Protect your business today. Day ends in
CapitalGuard

CapitalGuard Exposure Intelligence

Every verified scan strengthens the security record.

CapitalGuard combines a versioned score, privacy-safe exposure patterns, fingerprinted policies, and a verified history chain. The result gets more useful with each authorized review without creating a shared repository-code database.

CapitalGuard intelligence recordVersioned

Layer 01

Risk Score

Layer 02

AccessGraph

Layer 03

Policy Hash

Layer 04

Verified History

Four compounding layers

Differentiation customers can inspect.

The defensible layer is the structured record produced around the scan, not a promise that one scanner finds everything.

cg-risk-1.0.0

CapitalGuard Risk Score

A versioned 0-100 signal keeps every score comparable to the exact model that produced it.

cg-accessgraph-1.0.0

CapitalGuard AccessGraph

Agent actions, exposed asset classes, controls, and one-way state fingerprints form a map without pooling source code or secret values.

cg-policy-1.0.0

Policy Fingerprints

Every generated policy can carry a SHA-256 fingerprint so teams can prove which guardrail artifact was reviewed.

scan + policy + badge

Verified History Chain

Score history, policy versions, delivery state, and approved badge records form an evidence trail that compounds over time.

Risk taxonomy

Eight dimensions. One versioned signal.

Weights are public enough to make the model understandable while the detailed evidence remains private to the authorized customer.

Exposed secrets

18%

Secret-bearing paths and credential-shaped context reachable by agents.

Dangerous files

13%

Operational, customer, billing, auth, and deployment files inside agent scope.

Unsafe AI-agent permissions

15%

Read, write, terminal, browser, connector, and external-transfer authority.

Prompt-injection exposure

14%

Untrusted instructions in docs, issues, prompts, logs, and generated files.

Missing policies

12%

Absent protected paths, approval gates, redaction rules, and tool boundaries.

Dependency risk

8%

Lifecycle scripts, registry credentials, and agent-controlled package changes.

Sensitive-data exposure

10%

Customer, personal, support, and production data entering agent context.

Workflow risk

10%

CI, release, infrastructure, and deployment paths agents can influence.

Privacy boundary

Intelligence without a shared code vault.

CapitalGuard is designed to learn from categories and one-way fingerprints. Customer source, secret values, repository names, customer identities, and raw paths do not belong in shared intelligence.

Shared intelligence boundary

Patterns in. Private material out.

One-way pattern fingerprints
Severity and confidence
Resolution state
Versioned aggregate counts

Start the record

Create the first verified CapitalGuard baseline.

Run Free AI Risk Check