Why Your AI Agent's Inference Data Should Never Leave Your Environment
When an AI agent runs in production, it handles some of the most sensitive data your organization touches: customer prompts, model completions, retrieved documents, and often PII buried inside all three. The architecture of the platform you use to observe and govern that agent decides where this data lives. And for regulated industries, where it lives is frequently the difference between an agent that clears compliance review and one that never ships.
This post explains the federated data-plane / control-plane architecture, what data crosses which boundary, and why keeping inference data inside your own environment matters.
What "Inference Data" Actually Includes
Inference data is everything that flows through an agent as it does its job:
- Prompts: the user input and the full assembled context sent to the model, which can contain names, account numbers, health details, or proprietary business logic.
- Completions: the model's responses, which may restate or expand on sensitive input.
- Retrieved documents: the source material a RAG system pulls in, often from internal knowledge bases that were never meant to leave your environment.
- PII: personal and company information embedded across all of the above.
When an observability or governance platform ingests this data to power tracing, evals, and dashboards, the question that matters is simple: does that data leave your environment to get there?
The Federated Architecture: Data Plane vs. Control Plane
A federated data-plane / control-plane architecture answers that question by splitting the platform into two planes with a clear boundary between them.
The data plane runs inside your VPC
The data plane sits inside your own virtual private cloud, right next to your AI workloads. This is where sensitive inference data is processed and stored. Prompts, completions, retrieved documents, and PII stay local. Nothing crosses the boundary to a vendor.
Because the data plane lives next to your agents, the most sensitive material an agent touches never has to travel to an external service to be traced, evaluated, or guardrailed.
The control plane handles everything else
The control plane manages the parts of the platform that don't require access to raw inference data: dashboards, alerts, RBAC, SSO, and the APIs your team interacts with. Only lightweight, anonymized metrics flow from the data plane to the control plane.
The practical benefit is that you get the operational simplicity of a managed control plane, with no need to host dashboards, authentication, or alerting infrastructure yourself, without the compliance tradeoff of shipping production inference data to a vendor.
Why This Matters for Regulated Industries
For financial services, healthcare, and government, data residency is not a preference. It is a requirement, and often a legal one.
An agent operating in a hospital handles protected health information governed by HIPAA. An agent in financial services touches account data and transaction histories under strict handling rules. A government agent may process information that simply cannot leave a controlled environment under any circumstances. In each case, a platform that ships inference data to an external cloud to render a dashboard introduces exactly the risk the organization is obligated to prevent.
This is why the boundary matters so much. Shipping an agent into an enterprise environment means passing governance and compliance review, and builders who don't design for this will struggle to get through the door. A federated architecture lets teams govern their AI systems without moving data outside their cloud environment or introducing operational complexity.
The Difference Between Clearing Review and Not
Compliance review asks a direct question: can you demonstrate that sensitive data stays inside your controlled environment? With a federated architecture, the answer is built into the design rather than bolted on afterward.
- Sensitive inference data never crosses the boundary, so there's no external data-handling risk to explain away.
- Governance, discovery, evals, and guardrails all operate on data that stays local.
- The control plane still gives compliance teams the dashboards and audit surfaces they need to inspect an agent's behavior, without that inspection requiring raw data to leave your VPC.
For teams in regulated industries, this is often the deciding factor. An agent whose observability platform keeps inference data local clears review. An agent whose platform exports that data to a vendor's cloud invites longer review cycles, harder questions, and frequently a rejection.
The Takeaway
Where your inference data lives is an architectural decision you make when you choose a platform, not a setting you toggle later. A federated data-plane / control-plane split keeps prompts, completions, retrieved documents, and PII inside your VPC while still giving your team managed dashboards, alerts, RBAC, and SSO. For financial services, healthcare, and government, that boundary is frequently what separates an agent that reaches production from one that stalls in review.
If you're building agents for a regulated environment, see how Arthur's flexible deployment options keep inference data inside your VPC while a managed control plane handles dashboards and governance. You can book a demo with an AI expert or explore the Agent Development Toolkit.