Skip to main content
Requires Enterprise plan. Currently in early access.
Datawall detects when confidential data leaves an Ona environment over the network. It operates at the kernel level — below the agent, where it cannot be bypassed or observed by the LLM. Data enters environments through MCP tool responses, repository contents, user-provided context, and build artifacts. If an agent — or any process — attempts to exfiltrate that data, Datawall detects it.

How it works

Ona automatically identifies confidential data entering the environment and registers it with the kernel. The kernel fingerprints the data and continuously monitors all outbound network traffic for matches — including traffic encrypted with TLS, SSH, and other protocols. Datawall is resistant to common evasion techniques including encoding transforms (base64, hex, URL encoding), process relaying, and application-layer encryption.

What it catches

ScenarioDetected
Agent sends data verbatim over HTTP or HTTPSYes
Agent encodes data before sending (base64, hex, URL)Yes
Agent relays data through a child process (curl, wget)Yes
Agent writes to file, different process reads and sendsYes
Agent sends over SSH (git push, scp)Yes
Agent encrypts data at the application layer before sendingYes
Agent splits data across multiple requestsPartial
Agent paraphrases or rewrites the dataNo

Event reporting

Every detection produces a structured event written to environment logs and reported to the management plane. Events include the enforcement action, destination, process metadata, and timestamp.