# TrustGate AI > The self-hosted trust plane for agentic AI. TrustGate inspects every surface of your AI agents — prompt, RAG, tools, session, agent-to-agent, and egress — entirely inside your own network, with zero data egress. Self-hosted, benchmarked to the OWASP LLM Top 10, MITRE ATLAS, and NIST AI RMF. ## Core pages - [Home](https://www.trustgateai.io/): Self-hosted AI security gateway for agents — secure every surface without your data ever leaving. - [How it works](https://www.trustgateai.io/how-it-works): The request pipeline — identify, inspect, route, restore, record — across six surfaces, with sub-second added latency. - [Pricing](https://www.trustgateai.io/pricing): Free self-hosted core; pay only to prove, scale, and integrate. No per-token markup. Community, Team, Enterprise. - [Threat-coverage report](https://www.trustgateai.io/resources/threat-coverage): TrustGate's agent defenses mapped to the OWASP LLM Top 10, MITRE ATLAS, and NIST AI RMF — auditor-ready. - [Blog](https://www.trustgateai.io/blog): Field notes on securing, governing, and paying for agentic AI. - [Contact / book a demo](https://www.trustgateai.io/contact): Talk to the team about securing your agents in your own infrastructure. ## The four pillars (concepts) - [Agent Security — Shashu](https://www.trustgateai.io/#defend): A purpose-built engine that watches all six agent surfaces, learns each agent's behavior, and raises its own scrutiny (NORMAL → ELEVATED → STRICT) the moment one looks hostile — self-healing against new threats. - [Compliance & Audit](https://www.trustgateai.io/#prove): Real-time compliance posture across GDPR, HIPAA, EU AI Act, SOC 2, and NIST AI RMF, backed by a cryptographically verifiable, tamper-evident audit trail of every agent action. - [Cost Control](https://www.trustgateai.io/#control): Per-tenant and per-agent token budgets enforced in the request path — stop runaway agents and wasted spend as it happens, not on next month's invoice. No per-token markup. - [Self-Hosted Deployment](https://www.trustgateai.io/#contain): Runs entirely inside your perimeter — VPC, air-gapped, or GPU — drop-in OpenAI-compatible, with zero customer data egress. ## Key blog posts - [The agentic attack surface: 6 ways attackers hijack AI agents](https://www.trustgateai.io/blog/agentic-attack-surface): The six channels attackers exploit — prompt, RAG, tools, session, agent-to-agent, egress — and how to close each. - [Govern MCP, don't just proxy it](https://www.trustgateai.io/blog/govern-mcp-dont-just-proxy): Authorize every tool call, enforce an egress allowlist, and inspect MCP traffic — native MCP plus any REST API via OpenAPI. - [Real-time compliance vs the annual audit](https://www.trustgateai.io/blog/real-time-compliance-vs-annual-audit): Why agentic AI breaks point-in-time audits and needs continuous, provable compliance. - [The token bill came due](https://www.trustgateai.io/blog/token-bill-runaway-agents): Runtime cost governance — enforcing budgets in the request path before a looping agent empties the account.