Gateplex is the governance firewall that intercepts every agent action before it executes, enforces your business rules, and produces the compliance evidence your auditors require. Deployed in your VPC or hosted. Patent pending.
Every action logged in a tamper-evident, hash-chained audit trail. Server-side. Immutable. Cryptographically verifiable.
Every verdict stored with full reasoning, triggered rule name, and the exact payload evaluated. No reconstruction required.
Configurable human-in-the-loop escalation for flagged actions. Full chain of custody from intercept to resolution.
Autonomous agents are making decisions, moving data, and executing actions across your organization right now. When something goes wrong, your board will ask three questions: What did the agent do? Why did it do it? Who approved it? If you cannot answer all three in under an hour, you have a governance gap.
EU AI Act high-risk obligations apply from December 2027. GDPR, SOC 2, and HIPAA auditors are already asking about AI agent controls. Logs are not enough. They want enforcement evidence.
Prompt injection, data exfiltration, PII leakage, and unbounded tool execution. Agent attack surfaces are unlike anything your existing security stack was built to handle.
When an agent executes a bad action, you need to reconstruct every decision point in sequence. Standard application logs cannot do this. A tamper-evident, hash-chained audit trail can.
Built for the controls your CISO, legal team, and auditors actually require.
Hash-chained, cryptographically verifiable log of every agent action. Satisfies EU AI Act Article 12 logging requirements and survives auditor scrutiny in ways standard server logs do not.
Signed reports scoped by agent, project, and date range. Formatted for EU AI Act, SOC 2, HIPAA, and internal legal review. No manual compilation required.
SAML and OIDC integration with Okta, Azure AD, and Google Workspace. Available on request.
Self-host inside your VPC or air-gapped environment. Available on request.
Available on Enterprise plans. Contact us for terms.
Named technical account manager and priority response.
Define your own enforcement policies for transaction limits, data access boundaries, and output restrictions, and enforce them in real time across every agent in your organization.
Governance that scales with your deployment. No per-agent pricing surprises as you expand from pilot to production.
EU, US, or customer-chosen regions. Available on request.
Tamper-evident audit trail: hash computed server-side at insert time. Each record stores its own SHA-256 hash and the hash of the preceding record.
PII detection and redaction in real time. Data subject request workflows. EU data residency available on request. Evidence exports for DPA audits.
Article 12 tamper-evident logging. Article 14 human oversight enforcement. Transparency reporting. High-risk system obligations apply from December 2027, and implementation takes time.
Versioned guardrail policies, signed audit logs, and evidence packages formatted for SOC 2 Type II and ISO 42001 reviews.
Gateplex Cloud handles infrastructure, uptime, and updates. Ideal for teams moving fast.
Gateplex governance engine runs entirely inside your AWS or Azure environment. Agent payloads never leave your perimeter. Policy sync via encrypted outbound tunnel only.
Fully self-hosted with no outbound connections. For defence, government, and tier-one financial institutions with strict data sovereignty requirements.
Algorithmic trading, AML investigations, automated collections, portfolio rebalancing. One unmonitored agent action can execute an unauthorized multi-million dollar transaction. Gateplex enforces your spending limits, data access boundaries, and regulatory controls in real time.
Prior authorization, claims processing, medical underwriting. Agent actions touch protected health information and trigger HIPAA obligations on every decision. Gateplex produces the audit evidence your compliance team needs before the claims examiner asks for it.
If you are building AI agent capabilities into your platform, your enterprise customers will demand governance guarantees before signing. Gateplex is the compliance layer you embed in your product to close that conversation.
Stakeholder
Pain
Shadow agents bypassing existing security controls. MCP vulnerabilities. Unauthorized API access.
Gateplex
Gateplex establishes a perimeter around every autonomous tool. It locks down which APIs your agents can reach and stops unauthorized actions before execution.
Stakeholder
Pain
EU AI Act Annex III obligations. HIPAA enforcement. Lack of reproducible audit trails for regulatory review.
Gateplex
Gateplex delivers tamper-evident compliance architecture. Export immutable signed reports proving your agents adhered to corporate policy for every autonomous action taken.
Stakeholder
Pain
Managing disparate governance code across agent teams. Security reviews slowing deployment velocity.
Gateplex
One integration point for the entire organisation. Engineering teams focus on building agents. Gateplex handles enforcement globally.
Most organizations do not know how exposed they are until an auditor asks. The Shadow Compliance Audit runs silently behind your existing agent pipelines for 30 days, no code changes, no commitment. At the end you receive a prioritized compliance gap report showing exactly where your agents are creating regulatory and security exposure.
Runs in read-only shadow mode behind your current stack. Agents continue unchanged while we record every decision point.
A prioritized breakdown of intercepted actions mapped to GDPR, EU AI Act, SOC 2, and internal policy violations.
No proxy reconfiguration and no downtime. Gateplex observes via API traffic mirroring.
Priced around your deployment scope, compliance requirements, and data residency needs. No per-agent fees. No intercept caps. No surprises.
Enterprise
For regulated industriesVPC and on-premises deployments available on Enterprise plans. Contact us to discuss your deployment requirements.
Tell us what you are running, what regulations you are working under, and where your current governance gaps are. We respond within one business day.
Core architecture Patent Pending (USPTO)