Formal

Programmable reverse proxy that parses 15+ wire protocols (Postgres, MySQL, MongoDB, Snowflake, SSH, Kubernetes, HTTP, MCP, S3, Redis, gRPC, and more) and enforces security policies inline at query level with sub-10ms latency. Single stateless binary deployed in your VPC via Terraform, Kubernetes, or Docker. 9 policy actions (Allow, Block, Mask, Filter, Rewrite, Quarantine, Suspend, MFA, Impersonate) evaluated at 3 stages (session, request, response). Customers include Notion (secured hundreds of datastores), Ramp, Cursor, Gusto, and Doctolib. Features PII/PHI masking, JIT access via Slack/Jira, and policy backtesting against 31 days of historical logs.

For AI agent security specifically: Formal proxies between AI agents and MCP servers, stripping PII before it reaches the LLM, blocking unauthorised tool calls, enforcing permissions the upstream system lacks, and auditing every agent action. The wire-protocol-level parsing means it understands the actual queries and commands being executed — not just HTTP headers. Real-time AI session monitoring uses LLM-powered behaviour analysis to detect anomalies in live sessions.

Use when you need data-level access control between AI agents and backends — particularly when agents access databases, APIs, or MCP servers that contain sensitive data. The protocol-aware approach means no application code changes. Deploy in under an hour for initial routing, then progressively add masking and access policies. Enterprise product used by major SaaS companies.

Risks addressed — mapped to both OWASP Top 10 standards. 1 in LLM, 4 in Agentic.

What Yuntona stores. Single source of truth — fork it on GitHub.

name: Formal
slug: formal
type: Mixed
category: Identity & AppSec
url: https://formal.ai

reviewed:   2026-04
added:      2026-04
updated:    2026-04

risks:
  llm:  [LLM02]
  asi:  [ASI02, ASI04, ASI05, ASI08]

complexity:    Plug & Play
pricing:       —
audience:      AppSec
lifecycle:     [deploy]

tags: [Commercial, Data Security, Least Privilege, MCP Security, Proxy]