Deterministic Agent Gateway Engine
by MSB Innovation GmbH
DAGE is a deterministic security architecture model for AI agent systems with strictly deterministic permission and tool control.
The architecture separates probabilistic language processing from all security-critical system functions.
Core principle:
The language model may think, analyze and formulate,
but it must never act directly.
Website:
https://msb-innovation.de/DAGE.html
DAGE follows a deterministic zero-trust architecture for AI agent systems.
- Prevent prompt injection attacks
- Prevent unauthorized tool execution
- Enforce deterministic user isolation
- Isolate LLM reasoning from execution
- Protect local enterprise data
- Enforce deterministic permission control
DAGE is designed to mitigate:
- prompt injection
- unauthorized tool execution
- cross-user data leakage
- insecure RAG access
- uncontrolled agent autonomy
- privilege escalation through LLM reasoning
The DAGE architecture enforces a strict separation between:
- probabilistic AI reasoning
- deterministic execution control
The language model never receives direct access to:
- filesystems
- APIs
- databases
- operating system processes
- networks
- external tools
The LLM can only generate text-based tool requests.
All validation, permission checks and execution decisions are handled deterministically by the DAGE gateway layer.
DAGE does not only control tool execution.
The architecture also deterministically controls:
- system prompts
- user isolation
- RAG retrieval
- memory access
- document injection
- tool responses
- context assembly
- conversation history
- external knowledge inclusion
The language model never determines, modifies or authorizes its own security-relevant context.
All context construction and filtering is performed deterministically by the DAGE gateway layer.
User Request
->
DAGE Gateway
->
LLM
->
Text-Based Tool Request
->
DAGE Validation Layer
->
Authorized Tool Execution
->
Deterministic Result Handling
->
DAGE Gateway Response
->
User