Skip to main content

For the CISO

The AI Gateway governs unmanaged or semi-managed AI usage at the edge of the organization. It solves:
  • How to log and govern LLM traffic across the organization
  • How to enforce model and tool policy for employees
  • How to audit MCP tool use and agent execution
  • How to produce compliance evidence for regulators and auditors
  • How to reduce shadow AI risk without changing user workflows

How It Works

The gateway sits between employees (or their AI tools) and external providers: 
Employee's AI tool → AI Gateway → Provider API

                   Event log + Policy check + Credential injection
Every request passes through. Every response is logged. Policy is evaluated before forwarding. Credentials are injected by the gateway — the employee’s tool never handles provider secrets directly.

Key Properties

  • Hash-chained audit trail — every interaction logged, tamper-evident, externally verifiable
  • Identity-attributed calls — every LLM and tool call tied to a human owner and session
  • Credential isolation — agents and tools never hold secrets; the gateway injects them
  • Authority scoping — employees and agents can only access models and tools their policy allows
  • California EO N-5-26 ready — architecture designed for the July 2026 vendor certification framework
  • NIST AI RMF aligned — provenance, accountability, and governance by design

Shared Governance Plane

The AI Gateway and the Orchestration Engine are separate products built on the same governance substrate. They share:
  • Event log format and audit semantics
  • Policy evaluation model
  • Identity and credential patterns
  • Provenance and attestation mechanisms
A CISO can deploy the gateway today for audit and compliance. When the organization is ready for governed agent orchestration, the same governance plane extends — no migration, no second audit trail.