Least privilege, enforced at the wire-protocol level — on autopilot.

A programmable reverse proxy that parses 15+ wire protocols and enforces security policies inline — query-level, every identity, sub-10ms.

Get a demo → Read the docs

Securing millions of queries daily

We did a vendor bakeoff between a number of products and Formal came out on top. The ROI was pretty significant — it would've cost us hundreds of hours to develop our own.

Daniel Pyykonen

Head of Security Engineering

Case study →

With Formal, we have been able to quickly set up automated data protection in complex scenarios, allowing our Privacy Security team to agilely support business needs.

Justin Collins

Head of Security

Case study →

Formal's comprehensive approach to data governance is instrumental in scaling our cybersecurity efforts, ensuring our team is equipped with the industry's best tools.

Michael Hensley

Head of Cyber Security

Case study →

Key use cases

Secure AI Agents & MCP

Proxy between AI agents and MCP servers. Strip PII before it hits the LLM, block unauthorized tool calls, enforce permissions the upstream system lacks, and audit every agent action.

Database Access Governance

Centralized access control across hundreds of databases. Short-lived credentials, JIT access via Slack/Jira, Okta-integrated provisioning. No more standing privileges or forgotten service accounts.

PII/PHI Masking & Compliance

Query-level data masking for HIPAA, SOC 2, PCI DSS, GDPR. Analysts see ***, admins see real data — based on role. No code changes.

BI Tool Security

Secure Metabase, Looker, and Tableau connections to production. Column-level restrictions, query auditing, stale-account detection.

SSH & Infrastructure Session Auditing

Full session recording for SSH, Kubernetes, and RDP. LLM-powered anomaly detection flags suspicious commands and privilege escalation in real time.

How it works

Deploy a single stateless binary in your VPC via Terraform, Kubernetes, or Docker. Point connection strings through Formal instead of directly to your datastores. Every identity — engineer, BI tool, CI/CD pipeline, AI agent — hits the proxy, where policies evaluate in real time. No app changes, no SDK. See the quickstart guide →

Authenticate / Authorize
Mask / Filter / Rewrite
Log / Monitor / Alert

+------------------+      +------------------+      +------------------+
|  Identities      | ---> | Formal Proxy     | ---> |  Resources      |
+------------------+      +------------------+      +------------------+

Response path: identities <--- formal proxy <--- resources
Examples: idp users, CI/CD, BI tools, AI agents | postgres, mysql, mongodb, snowflake, k8s, http, mcp

See the full architecture →

Killer features

Panopticon Auditability

Every query, session, and policy decision — logged with full context across every protocol. Who ran what, when, from where, against which resource. Sub-second search across your full history. Ship to Splunk, Datadog, or S3.

Wire-Protocol-Level Query Rewriting

Native wire-protocol parsing for Postgres, MySQL, MongoDB, MCP, and more — rewriting queries, masking columns, and filtering data inline. Same for AI agent tool calls: intercept, strip sensitive fields, enforce least privilege before anything reaches upstream.

9 Policy Actions, Multi-Stage Pipeline

Allow, Block, Mask, Filter, Rewrite, Quarantine, Suspend, MFA, Impersonate. Evaluated at 3 stages: session, request, response. No other product has this range of inline actions.

Policy Impact Reports & Backtesting

“What-if” analysis: test a new policy against up to 31 days of historical logs before enforcing it. See exactly which queries would be blocked or masked. Avoid breaking production.

Single Binary, 15+ Protocols

One stateless binary handles Postgres, MySQL, MongoDB, Snowflake, SSH, Kubernetes, HTTP, MCP, S3, Redis, RDP, gRPC, BigQuery, ClickHouse, and DynamoDB. Native wire-level parsing — not generic TCP passthrough. Deployed in your VPC. See the protocol reference →

Real-Time AI Session Monitoring

LLM-powered behavior analysis embedded in the proxy. Detects anomalies in live SSH sessions, flags suspicious kubectl commands, and catches unusual SQL patterns as they happen.

Deploy in minutes, not months

1. Deploy the proxy

One stateless binary in your VPC via Terraform, Kubernetes, or Docker. Most teams route first traffic in under an hour — Notion secured hundreds of datastores in days. Read how →

2. Define your policies

Use the no-code editor or write Rego policies. Set masking rules, access controls, and approval workflows. Test with dry-run before going live.

3. Enforce everywhere

Every query, every protocol, evaluated in real time. Full visibility, automatic compliance, least privilege on autopilot.

For developers

Security as Code

API-first. Choose your IaC, pick your VPC, deploy a single distroless image to protect your entire stack.

See docs →

Build with

Terraform

Build with

Pulumi

Build with

API

# Connect a resource
resource "formal_resource" "production_pg" {
  name       = "production-postgres"
  technology = "postgresql"
  hostname   = "db.internal.company.com"
  port       = 5432
}

# Mask PII for non-privileged users (Rego)
resource "formal_policy" "mask_pii" {
  name        = "mask-pii-data"
  description = "Mask PII fields for non-privileged users"
  status      = "active"

  module = <<-EOT
    package formal.v2
    import future.keywords.if
    import future.keywords.in

    response := {
      "action":  "mask",
      "type":    "nullify",
      "columns": pii_columns
    } if {
      not "pii_access" in input.user.groups
      pii_columns := [col |
        col := input.columns[_]
        col.data_label in ["email", "ssn", "phone"]
      ]
      count(pii_columns) > 0
    }
  EOT
}

import * as formal from "@pulumi/formal";

// Connect a resource
const db = new formal.Resource("production-pg", {
  name:       "production-postgres",
  technology: "postgresql",
  hostname:   "db.internal.company.com",
  port:       5432,
});

// Mask PII for non-privileged users
const policy = new formal.Policy("mask-pii", {
  name:        "mask-pii-data",
  description: "Mask PII fields for non-privileged users",
  status:      "active",
  module:      regoCode,
});

# Create a resource
curl -X POST "https://api.joinformal.com/resources" \
  -H "X-API-Key: $FORMAL_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-postgres",
    "technology": "postgresql",
    "hostname": "db.internal.company.com",
    "port": 5432
  }'

# Create a masking policy
curl -X POST "https://api.joinformal.com/policies" \
  -H "X-API-Key: $FORMAL_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "mask-pii-data",
    "status": "active",
    "module": "package formal.v2 ..."
  }'

Why Formal

Protocol-native

Not a network-layer firewall. Formal understands Postgres wire protocol, MySQL protocol, MongoDB wire protocol, and more — enabling query-level decisions.

Zero application changes

Point your connection string through Formal. No SDK, no agent, no code changes. Works with every ORM, driver, and client library.

Deployed in your VPC

Data never leaves your infrastructure. Single stateless binary in your cloud account. Zero exfiltration risk.

Sub-10ms p50 overhead

Single-digit milliseconds at p50. Compiled Go, stateless, with connection pooling and protocol optimization built in.

Ready to secure your AI, data and infra?

No agents, no code changes — just a proxy that understands your protocols.

Get a demo → Read the docs