A data‑science contractor finishes a contract and hands over an AI assistant that has been generating customer insights for weeks. The product team wants to keep the model in production, but the legal group worries that the assistant may have cached or exposed personal data protected by Brazil’s General Data Protection Law (LGPD). They need to prove, today and tomorrow, that the system does not retain or leak sensitive information, and that every request is authorized, logged, and, when necessary, masked.
LGPD requires organizations to maintain a clear record of who accessed personal data, what was accessed, and why. It also mandates that personal data be protected at rest and in transit, and that any processing be limited to the purpose for which consent was given. For agentic AI, software that can autonomously call APIs, retrieve records, and generate responses, the challenge is twofold: the AI may act without direct human oversight, and the data it handles can be highly sensitive.
Traditional compliance approaches rely on static controls: role‑based access lists, periodic log reviews, and manual data‑masking pipelines. Those methods assume a human is always in the loop and that audit data is collected after the fact. In an environment where an AI model can issue hundreds of queries per minute, that model breaks down. The system generates incomplete logs, applies masking too late, and even alters the audit trail because the same process that creates the logs can also modify them.
To meet LGPD, organizations shift from point‑in‑time checks to continuous, enforceable evidence. The control plane captures every interaction, enforces policy before the request reaches the target, and ensures that any personal data returned to the model is masked in real time. Moreover, the system supports just‑in‑time (JIT) approvals for high‑risk operations, so that a privileged request receives human vetting before it proceeds.
That shift requires three distinct layers:
- Setup: Identity providers (OIDC or SAML) issue tokens that represent users, service accounts, or AI agents. These tokens carry group membership and attributes that define the maximum scope of what the caller may request.
- The data path: The gateway that sits between the caller and the underlying resource (database, Kubernetes cluster, SSH host, etc.) serves as the only place where enforcement happens. It inspects each protocol message, applies policy, and decides whether to allow, block, or route the request for approval.
- Enforcement outcomes: When the gateway operates, it records every session, masks personal fields before they reach the AI, requires JIT approval for privileged commands, and replays traffic for audit purposes. Those outcomes exist only because the gateway occupies the data path.
How lgpd compliance is measured for agentic AI
LGPD compliance hinges on three evidentiary pillars: traceability, purpose limitation, and data minimization. Traceability means a tamper‑evident log of who did what, when, and why. Purpose limitation requires that each access be justified against a business need, and data minimization demands that only the necessary fields be exposed.
When an AI model queries a PostgreSQL instance for customer records, the gateway can:
- Verify the caller’s token against the identity provider, confirming that the model is authorized for read‑only access to the customers table.
- Inspect the SQL statement before it reaches the database. If the query requests columns marked as personal data, the gateway applies inline masking so that only pseudonymized values are returned.
- Record the full request and response, attaching the token’s identity, the masking policy applied, and a timestamp to the audit log.
- If the query attempts to modify or delete personal data, the gateway pauses the request and routes it to a human approver, capturing the approval decision as part of the audit trail.
These actions happen in real time, ensuring that the evidence required by LGPD generates continuously, not retroactively.
Why the gateway must sit in the data path
Enforcement placed only at the identity layer fails to protect the system. Tokens can be stolen or misused, and the resource itself lacks visibility into the business purpose behind a request. Only a gateway that intercepts traffic enforces masking before the data leaves the source, and only it guarantees that every operation logs in a way the client cannot alter.
Because the gateway runs on a network‑resident agent inside the customer’s environment, the AI model never sees the underlying credentials. The agent holds the secret, the gateway validates each request, and the model receives only the data that the policy permits. This separation satisfies LGPD’s requirement that personal data be protected at the point of processing.
Implementing continuous lgpd evidence with hoop.dev
hoop.dev provides the data‑path gateway that we described earlier. It integrates with any OIDC or SAML provider, reads group membership, and applies fine‑grained policies to each supported connection type, including databases, Kubernetes clusters, SSH hosts, and HTTP services. When an agentic AI system connects through hoop.dev, the platform automatically:
- Records every session, attaching identity information and masking decisions to a replayable log.
- Applies inline data masking for fields identified as personal data, ensuring that the AI never receives raw values.
- Enforces just‑in‑time approval workflows for high‑risk commands, capturing the approval as immutable evidence.
- Blocks disallowed commands before they reach the target, preventing accidental data leaks.
hoop.dev produces all of these outcomes because it sits in the data path, not because the identity token alone provides them. If you remove hoop.dev, you eliminate the real‑time masking, the session recording, and the approval workflow, leaving only the initial token verification.
To get started, follow the getting‑started guide for a quick deployment using Docker Compose. The guide shows how to register a PostgreSQL connection, define masking rules for personal columns, and enable JIT approvals. For deeper policy design, the learn section explains how to model LGPD‑specific data classifications and map them to hoop.dev policies.
FAQ
Does hoop.dev make my AI system LGPD‑certified?
No. hoop.dev generates the evidence that auditors require for LGPD compliance, but certification remains a separate process performed by the organization.
Can I use hoop.dev with existing AI pipelines?
Yes. hoop.dev works as a transparent proxy, so existing clients (psql, kubectl, ssh, HTTP libraries) continue to function while the gateway enforces policy.
What happens if an AI request is blocked?
The gateway halts the request, creates an approval ticket, and logs the decision, approve or deny, alongside the original session for audit purposes.
Start protecting your agentic AI workloads today and let hoop.dev continuously generate the LGPD‑compliant evidence your organization needs. Contribute or view the source on GitHub.
