> ## Documentation Index
> Fetch the complete documentation index at: https://docs.starfort.io/llms.txt
> Use this file to discover all available pages before exploring further.

# What is Starfort?

> Starfort is an AI governance platform that puts guardrails between your people, your apps, and the AI services they use.

<div style={{ textAlign: "center", margin: "0.5rem 0 2rem" }}>
  <img src="https://mintcdn.com/aimintelligence/_eLAfqxhNvBcU1Ba/images/brand/starfort-symbol.svg?fit=max&auto=format&n=_eLAfqxhNvBcU1Ba&q=85&s=cc8e895d7e5816dde74aa7ff4c1181c7" alt="Starfort" width="64" height="64" noZoom data-path="images/brand/starfort-symbol.svg" />
</div>

Starfort is an **AI governance platform** by AIM Intelligence — an *intelligence control* solution that lets an organization control both **the people using AI** and **the AI itself**, the way the organization intends. Security, regulatory compliance, and quality management all sit on top of this single control model. Its **Guardian** module inspects the content flowing to and from AI services in real time and enforces your organization's policies — masking sensitive data, blocking disallowed topics, and recording every decision for audit.

## Why Starfort: the AI risk hierarchy

Starfort exists because AI risk is not one undifferentiated problem. It ranks into three tiers, and each tier is handled differently — this ordering is what justifies "enforce centrally, optimize locally."

| Priority | Risk                   | Examples                                                             | How it is handled                                         |
| -------- | ---------------------- | -------------------------------------------------------------------- | --------------------------------------------------------- |
| **1st**  | AI **Security** risk   | PII / secret leakage, jailbreak, prompt injection                    | **Non-negotiable** — enforced centrally                   |
| **2nd**  | AI **Regulatory** risk | national AI law, domain rules (finance, healthcare), internal policy | **Mandatory** — central guidance + per-domain application |
| **3rd**  | AI **Service** risk    | hallucination, quality, user experience                              | **Quality improvement** — autonomous optimization allowed |

This maps onto a **two-team responsibility split**: the **Security team** owns AI Security risk, the **AI Governance team** owns Service/Quality risk, and the two **jointly own** Regulatory risk. Starfort is built to support exactly this collaboration — the most critical policies are enforced from the center, while teams keep the freedom to tune for quality.

## How Starfort is used

There are three entry points, each providing a different **level of control**. They share the same Guardian engine and policies.

<CardGroup cols={3}>
  <Card title="API — service level" icon="code" href="/en/v1.2/api/quickstart">
    Internal/external services (backends, chatbots) embed guardrails by calling the **Guard API** before/after their model.
  </Card>

  <Card title="Desktop Agent — device level" icon="laptop" href="/en/v1.2/desktop/how-it-works">
    Employees use everyday AI tools while the **Desktop Agent** (Windows) transparently enforces policy on the endpoint.
  </Card>

  <Card title="Proxy Server — infrastructure level" icon="server">
    AI calls made at an external service's server-side entry point are routed through Starfort.
  </Card>
</CardGroup>

Governance for all three is configured by an **Account Admin** in the **Console** (cloud.starfort.io): organizations, Guardians, Guard Policies, keys, and monitoring.

## What Guardian does to a request

Every piece of content is evaluated against your **Guard Policies** and assigned an action. The action set depends on the policy type:

<CardGroup cols={3}>
  <Card title="PASS" icon="check">Content is allowed through unchanged.</Card>
  <Card title="MASK" icon="eye-slash">Sensitive spans are replaced with tokens (e.g. `[PHONE_NUMBER_1]`) — PII policies.</Card>
  <Card title="BLOCK" icon="ban">The request is stopped before it reaches the AI service.</Card>
</CardGroup>

PII policies resolve to **PASS / MASK / BLOCK**; Topic policies resolve to **PASS / CHECK / BLOCK** (CHECK flags review-needed content). See [Actions: PASS / MASK / BLOCK](/en/v1.2/concepts/actions-pass-mask-block) for details.

## Core ideas

<CardGroup cols={2}>
  <Card title="Guardian" icon="shield-halved" href="/en/v1.2/concepts/guardian">
    The engine that inspects content and decides the action.
  </Card>

  <Card title="Guard Policy" icon="file-shield" href="/en/v1.2/concepts/guard-policy">
    The PII and Topic rules a Guardian enforces.
  </Card>

  <Card title="Organization hierarchy" icon="sitemap" href="/en/v1.2/concepts/organization-hierarchy">
    Company › Organization › Project, and how Guardians attach to projects.
  </Card>

  <Card title="Glossary" icon="book" href="/en/v1.2/concepts/glossary">
    Definitions for every Starfort term used in these docs.
  </Card>
</CardGroup>

<Note>
  This documentation covers Starfort **v1.2**. Product names — Starfort, Guardian, Guard Policy, Guard API, Opticon, Control Profile — are kept in English across all languages.
</Note>