The air-gapped trust plane for agentic AI

Secure every surface of your AI agents — without your data ever leaving.

Prompt, RAG, tools, session, agent-to-agent. TrustGate inspects and governs every move your agents make — with adaptive enforcement, real-time compliance, and actionable cost control — entirely inside your own perimeter.

Self-hostedZero data egressBenchmarked to OWASP, MITRE & NISTLive in 3 commands
Live operations
WorkspaceOrganisation
live
OverviewThreatsSurfacesCost
Requests inspected
0.00M
▲ 8.2% vs yesterday
Threats blocked
0
prompt · rag · tool
Data egressed
0 B
zero-egress enforced
SHASHU scrutiny
ELEVATED
auto-raised · support-copilot
Recent inspectionsverdicts by SHASHU · tenant: northwind · last 60s
AgentSurfaceVerdictLatencyTokensTime
SCsupport-copilotPromptBlock14ms1,20414:02:51
RIrag-indexerRAGBlock22ms3,91014:02:49
BAbilling-agentToolPass9ms84214:02:47
SCsupport-copilotEgressFlag12ms61214:02:44
OAops-assistantA2APass7ms38814:02:41
SCsupport-copilotSessionPass6ms24014:02:38

One plane. The whole agent.

Replaces a gateway, guardrails, a cost tool, and an audit stack — all in your own infrastructure.

injection
RAG
tool
session
A2A
egress
TrustGate
Agentic AI
secured by SHASHU
Core defense · most attacks land here
Threat defense across 6 surfaces
Stop attacks on every surface an agent touches — not just the prompt.
injectionRAGtoolsessionA2AegressPII
Governs every model & framework your agents already use
OpenAIOpenAIAnthropicAnthropicBedrockBedrockAzure OpenAIAzure OpenAILangChainLangChainMCPMCPSelf-hosted
The agentic attack surface

Your agent has six doors. Most tools watch one.

Every channel an agent touches is now an instruction an attacker can poison. TrustGate inspects all of them — in real time, on the way in and the way out.

01

Prompt

Direct injection & jailbreaks turn user input into commands.

regex rules + forensic SLM scan
02

RAG / retrieval

A poisoned document becomes a trusted instruction.

ingress-ragretrieval inspection
03

Tool / MCP calls

Malicious or “toxic-combination” tool use exfiltrates data.

ingress-tooltool-call scoping
04

Session / memory

Multi-turn manipulation and memory poisoning that persists.

session inspection
05

Agent-to-agent

Unverified agent trust and lost lineage across hand-offs.

A2A lineage & trust checks
06

Response / egress

PII leakage and data exfiltration in output.

de-tokenize + output scan + egress forensics

Watching all six at once, learning each agent as it goes — that's SHASHU, the engine behind every verdict.

Meet SHASHU
Pillar 01 — Defend

Meet SHASHU — the guardian that watches every surface.

SHASHU is TrustGate's purpose-built security engine: a guardian that watches every surface of every agent, learns how each one normally behaves, and raises its own scrutiny the moment something looks hostile — automatically, with no incident review required. Vigilance over your agents, not surveillance of your data.

  • SHASHU watches all six surfaces at once — and remembers. Flag an agent and every future request inherits tighter scrutiny.
  • Self-healing scrutiny: SHASHU escalates NORMAL → ELEVATED → STRICT on its own, then auto-recovers once the threat clears.
  • Underneath SHASHU: layered regex, DLP & forensic-SLM inspection — each catches what the last misses.
  • Fail-open on infrastructure, fail-closed on threats — with PHI/PCI/IP detection and reversible PII tokenization.

SHASHU evolves with the threat landscape. As new injection, MCP, and exfiltration techniques emerge, SHASHU is retrained against the latest OWASP and MITRE ATLAS methods and shipped as new releases — so your defense never goes stale.

Pillar 02 — Prove

Compliance you can measure in real time.

Not an annual badge — a live posture across every framework, backed by a cryptographically verifiable audit trail of every agent action. Benchmarked against OWASP, MITRE, and NIST threat taxonomies.

  • Real-time posture across GDPR, HIPAA, EU AI Act, SOC 2 & NIST — controls evidenced, not self-attested.
  • Tamper-evident, cryptographically chained audit trace of every request.
  • Coverage benchmarked to OWASP LLM Top 10, MITRE ATLAS & NIST AI RMF.
  • Export-ready evidence for auditors and procurement.
compliance postureLive
GDPR100%
42 / 42 controls evidenced
HIPAA98%
54 / 55 controls evidenced
SOC 2 Type II100%
trust criteria mapped
EU AI Act96%
high-risk obligations
Cryptographic audit chain
14:02:47req_8f21 · verified#a3f9…c1
14:02:46req_8f20 · verified#7b2e…9d
14:02:45req_8f1f · verified#e04c…2a
Pillar 03 — Control
The token bill is coming due.

Govern the token economy in real time — not in hindsight.

2026 turned agent spend into a board-level risk: annual AI budgets exhausted in a single quarter, recursive agent loops burning tens of thousands overnight. Most tools show you the bill after it lands. TrustGate sits in the request path — so it acts before the spend happens.

  • Enforcement, not dashboards — per-tenant and per-agent budgets enforced in the hot path; a request that breaks budget is throttled or blocked as it's made, not flagged next month.
  • Token-type attribution — see exactly where spend goes (input, output, cache), by agent and by request.
  • Auto-throttle runaway agents — catch the recursive-loop blowout the moment it starts, before wastage compounds.
  • One control plane — the same gateway that secures your agents governs their spend; cost data never leaves your infrastructure.
top spend by agent · today
Tenant budget$0 / $5,000
rag-indexer$1,940 · throttled
support-copilot$820
billing-agent$410
ops-assistant$250
rag-indexer auto-throttled at 97% of budget · output tokens 3.1× expected
Annual AI budget exhausted by AprilA runaway agent loop ran up $47K overnightRunaway-cost fear is the #1 barrier to AI budget approval
Pillar 04 — Contain

It all runs inside your perimeter.

Self-hosted, zero data egress, air-gap capable. TrustGate inspects every agent action and sees none of your data — because nothing ever leaves your network. Live in three commands.

  • Deploys in your VPC — no telemetry, no third party in the request path.
  • Air-gap and GPU deployment options.
  • Drop-in OpenAI-compatible — point any SDK at the gateway, no app changes.
deploy · your-vpc
$helm repo add trustgate https://charts.trustgateai.io
✓ repo added
$helm install trustgate trustgate/control-plane
✓ control-plane deployed · 6 surfaces armed
$export OPENAI_BASE_URL=https://trustgate.svc.local
→ point any SDK here · no app changes
$
Zero data egressVPC · air-gap · GPU options
Drop-in, in any stack

Integrate in a minute — your existing code, governed.

Point any stack at TrustGate. No rewrites: install, set your key, and your current OpenAI, Anthropic, LangChain, or Vercel AI code runs unchanged — now inspected, audited, and cost-governed.

PythonNode.jsJava alpha.NET alphacURLn8n / no-code
$ pip install trustgate
import trustgate
trustgate.patch_all()        # your existing OpenAI / LangChain code is now governed
$ npm install @trustgate/sdk
import { TrustGate } from '@trustgate/sdk';
new TrustGate({ apiKey: process.env.TRUSTGATE_API_KEY });
// Vercel AI SDK / OpenAI / Anthropic calls now route through TrustGate
dependency ai.trustgate:trustgate-sdk
try (TrustGateClient client = TrustGateClient.builder()
        .apiKey(System.getenv("TRUSTGATE_API_KEY"))
        .build()) {
    var res = client.chat().completions().create(
        ChatCompletionRequest.builder().model("gpt-4o")
            .addMessage(ChatMessage.user("Hello")).build());
}
$ dotnet add package TrustGate.Sdk
await using var client = new TrustGateClient(new TrustGateClientOptions {
    ApiKey = Environment.GetEnvironmentVariable("TRUSTGATE_API_KEY") });
var res = await client.Chat.Completions.CreateAsync(new ChatCompletionRequest {
    Model = "gpt-4o", Messages = new[] { new ChatMessage("user", "Hello") } });
point the base URL at your gateway
curl https://api.trustgate.io/v1/chat/completions \
  -H "Authorization: Bearer $TRUSTGATE_API_KEY" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"Hello"}]}'
no-code · HTTP node

In your workflow tool, set the HTTP node Base URL to https://api.trustgate.io/v1 and add your API key as a Bearer token — every call is then inspected, audited, and cost-governed.

Works with OpenAI, Anthropic, Vercel AI SDK, LangChain, and any OpenAI-compatible client. Self-hosted? Point the base URL at your own gateway instead.

Works with your stack

Plug into everything your agents touch — and govern all of it.

Models, frameworks, tools, automation. Whatever you connect, every call is inspected, authorized, and audited — no rip-and-replace.

Model providers

Route and govern every provider.

OpenAIAnthropicGoogle GeminiAzure OpenAIAWS BedrockMistralOllamaany OpenAI-compatible

Frameworks & SDKs

Drop into your framework.

LangChainVercel AI SDKPythonNode.jsJava.NET

MCP tools & servers

Bring any tool. Native MCP servers, or any REST API compiled into MCP tools via OpenAPI.

Native MCPGitHubSlackJiraSalesforceNotionPostgres+ any OpenAPI REST API

Automation & no-code

Govern without code.

n8nany HTTP client · base-URL swap

Identity & SSO

Plug into your IdP.

SAML 2.0OktaAzure AD / Entra IDSCIM

SIEM & observability

Stream audit to your SOC.

SplunkDatadogMicrosoft SentinelGoogle ChronicleCrowdStrike LogScaleOpenTelemetry

Secrets, infra & governance

Fit your platform.

HashiCorp VaultTerraformHelm / KubernetesMicrosoft Purview
MCP security

Govern MCP — don't just proxy it.

Connect native MCP servers, or compile any internal REST API into MCP tools straight from its OpenAPI spec. Every tool call your agents make is authorized by rule, constrained by an egress allowlist, and inspected by SHASHU on the tool surface — so a compromised or over-eager agent can't turn a tool into an exfiltration path.

  • Native MCP + OpenAPI → MCP — turn your own REST APIs into governed agent tools, no custom wrappers.
  • Least privilege for agents — per-tool authorization rules and a strict egress allowlist on every connector.
  • Every call inspected — tool calls hit the ingress-tool surface where SHASHU scans for abuse and "toxic combinations."
  • Full lineage — audit of which agent called which tool, with what, when.
MCP connectors+ Add connector
github-mcprepos · issues · 14 toolsMCPauthorized
billing-apiOpenAPI → MCP · 8 toolsREST→MCPscoped
slack-mcppost · search · 6 toolsMCPegress-limited
analytics-dbOpenAPI → MCP · read-onlyREST→MCPblocked
SHASHU inspecting ingress-tool · egress allowlist enforced on 4 connectors

Get the OWASP / MITRE / NIST coverage report

The exact agent-threat matrix a security team can take straight into review.

Get the report
How it works

Inspected at every hop — in, and out.

A deterministic path every request takes, in one service inside your network.

Step 01

Identify

Auth, rate & budget checks at the door.

Step 02

Inspect

Regex, DLP & forensic scan across surfaces.

Step 03

Route

Provider selection & failover.

Step 04

Restore

De-tokenize, output scan, egress forensics.

Step 05

Record

Cryptographic audit → stream → store.

Fail-open on infrastructureSub-second added latencyOne service in your VPC
Why TrustGate

Inspect everything. See nothing.

The agentic-security field makes you send your traffic to them. The gateway field only watches the prompt. TrustGate does neither.

SaaS AI-security tools
your traffic transits a third party
  • Multi-surface inspection
  • Your agent traffic transits a third party
  • Hard to satisfy data residency & audits
  • No air-gap option
TrustGate · self-hosted trust plane
Every surface inspected. Zero egress.
runs in your perimeter
  • Every surface inspected
  • Runs in your perimeter, zero egress
  • Real-time compliance + crypto audit
  • Actionable, real-time cost control
LLM / API gateways
security is logging + keys
  • Self-hostable, multi-provider
  • Security is logging + key management
  • Blind to RAG, tools, session
  • No compliance / audit depth
Built for procurement, not just demos

Designed for the teams auditors trust.

SOC 2 Type IIGDPRHIPAA-readyZero data egressRBAC & SSOAir-gap capableTenant isolation
Threat-coverage report

See exactly which agent threats we stop.

Our coverage mapped to the OWASP LLM Top 10, MITRE ATLAS, and NIST AI RMF — the matrix a security team can take straight into review.

Put a trust plane in front of your agents.

Secure every surface, in your own infrastructure, in three commands. Ship agentic AI without the risk.