Least privilege, enforced at the packet level — on autopilot.

A super powerful programmable protocol-aware proxy for cracked security engineers who want to enforce least privilege at the most granular level for every identity.

Get a demo → Read the docs
Securing millions of queries daily
Ramp Notion Cursor Gusto Graphite Modern Health Anchorage Elise AI Check Rogo
We did a vendor bakeoff between a number of products and Formal came out on top. The ROI was pretty significant — it would've cost us hundreds of hours to develop our own.
Daniel Pyykonen
Daniel Pyykonen
Head of Security Engineering
Case study →
With Formal, we have been able to quickly set up automated data protection in complex scenarios, allowing our Privacy Security team to agilely support business needs.
Justin Collins
Justin Collins
Head of Security
Case study →
Formal's comprehensive approach to data governance is instrumental in scaling our cybersecurity efforts, ensuring our team is equipped with the industry's best tools.
Michael Hensley
Michael Hensley
Head of Cyber Security
Case study →
Killer features
Panopticon Auditability
Every query, every session, every policy decision — logged with full context across every protocol. Who ran what, when, from which device, against which resource. Sub-second search across your entire history. Ship to Splunk, Datadog, or S3. Complete forensic-grade visibility with zero blind spots.
Wire-Protocol-Level Query Rewriting
Formal parses each wire protocol natively — Postgres, MySQL, MongoDB, MCP, and more — rewriting queries, masking columns, and filtering data inline. The same applies to AI agent tool calls: intercept, strip sensitive fields, and enforce least privilege before anything reaches upstream.
9 Policy Actions, Multi-Stage Pipeline
Allow, Block, Mask, Filter, Rewrite, Quarantine, Suspend, MFA, Impersonate. Evaluated at 3 stages: session, request, response. No other product has this range of inline actions.
Policy Impact Reports & Backtesting
“What-if” analysis: test a new policy against up to 31 days of historical logs before enforcing it. See exactly which queries would be blocked or masked. Avoid breaking production.
Single Binary, 15+ Protocols
One stateless binary handles Postgres, MySQL, MongoDB, Snowflake, SSH, Kubernetes, HTTP, MCP, S3, Redis, RDP, gRPC, BigQuery, ClickHouse, and DynamoDB. Deployed in your VPC.
Real-Time AI Session Monitoring
LLM-powered behavior analysis embedded in the proxy itself. Detects anomalies during live SSH sessions, flags suspicious kubectl commands, and identifies unusual SQL patterns as they happen.
How it works

Formal is a single stateless binary you deploy in your VPC via Terraform, Kubernetes, or Docker. Point your connection strings through Formal instead of directly to your datastores. Every identity — engineer, BI tool, CI/CD pipeline, AI agent — connects through the proxy, where policies are evaluated in real-time. No application changes, no SDK, up and running in under an hour.

Authenticate / Authorize
Mask / Filter / Rewrite
Log / Monitor / Alert

+------------------+      +------------------+      +------------------+
|  Identities      | ---> | Formal Proxy     | ---> |  Resources      |
+------------------+      +------------------+      +------------------+

Response path: identities <--- formal proxy <--- resources
Examples: idp users, CI/CD, BI tools, AI agents | postgres, mysql, mongodb, snowflake, k8s, http, mcp
Key use cases
Secure AI Agents & MCP
Proxy between AI agents and MCP servers. Strip PII before it reaches the LLM, block unauthorized tool calls, enforce granular permissions beyond what the upstream system offers, and audit every action agents take.
Database Access Governance
Centralized access control across hundreds of databases. Short-lived credentials, JIT access via Slack/Jira, Okta-integrated provisioning. Eliminate standing privileges and forgotten service accounts.
PII/PHI Masking & Compliance
Dynamic data masking at the query level for HIPAA, SOC 2, PCI DSS, GDPR. Mask columns based on user role — analysts see ***, admins see the real data. No application code changes required.
BI Tool Security
Secure Metabase, Looker, and Tableau connections to production databases. Column-level restrictions, query auditing, detect stale accounts with active queries.
SSH & Infrastructure Session Auditing
Full session recording for SSH, Kubernetes, and RDP. Real-time LLM-powered anomaly detection flags suspicious kubectl commands or privilege escalation attempts as they happen.
Deploy in minutes, not months
1. Deploy the proxy

Drop a single stateless binary into your VPC via Terraform, Kubernetes, or Docker. Up and routing traffic in under an hour.

2. Define your policies

Use the no-code editor or write Rego policies. Set masking rules, access controls, and approval workflows. Test with dry-run before going live.

3. Enforce everywhere

Every query across every protocol is evaluated in real-time. Complete visibility, automatic compliance, and least-privilege enforcement on autopilot.

For developers

Security as Code

Formal is API-first. Choose your IaC, pick your VPC, and deploy a single distroless Docker image to protect your entire stack.

See docs →
Terraform
Build with
Terraform
Pulumi
Build with
Pulumi
Build with
API
# Connect a resource
resource "formal_resource" "production_pg" {
  name       = "production-postgres"
  technology = "postgresql"
  hostname   = "db.internal.company.com"
  port       = 5432
}

# Mask PII for non-privileged users (Rego)
resource "formal_policy" "mask_pii" {
  name        = "mask-pii-data"
  description = "Mask PII fields for non-privileged users"
  status      = "active"

  module = <<-EOT
    package formal.v2
    import future.keywords.if
    import future.keywords.in

    response := {
      "action":  "mask",
      "type":    "nullify",
      "columns": pii_columns
    } if {
      not "pii_access" in input.user.groups
      pii_columns := [col |
        col := input.columns[_]
        col.data_label in ["email", "ssn", "phone"]
      ]
      count(pii_columns) > 0
    }
  EOT
}
Why Formal

Protocol-native

Not a network-layer firewall. Formal understands Postgres wire protocol, MySQL protocol, MongoDB wire protocol, and more — enabling query-level decisions.

Zero application changes

Point your connection string through Formal. No SDK, no agent, no code changes. Works with every ORM, driver, and client library.

Deployed in your VPC

Your data never leaves your infrastructure. Formal runs as a single stateless binary in your cloud account. No data exfiltration risk.

Sub-10ms overhead

Inline evaluation with minimal latency. Policy decisions happen in microseconds. Connection pooling and protocol optimization built in.

Ready to secure your AI, data and infra?

Deploy in under an hour. No agents, no code changes — just a proxy that understands your protocols.

Get a demo → Read the docs