LLM Governance

Govern every LLM call at the gateway — not in a wiki page nobody reads.

Application-code controls work until one team forgets, one SDK gets swapped, or one developer ships a prototype straight to production. Visionality enforces governance at the infrastructure layer: every request, every team, every provider — same policy.

See a live demoHow it works →

12 detectors

PII patterns, tuned for low false-positive rates

5 tables

append-only audit trail, SQL-layer enforced

<5ms

added gateway latency per request

SOC 2 ready

audit evidence exportable in two clicks

Six controls that don't depend on developer discipline.

Set once, in a dashboard. Applied to every LLM request, regardless of who wrote the code or which SDK they used.

Model allowlists per project

Production projects use production models. Research projects can spin up preview models. The gateway enforces — your code review process doesn't have to.

PII detection & obfuscation

Twelve detectors scan prompts before they hit the model. Block, obfuscate, or log — per project policy. Reversible tokens restore real values in the response.

Immutable audit trail

Five append-only audit tables enforced at the SQL layer. The app database role has UPDATE and DELETE revoked. SOC 2 evidence in two clicks.

Hard budget enforcement

Spend Tokens block at the threshold, not after. An agent that exhausts its envelope gets HTTP 402 — not a tripled invoice.

Drop-in, every provider

OpenAI, Anthropic, Bedrock, Azure OpenAI — each provider's wire format spoken natively. Change one base URL. Client code untouched.

Bring your own KMS

Enterprise plans run on AWS KMS, Azure Key Vault, or GCP Cloud KMS. The KeyProvider interface is built to be swapped — no vendor lock-in on your encryption story.

For Security

Enforcement that survives a developer not reading the wiki.

  • Model allowlists per project — no preview models accidentally in production
  • PII detection at the infrastructure layer — application code cannot bypass
  • Block, obfuscate, or log — per project, set in dashboard, no code change
  • Per-Spend-Token scoping limits blast radius of a leaked credential
What is an LLM gateway? →

For Compliance

An audit trail that survives a SOC 2 review.

  • Immutable logs — the application role literally cannot UPDATE or DELETE audit rows
  • Deploy-time invariant check — rollouts fail if the database permission ever drifts
  • Per-request record: who, when, which model, which project, what PII policy ran
  • Export the full evidence package as CSV or JSON
What is AI cost governance? →

Why infrastructure-level enforcement

Application-code governance is honour-system governance.

The most common AI governance pattern is also the most fragile: wrap every LLM call with a helper function, strip PII in a sanitiser, log the response somewhere.

It works for one team. It breaks the moment a second team makes their own helper. It breaks again when a developer calls the SDK directly because the wrapper added 50ms. It breaks completely when an auditor asks "is this enforceable, or just expected?"

A gateway enforces at the network layer. The application database role cannot modify the audit log. The gateway returns 402 when a budget is exhausted, regardless of what application code wanted. PII detection runs before the prompt leaves your infrastructure — there is nowhere for a forgotten sanitiser to hide.

When Compliance asks "can a developer bypass this?" — the answer should be no, not "they're supposed to use the wrapper."

The compliance and security read.

AI governance for SOC 2 →PII in LLM prompts →

Get policy out of the wiki and into the wire.

30-minute deploy. Enforcement on the first request.

Read the SOC 2 guideRequest a Demo