MLS encrypted workspaces for enterprise AI teams
How Lydo is designing Enterprise MLS encrypted Spaces so human teammates and approved AI agents can participate inside the same encrypted workspace boundary.
AI agents are becoming teammates. They read context, answer questions, summarize calls, write drafts, and turn messy conversations into work. That is useful only if the security model is honest about what an agent is.
An agent is not a search box. It is a participant.
Lydo is designing Enterprise MLS encrypted Spaces around that idea: human members and approved AI agents operating inside the same encrypted workspace boundary, with access controlled by membership, policy, and explicit admin approval. This is planned for private enterprise rollouts where we scope security, agent, key-management, and deployment requirements with the customer.
The old model: AI outside the room
Most collaboration tools bolt AI onto the side. Your team writes in one system. A model reads exported slices of that system through an API. The response comes back as if the AI was “in the workspace,” but the security model is really a handoff from one product to another.
That model can be fine for low-risk summarization. It is not enough for enterprise teams that want AI in sensitive channels, customer projects, legal work, healthcare operations, finance workflows, or regulated internal discussions.
The question is not just “can the AI answer?” The question is:
- Who is allowed to read this Space?
- Which agent identity is allowed to participate?
- What content can that agent decrypt?
- What external tools can that agent call?
- What happens when a member or agent is removed?
What MLS changes
MLS, or Message Layer Security, is a modern group encryption protocol for secure collaboration. Instead of treating encryption as a simple one-to-one chat feature, MLS is built for groups: members join, leave, rotate keys, and continue collaborating as the membership changes.
In the planned Lydo Enterprise MLS architecture, the encrypted content boundary is the Space itself. The normal Lydo service can route and store encrypted payloads, but the content is meant to be readable only by authorized participants in the MLS group.
That participant list can include:
- Human members on approved devices.
- Lydo’s built-in agent, Joby, when approved for that Space.
- Connected AI agents that the enterprise has approved and configured.
- Enterprise-controlled agent runtimes where required by the deployment.
The important shift: an approved AI agent is not scraping from outside the system. It is added as a first-class participant with its own identity and access boundary.
AI agents as first-class encrypted participants
For ordinary AI integrations, the usual pattern is “send context to the provider.” In the planned Enterprise MLS model, the stricter pattern is “grant the approved agent participant access to the encrypted Space boundary.”
That gives admins a cleaner model:
- The agent must be explicitly approved for the Space.
- The agent receives only the Space, channel, conversation, or tool scope it is allowed to access.
- Removing the agent should remove future access, just like removing a human member.
- Sensitive Spaces can block non-approved or non-MLS-capable agents.
- External tool calls remain explicit integrations, not hidden side channels.
This is the security posture enterprise AI needs. The agent can help because it is in the room. It is constrained because it is governed like anything else in the room.
What stays inside the encrypted boundary
For planned MLS encrypted Spaces, the goal is straightforward: message and workspace content should stay encrypted to the authorized participant set. Lydo’s servers should not need plaintext message content to deliver, sync, or store the conversation.
That matters for:
- Executive and board discussions.
- Customer negotiations.
- Legal and finance channels.
- Incident response rooms.
- Product strategy and confidential roadmap work.
- Sensitive AI-assisted research and drafting.
When Joby or an approved connected agent participates, it should operate from the same authorized content boundary as the humans. The agent sees what the enterprise allows it to see, not the entire company by default.
What does not magically disappear
Serious security copy should say the quiet part clearly: encryption is not a wand.
Metadata can still exist. Admin configuration, billing records, delivery state, abuse-prevention signals, audit events, and integration logs may still be processed outside the encrypted content body. If an admin authorizes an external tool or model provider, the data needed for that tool call may leave Lydo under that integration’s policy.
That is why enterprise MLS is paired with policy:
- Approved agent lists.
- BYOK and key-management requirements.
- DLP and audit expectations.
- Regional data residency.
- Subprocessor review.
- Contractual controls for model providers and agent runtimes.
The promise is not “no computer ever touches a byte.” The promise is a more rigorous boundary: encrypted content for authorized participants, explicit policy for agents, and no silent downgrade from “secure workspace” to “AI export pipeline.”
Why this matters now
The next wave of work software will not be just humans typing into chat. It will be humans and AI agents working together in shared spaces: planning, searching, drafting, scheduling, summarizing, filing, and following up.
If those agents are bolted on casually, enterprises will reject them for the right reasons. If they are governed as first-class participants, teams can use AI where the important work actually happens.
Lydo’s enterprise direction is built around that future:
- Chat, calls, notes, boards, files, calendar, and contacts in one Space.
- Joby built in.
- Approved connected agents like Claude, ChatGPT, Gemini, Grok, or custom agents.
- Per-Space pricing that lets the whole team participate.
- Planned Enterprise MLS encrypted Spaces for human members and approved AI agents.
FAQ
Is MLS the same as normal TLS?
No. TLS protects data in transit between clients and servers. MLS is a group encryption protocol designed for secure collaboration among changing groups of participants. Lydo’s planned Enterprise MLS Spaces use that group model for workspace content.
Can AI agents participate in encrypted Spaces?
For planned Enterprise MLS deployments, approved AI agents are designed to be treated as first-class participants inside the encrypted boundary. That means the agent is governed by membership and policy instead of being an unstructured export of workspace data.
Does this mean Lydo can never see any metadata?
No. Metadata, admin settings, billing, delivery state, abuse-prevention signals, audit events, and authorized integration activity can still exist. The MLS boundary is about encrypted content and participant access, not pretending operational metadata disappears.
Can an external AI provider still receive content?
Only if the enterprise authorizes that agent, provider, tool call, or runtime path. For sensitive Spaces, the planned Enterprise MLS model is designed so admins can require approved MLS-capable agents and block non-approved external providers.
Who should talk to Lydo about MLS encrypted Spaces?
Teams with sensitive collaboration needs: executive teams, healthcare operations, legal and finance groups, product strategy teams, regulated organizations, security teams, and enterprises that want AI agents in the workflow without turning every request into an uncontrolled data export.
Want AI agents inside a governed encrypted workspace? Talk to Lydo about Enterprise and we will scope the Space, agent, key-management, rollout timing, and deployment requirements with your team.