Every attack path.
Blocked before it begins.

Eight independent layers. Four-tier decision tree. 97% of safety decisions never touch a human.

Defense-in-Depth

8-Layer Defense Architecture

Red attack arrows enter from left, penetrating layer by layer — intercepted at Layer 5 Safety Gate

PROTECTED01Input Sanitization02Tool Call Audit03Permission Check04Sandbox Isolation05Safety Gate06Policy Decision Tree07Threat Detection08Telemetry & Audit

Most agent security is a single wall: one check, one gate, one point of failure. MAREF deploys eight independent defense layers — an attacker must break through every single one, but only one needs to hold.

Eight barriers. One must hold.

Defense-in-depth. An attacker must break all 8 layers, but any single layer can stop the threat independently.

97% automated. 3% escalated.

Four-tier decision tree filters the noise. Your team sees only the edge cases that need human judgment.

Signed. Immutable. Auditable.

Every MCP tool call and governance decision is HMAC-SHA256 signed. The audit trail cannot be forged.

Depth matters more than walls.

An 8-layer defense architecture means an attack must break through every single layer to succeed. But the architecture is designed so that any single layer can stop the threat independently. Layers 1-4 filter the obvious. Layer 5 (SafetyGate) is the reinforced core. Layers 6-8 are the final containment. Fail at any point, and the defense holds.

1
2
3
4
5
6
7
8

Layer 5 (SafetyGate) — the reinforced interception layer

Four tiers. Three automated.

The decision tree flows through four levels: Rule (policy matches), Mode (context check), SafetyGate (risk threshold), and Human (escalation). 97% of decisions are resolved in the first three tiers. Your security team reviews the 3% that genuinely need human judgment — not the noise.

Decision Tree

4-Level Governance Decision Tree

Every agent action flows through 4 decision levels — 97% automated, 3% human escalation

40%20%37%3%ENTERAgent Action RequestIdentity & AuthZero-trust identity verificationScope CheckPermission boundary enforcementPolicy Engine97% automated, 3% human escalationHuman EscalationEscalation for high-risk edge casesBLOCK

Audit. Signed. Immutable.

Every MCP tool call, every governance decision, every state transition is logged with HMAC-SHA256 signing. The audit trail cannot be forged, deleted, or tampered with. When regulators ask for proof, you have it.

Audit trail entry 
{
  "action": "tool_call",
  "agent": "agent-7f3a",
  "decision": "BLOCK",
  "layer": "SafetyGate",
  "signature": "hmac-sha256:ab12...",
  "timestamp": "2026-06-13T12:00:00Z"
}

Technical Specifications

Defense layers
8 independent layers
Decision tree
4 tiers: Rule → Mode → SafetyGate → Human
Auto decision rate
97%
Audit signing
HMAC-SHA256
Key interception layer
Layer 5 — SafetyGate