforces identity-based access control and triggers a threshold quorum to restore the value inside your workflow.

Built like infrastructure, not a filter

Four properties that separate a privacy substrate from string scrubbing.

JSONPath · XPath · Patterns

Deterministic field selection

Target nested fields in JSON payloads, traverse XML document and messaging structures, and isolate identifiers in plain text. Explicit selectors, not probabilistic detection, so the protected surface is knowable and auditable.

tokfpe · tokenize

Two masking strategies per field

Format-preserving encryption keeps structured identifiers valid for downstream systems. Fixed-width tokens seal larger or variable-length content under threshold encryption. Choose per field, based on what the workflow needs.

BLS12-381 · Threshold Quorum

No reconstructed master secret

The decryption capability is split into shares held by independent Sentinel nodes. Detokenization combines partial results without assembling the key in any single place, so no node, operator, or vendor can reverse a token alone. Weilliptic infrastructure receives tokens and ciphertext rather than cleartext.

Receipts · WeilChain

Tamper-evident access records

Every detokenization requires a live, authenticated quorum operation, and each one produces a signed, tamper-evident record of who restored which data, and when. Non-repudiable evidence for compliance and incident response.

Anywhere agents touch regulated or sensitive records

Strong early fits include healthcare, insurance, and financial services, but the boundary problem is universal.

Customer-service agents

An agent retrieves CRM records to resolve a case. Account numbers and personal identifiers are tokenized before the context reaches the model; the resolution workflow restores them under authorization.

Financial and insurance workflows

Agents processing account, policy, or claims data present format-valid tokens to the model, so validation logic and downstream systems keep working without cleartext exposure.

Operations and back-office agents

Agents working with employee, customer, or transaction records reason over protected context, while every restoration back to cleartext is identity-gated and recorded.

Protect before. Prove after.

TCrypt is the preventive half of the Weilliptic platform. Receipts is the evidentiary half. Both run on WeilChain.

TCrypt

Protect sensitive data before model execution

Selected fields are tokenized inside your boundary, presented to models in useful form, and restored only through quorum-controlled, identity-gated operations.

Receipts

Prove what happened afterward

Every prompt, tool call, and commit is cryptographically signed and anchored, giving security, legal, and finance teams independently auditable evidence.

Explore Receipts →
Put a boundary between your data and the model

See TCrypt tokenize, protect, and restore live against your own payload structures.