What is a secure enterprise platform for AI-powered agents?
Davis Christenhuis
Dust is a secure enterprise platform for AI-powered agents that lets organizations deploy AI with enterprise-grade security controls, compliance certifications, and data protection built into the architecture. Teams build and deploy AI agents that connect to company knowledge and tools while maintaining GDPR compliance and SOC2 Type II certification, and enabling HIPAA compliance.
📌 TL;DR
Here's what this article covers:
- What makes platforms secure: SOC 2 certification, GDPR compliance, zero data retention, SSO integration, role-based access controls, audit logging, and data residency options are baseline enterprise security requirements.
- What Dust offers: A platform to deploy AI agents with GDPR compliance, SOC2 Type II certification, HIPAA enablement, zero data retention, private spaces, and granular permission controls built in.
- Who uses Dust: 5,000+ organizations including Back Market, Clay, and Spendesk use Dust across sales, support, engineering, marketing, HR, and legal departments.
- Proven adoption: Spendesk, a regulated financial services company, achieved 90% company-wide AI adoption in six months by choosing a platform where security enabled deployment rather than blocking it.
What makes an enterprise AI agent platform secure
Enterprise AI agent platforms handle company data differently than traditional software tools. They connect to multiple systems, process sensitive information, and take actions on behalf of users.
Security in this context means protecting data throughout the entire workflow while maintaining compliance with industry regulations. Here's what that requires:
- Compliance certifications: SOC 2 Type II certification demonstrates that the platform follows established security controls for protecting customer data. GDPR compliance ensures the platform handles personal data according to privacy regulations. Platforms that enable HIPAA compliance can be deployed in healthcare environments that process protected health information.
- Identity and access management: Single sign-on integration lets organizations manage platform access through existing identity providers. Role-based access control ensures users only see and modify what their role permits.
- Data protection architecture: End-to-end encryption protects data at rest and in transit. Data ingestion controls let organizations define exactly which content gets indexed, limiting agent access to only what's relevant and approved.
- Data processing transparency: The platform should clearly document how data sent to AI model providers is handled, whether it's stored, and whether it's used for model training.
- Source-level access controls: Agents should respect the permissions already in place across connected tools. A user should never be able to retrieve data through an agent that they couldn't access directly.
- Audit capabilities: Comprehensive logging captures every agent action with timestamps, user attribution, and data accessed. Exportable audit trails support compliance verification and security investigations.
- Data residency options: Enterprise platforms should offer hosting choices that allow organizations to meet local data sovereignty and regulatory requirements.
These controls work together to meet enterprise security requirements. Organizations don't have to choose between AI capabilities and security compliance.
Dust: AI agents with enterprise-grade security
Dust is a platform where organizations deploy, orchestrate, and govern AI agents that work alongside teams, securely connected to company knowledge and tools.
The platform is used by 5,000+ organizations, including Back Market, Clay, and Spendesk. Teams use Dust across departments like sales, marketing, engineering, customer support, and more.
Some key features include:
- No-code agent builder: Teams create custom agents using natural language instructions without writing code. You describe what the agent should do, connect it to your tools, and deploy it.
- Multi-source knowledge access: Agents search across Slack, Google Drive, Notion, Confluence, GitHub, Salesforce, and dozens of other integrations to find relevant context before taking action.
- Model flexibility: The platform supports multiple AI model providers, including OpenAI, Anthropic, Google, Mistral, and DeepSeek. Teams choose the right model for each agent based on capabilities and requirements.
Security features built into Dust:
- Compliance certifications: GDPR compliant, SOC2 Type II certified, and enables HIPAA compliance.
- Granular Data Selection: Fully control which data Dust ingests from each source, limiting agent access to only what's relevant and approved.
- Zero Data Retention: No data is stored by third-party model providers. Your information is never used to train models.
- Single Sign-On (SSO): Use SSO to manage user access across the workspace, letting organizations enforce existing authentication policies.
- Private Spaces: Use private spaces for sensitive data, restricting access by role to ensure only authorized users can access confidential information.
The platform reduces the burden of individual security reviews by enforcing controls at the platform level, including SSO, role-based access, private spaces, and data ingestion controls.
💡 Want to deploy AI agents with enterprise-grade security? Try Dust free for 14 days →
Who uses Dust
Organizations deploy Dust across departments to automate workflows, surface insights, and connect teams to company knowledge. Here's how different teams use the platform:
- Sales teams: Agents research prospects, draft personalized outreach, update CRM records, and generate deal summaries based on internal data.
- Customer support: Agents retrieve answers from knowledge bases, draft responses to customer queries, and escalate issues based on severity.
- Engineering teams: Agents search codebases, generate documentation, create GitHub issues, and surface relevant technical context from Slack and Notion.
- Marketing: Agents analyze campaign performance, draft content based on brand guidelines, and pull insights from multiple data sources.
- HR and operations: Agents answer employee questions and surface policies from internal documentation.
- Legal and compliance: Agents retrieve contract clauses and surface regulatory requirements.
Customer case study: Spendesk
Spendesk, Europe's leading spend management platform, is a regulated financial services company that needed AI tools without compromising compliance. Employees wanted AI for productivity, but unrestricted use of external services wasn't an option.
Spendesk chose Dust for three reasons: security features like zero data retention and GDPR compliance met regulatory requirements, the platform worked across all teams rather than being locked to specific vendors, and the no-code builder let them create custom agents without development work.
Within six months, Spendesk deployed agents across sales, support, marketing, and operations, achieving 90% company-wide adoption and 92% weekly retention. One in four users became agent builders. The platform replaced multiple point solutions while consolidating AI usage in a compliant environment.
Frequently asked questions (FAQs)
Does Dust train AI models on my company data?
No. Dust enforces zero data retention with its supported AI model providers. When an agent sends information to a model for processing, that data isn't stored by the model provider or used to train future models.
Can I control which data each AI agent accesses with Dust?
Yes. Dust uses a space-based permission system in which administrators create spaces containing specific data sources. Each agent belongs to exactly one space and can only access data from that space. Spaces can be open (accessible to all workspace members) or restricted (limited to designated members). Agent permissions are managed independently from user permissions, meaning admins control both what data an agent can access and who can use it. This creates granular, platform-level control over what data each agent can access.
What tools and platforms does Dust integrate with?
Dust connects to dozens of workplace tools including Slack, Google Drive, Notion, Confluence, GitHub, Salesforce, and other common enterprise platforms. Agents can search across these connected sources to find relevant context before taking action. Administrators control which data sources each space can access, ensuring agents only see authorized information.