Secure every surface of your AI agents — without your data ever leaving.
Prompt, RAG, tools, session, agent-to-agent. TrustGate inspects and governs every move your agents make — with adaptive enforcement, real-time compliance, and actionable cost control — entirely inside your own perimeter.
Live operations
| Agent | Surface | Verdict | Latency | Tokens | Time |
|---|---|---|---|---|---|
| SCsupport-copilot | Prompt | Block | 14ms | 1,204 | 14:02:51 |
| RIrag-indexer | RAG | Block | 22ms | 3,910 | 14:02:49 |
| BAbilling-agent | Tool | Pass | 9ms | 842 | 14:02:47 |
| SCsupport-copilot | Egress | Flag | 12ms | 612 | 14:02:44 |
| OAops-assistant | A2A | Pass | 7ms | 388 | 14:02:41 |
| SCsupport-copilot | Session | Pass | 6ms | 240 | 14:02:38 |
One plane. The whole agent.
Replaces a gateway, guardrails, a cost tool, and an audit stack — all in your own infrastructure.
Your agent has six doors. Most tools watch one.
Every channel an agent touches is now an instruction an attacker can poison. TrustGate inspects all of them — in real time, on the way in and the way out.
Prompt
Direct injection & jailbreaks turn user input into commands.
RAG / retrieval
A poisoned document becomes a trusted instruction.
ingress-ragretrieval inspectionTool / MCP calls
Malicious or “toxic-combination” tool use exfiltrates data.
ingress-tooltool-call scopingSession / memory
Multi-turn manipulation and memory poisoning that persists.
Agent-to-agent
Unverified agent trust and lost lineage across hand-offs.
Response / egress
PII leakage and data exfiltration in output.
Watching all six at once, learning each agent as it goes — that's SHASHU, the engine behind every verdict.
Meet SHASHUMeet SHASHU — the guardian that watches every surface.
SHASHU is TrustGate's purpose-built security engine: a guardian that watches every surface of every agent, learns how each one normally behaves, and raises its own scrutiny the moment something looks hostile — automatically, with no incident review required. Vigilance over your agents, not surveillance of your data.
- SHASHU watches all six surfaces at once — and remembers. Flag an agent and every future request inherits tighter scrutiny.
- Self-healing scrutiny: SHASHU escalates NORMAL → ELEVATED → STRICT on its own, then auto-recovers once the threat clears.
- Underneath SHASHU: layered regex, DLP & forensic-SLM inspection — each catches what the last misses.
- Fail-open on infrastructure, fail-closed on threats — with PHI/PCI/IP detection and reversible PII tokenization.
SHASHU evolves with the threat landscape. As new injection, MCP, and exfiltration techniques emerge, SHASHU is retrained against the latest OWASP and MITRE ATLAS methods and shipped as new releases — so your defense never goes stale.
Compliance you can measure in real time.
Not an annual badge — a live posture across every framework, backed by a cryptographically verifiable audit trail of every agent action. Benchmarked against OWASP, MITRE, and NIST threat taxonomies.
- Real-time posture across GDPR, HIPAA, EU AI Act, SOC 2 & NIST — controls evidenced, not self-attested.
- Tamper-evident, cryptographically chained audit trace of every request.
- Coverage benchmarked to OWASP LLM Top 10, MITRE ATLAS & NIST AI RMF.
- Export-ready evidence for auditors and procurement.
Govern the token economy in real time — not in hindsight.
2026 turned agent spend into a board-level risk: annual AI budgets exhausted in a single quarter, recursive agent loops burning tens of thousands overnight. Most tools show you the bill after it lands. TrustGate sits in the request path — so it acts before the spend happens.
- Enforcement, not dashboards — per-tenant and per-agent budgets enforced in the hot path; a request that breaks budget is throttled or blocked as it's made, not flagged next month.
- Token-type attribution — see exactly where spend goes (input, output, cache), by agent and by request.
- Auto-throttle runaway agents — catch the recursive-loop blowout the moment it starts, before wastage compounds.
- One control plane — the same gateway that secures your agents governs their spend; cost data never leaves your infrastructure.
It all runs inside your perimeter.
Self-hosted, zero data egress, air-gap capable. TrustGate inspects every agent action and sees none of your data — because nothing ever leaves your network. Live in three commands.
- Deploys in your VPC — no telemetry, no third party in the request path.
- Air-gap and GPU deployment options.
- Drop-in OpenAI-compatible — point any SDK at the gateway, no app changes.
Integrate in a minute — your existing code, governed.
Point any stack at TrustGate. No rewrites: install, set your key, and your current OpenAI, Anthropic, LangChain, or Vercel AI code runs unchanged — now inspected, audited, and cost-governed.
import trustgate trustgate.patch_all() # your existing OpenAI / LangChain code is now governed
import { TrustGate } from '@trustgate/sdk'; new TrustGate({ apiKey: process.env.TRUSTGATE_API_KEY }); // Vercel AI SDK / OpenAI / Anthropic calls now route through TrustGate
try (TrustGateClient client = TrustGateClient.builder() .apiKey(System.getenv("TRUSTGATE_API_KEY")) .build()) { var res = client.chat().completions().create( ChatCompletionRequest.builder().model("gpt-4o") .addMessage(ChatMessage.user("Hello")).build()); }
await using var client = new TrustGateClient(new TrustGateClientOptions { ApiKey = Environment.GetEnvironmentVariable("TRUSTGATE_API_KEY") }); var res = await client.Chat.Completions.CreateAsync(new ChatCompletionRequest { Model = "gpt-4o", Messages = new[] { new ChatMessage("user", "Hello") } });
curl https://api.trustgate.io/v1/chat/completions \ -H "Authorization: Bearer $TRUSTGATE_API_KEY" \ -d '{"model":"gpt-4o","messages":[{"role":"user","content":"Hello"}]}'
In your workflow tool, set the HTTP node Base URL to https://api.trustgate.io/v1 and add your API key as a Bearer token — every call is then inspected, audited, and cost-governed.
Works with OpenAI, Anthropic, Vercel AI SDK, LangChain, and any OpenAI-compatible client. Self-hosted? Point the base URL at your own gateway instead.
Plug into everything your agents touch — and govern all of it.
Models, frameworks, tools, automation. Whatever you connect, every call is inspected, authorized, and audited — no rip-and-replace.
Model providers
Route and govern every provider.
Frameworks & SDKs
Drop into your framework.
MCP tools & servers
Bring any tool. Native MCP servers, or any REST API compiled into MCP tools via OpenAPI.
Automation & no-code
Govern without code.
Identity & SSO
Plug into your IdP.
SIEM & observability
Stream audit to your SOC.
Secrets, infra & governance
Fit your platform.
Govern MCP — don't just proxy it.
Connect native MCP servers, or compile any internal REST API into MCP tools straight from its OpenAPI spec. Every tool call your agents make is authorized by rule, constrained by an egress allowlist, and inspected by SHASHU on the tool surface — so a compromised or over-eager agent can't turn a tool into an exfiltration path.
- Native MCP + OpenAPI → MCP — turn your own REST APIs into governed agent tools, no custom wrappers.
- Least privilege for agents — per-tool authorization rules and a strict egress allowlist on every connector.
- Every call inspected — tool calls hit the
ingress-toolsurface where SHASHU scans for abuse and "toxic combinations." - Full lineage — audit of which agent called which tool, with what, when.
Inspected at every hop — in, and out.
A deterministic path every request takes, in one service inside your network.
Identify
Auth, rate & budget checks at the door.
Inspect
Regex, DLP & forensic scan across surfaces.
Route
Provider selection & failover.
Restore
De-tokenize, output scan, egress forensics.
Record
Cryptographic audit → stream → store.
Inspect everything. See nothing.
The agentic-security field makes you send your traffic to them. The gateway field only watches the prompt. TrustGate does neither.
- Multi-surface inspection
- Your agent traffic transits a third party
- Hard to satisfy data residency & audits
- No air-gap option
- Every surface inspected
- Runs in your perimeter, zero egress
- Real-time compliance + crypto audit
- Actionable, real-time cost control
- Self-hostable, multi-provider
- Security is logging + key management
- Blind to RAG, tools, session
- No compliance / audit depth
Designed for the teams auditors trust.
See exactly which agent threats we stop.
Our coverage mapped to the OWASP LLM Top 10, MITRE ATLAS, and NIST AI RMF — the matrix a security team can take straight into review.
Put a trust plane in front of your agents.
Secure every surface, in your own infrastructure, in three commands. Ship agentic AI without the risk.