The AWARE Framework and Delphi Security

Governing AI Agents in the Real World

Delphi Security · March 16, 2026 · 9 min read

Your Security Playbook Wasn't Built for AI Agents

Here's the uncomfortable truth: the security tools most companies rely on were designed for a world where humans use software. That world is disappearing fast.

AI agents now retrieve documents, make decisions, call APIs, and take actions across your systems — often faster than any human could review. Traditional access controls ask "does this person have permission?" But that's the wrong question when an AI agent with valid credentials starts exfiltrating customer data because someone slipped a hidden instruction into a PDF.

The right question is: "Is this behavior appropriate, right now, in this context?"

That's exactly what the AWARE framework was built to answer.

What Is AWARE?

AWARE is a new governance framework for AI agents, developed by the Work AI Institute alongside security leaders at Palo Alto Networks, Databricks, and Glean. It gives CISOs and security teams a simple, practical way to think about AI agent risk.

The name is an acronym for five questions you should be able to answer about every AI agent action in your environment:

• A — Actor Intent: Who or what is acting, and why?

• W — Work Context: Is this data sensitive right now, in this context?

• A — Autonomous Guardrails: Is the agent staying within its declared scope?

• R — Real-Time Risk Scoring: How risky is this behavior at this moment?

• E — Ecosystem Observability: Can we trace what it did across every system it touched?

If you can answer all five for every AI interaction, you're governing AI properly. If you can't, you have blind spots.

The Shift in Security Thinking

Traditional Security — "Does this person have permission?" Static, identity-based, assumes human actors.

AWARE Approach — "Is this behavior appropriate, right now, in this context?" Dynamic, context-aware, built for autonomous agents.

How Delphi Answers All Five

We didn't design Delphi to match the AWARE framework — but it turns out we built exactly what it calls for.

A — Actor Intent

The gap: Without actor visibility, you can't distinguish legitimate use from compromised agents or hijacked sessions.

How Delphi answers it: Delphi's proxy sees every request flowing to and from your AI systems. We track which agent made the call, which user triggered it, the session context, and the full delegation chain (Agent A → Agent B → Agent C). Our agent registry and session tracking provide complete actor visibility.

W — Work Context

The gap: A credit card number in a payment flow is normal. The same number in a chatbot response is a data breach. Static pattern matching misses the difference.

How Delphi answers it: Our AI DLP module scans inputs separately from outputs with direction-aware rules. 15 built-in classifiers detect SSNs, credit cards, API keys, medical records, and more — with per-policy options to alert, redact in-flight, or block entirely.

A — Autonomous Guardrails

The gap: Agents that exceed their scope can access unauthorized systems, escalate privileges, or take actions they were never designed to perform.

How Delphi answers it: Our Agentic Shield and MCP Shield monitor every tool call, API invocation, and cross-system action. Custom guardrails enforce boundaries by keyword, regex, or topic at the proxy level — the agent never even sees the restricted request.

R — Real-Time Risk Scoring

The gap: Binary safe/unsafe decisions miss nuanced attack patterns like multi-turn social engineering or gradual data extraction.

How Delphi answers it: Every request gets a composite threat score from our 4-layer engine: pattern matching, behavioral heuristics, ML classification, and AI analysis. Context-Aware Protection tracks risk across entire sessions — catching conversation drift that individual requests won't reveal.

E — Ecosystem Observability

The gap: AI-specific breaches take 40% longer to contain than traditional ones — mostly because teams can't reconstruct what happened.

How Delphi answers it: Every interaction is logged with full context: prompt, response, threat analysis, DLP results, agent ID, session ID, deployment, timestamp, and action taken. Our Command Center provides a single dashboard view — queryable, filterable, and exportable.

AWARE Dimensions vs. Delphi Capabilities

The AI Governance Gap

The AWARE framework doesn't tell you what tools to buy. It tells you what questions to ask. We think that's the right approach — frameworks should clarify thinking, not prescribe products.

But when you ask those five questions and look at your current AI infrastructure, you might find some uncomfortable gaps. Delphi exists to close those gaps — not with governance documents or compliance checklists, but with a runtime security proxy that actually stops threats as they happen.

The agents are already here. The question is whether you can see what they're doing.

Gap Stats

• 17% of organizations have automated controls for AI data flows

• 40% longer to contain AI-specific breaches vs. traditional ones

• 5 critical questions AWARE says you must answer for every AI action

AWARE Is the Question. Delphi Is the Answer.

Start monitoring your AI traffic in minutes. See every agent action, score every request, and enforce guardrails at runtime — no code changes required.

Delphi Security provides runtime AI protection for companies building with LLMs and AI agents. Our proxy-based approach means zero code changes — just point your AI traffic through Delphi and start blocking threats immediately.