Solutions / Governance

Central AI policy for every team and every provider.

Enforce guardrails, redact PII, cap spend, and maintain an immutable audit trail — all enforced at the gateway before any request reaches a model provider. One policy layer for your entire organisation.

The problem

AI spend and data exposure are invisible until it's too late.

When teams use AI tools independently, customer PII flows to providers without review, budgets are untracked until invoices arrive, and no audit record exists for compliance reviews. Governance becomes a retroactive exercise in damage assessment.

The outcome

Every AI request inspected, budgeted, and logged before it leaves.

ManyLayers Gateway sits in front of every provider. PII is redacted, guardrails evaluated, budgets checked, and a structured audit record written — all in under a millisecond, before the request reaches any external endpoint.

Capabilities

A complete governance stack at the API layer.

Content Guardrails

Define moderation rules that intercept requests before they reach any model provider. Block, warn, or audit based on content category, keyword, or semantic classifier.

PII Firewall

Automatic detection and redaction of names, email addresses, phone numbers, SSNs, and credit card numbers. Configurable per team — redact before send, or block entirely.

Per-Team Budgets

Set monthly spend limits per team, department, or API key. Hard limits halt requests when the budget is exhausted. Soft limits send alerts before the cap is reached.

Rate Limits

Token-per-minute and request-per-minute rate limits enforced at the gateway. Applied per key or per team. Protects downstream providers from runaway agents and scripts.

Immutable Audit Log

Full request and response audit trail with provider, model, latency, token counts, cost, and applied policy decisions. Exportable to Postgres, S3, or stdout in structured JSON.

SSO & RBAC

SAML 2.0 and OIDC SSO for centralised identity. Role-based access control for admin, team lead, and user tiers. SCIM provisioning for automated user lifecycle management.

Policy enforcement flow

Every request passes through six enforcement layers.

01
Request arrives at Gateway from any client
02
PII firewall scans and redacts sensitive fields
03
Content guardrails evaluate against policy rules
04
Budget and rate-limit checks applied per team/key
05
Request forwarded to provider (or blocked with reason)
06
Full audit record written — immutable, exportable

100%

Requests inspected before reaching providers

<1 ms

Policy evaluation overhead per request

90 days

Default audit log retention (configurable)

Enforce AI governance across every team and provider.