Request accessBook a demo
How it works

Inspected at every hop — in, and out.

A deterministic path every agent request takes — five stages, one service, entirely inside your network. Fail-open on infrastructure, sub-second added latency.

Step 01

Identify

Auth, rate & budget.

Step 02

Inspect

Regex, DLP, forensic scan.

Step 03

Route

Provider & failover.

Step 04

Restore

De-tokenize, egress scan.

Step 05

Record

Crypto audit → store.

STAGE 01 · IDENTIFY

Who is asking, and can they?

Every request is authenticated, rate-limited, and budget-checked at the door — before a single token is spent. Identity flows through to per-agent policy and the audit record.

  • API-key, mTLS, or SSO-backed agent identity
  • Per-tenant and per-agent rate & budget enforcement
  • Cedar-style policy evaluation in the hot path
agent: support-copilotauthed
rate: 142 / 600 rpmwithin
budget: $820 / $1,500ok
STAGE 02 · INSPECT

The six surfaces, in real time.

Layered inspection runs across prompt, RAG, tool, session, and agent-to-agent traffic. Regex and DLP catch the obvious; a forensic SLM catches what they miss; self-healing scrutiny raises the bar when an agent looks hostile.

  • Regex → DLP → forensic-SLM, layered
  • PHI / PCI / IP / HR detection engines
  • NORMAL → ELEVATED → STRICT, automatically
prompt · injection scanelevated
rag · retrieval inspectedclean
tool · call scopedallowed
STAGE 03 · ROUTE

To the right model, every time.

Once a request clears inspection, TrustGate routes it to the chosen provider with automatic failover — OpenAI, Anthropic, Bedrock, Azure, or your self-hosted models — behind one OpenAI-compatible endpoint.

  • Multi-provider with health-aware failover
  • Drop-in OpenAI-compatible — no app changes
  • Self-hosted & GPU model targets supported
primary: anthropic / claudehealthy
failover: azure openaistandby
self-hosted: llama-guardlive
STAGE 04 · RESTORE

Clean on the way out, too.

The response is de-tokenized to restore real values, scanned for PII leakage and exfiltration, and run through egress forensics — so what leaves the model is as governed as what entered it.

  • Reversible PII tokenization restored in-response
  • Output scan for leakage & data exfiltration
  • Egress forensics on every response
detokenize · 4 values restoreddone
egress scan · no PII leakclean
data egressed · 0 bytesenforced
STAGE 05 · RECORD

A trail you can actually prove.

Every request is written to a cryptographically chained, tamper-evident audit trace — then streamed and stored where you choose. Evidence your auditors and procurement team can verify, not just trust.

  • Cryptographically chained audit records
  • Stream to SIEM · store in your own bucket
  • Export-ready evidence per framework
audit chainLive
Tamper-evident · verified chain
14:02:47req_8f21 · support-copilot#a3f9…c1
14:02:46req_8f20 · billing-agent#7b2e…9d
14:02:45req_8f1f · rag-indexer#e04c…2a
14:02:44req_8f1e · ops-assistant#11bd…7f
Performance & failure profile

Built to sit in the hot path.

One service in your VPC, designed so security never takes your agents offline.

<1s
added p95 latency
0 B
data egressed
0
surfaces inspected
Fail-open
on infrastructure
Fail-open on infrastructure, fail-closed on threatsNothing leaves your network

See the pipeline on your own traffic.

Deploy the open core in three commands, or book a walkthrough with our team.

Book a demo Request access