The platform

One control plane for every AI you run.

Kapālins sits between your enterprise and every model, copilot and agent it touches — inspecting, governing, attributing cost and generating evidence. Bring any AI; we add the trust.

Whole-estate coverage

Three observation modes.

A gateway is one mode. Kapālins runs three, so the estate your staff actually use is governed — not just your API traffic.

MODE 01
AppLLMK200 allow446 block

Proxy

Inline gateway. Full payload visibility and real-time enforcement on every API call — allow, flag or block.

MODE 02
CopilotProbescheduled scan · sweep

Probe

Scheduled scanning of SaaS-embedded AI — Copilot, Agentforce, Gemini in Workspace — behaviour a gateway never sees.

MODE 03
audit-log ingestion

Connector

Audit-log ingestion from admin APIs — inventories what is authorised, configured and drifting across the estate.

Policy & runtime

Three shields. Dual mode. Every call.

Every prompt, response and agent action passes three guardrail shields — each running in two modes: Detect (observe & score, GA) and Enforce (block inline, rolling out rule-by-rule). Bound to identity underneath; mapped to OWASP and MITRE ATLAS above.

Prompt Shield
Policy Shield · gateway

Blocks prompt injection, jailbreaks and system-prompt leakage before the model ever responds.

OWASP LLM01LLM05MITRE ATLAS
Detect · GAEnforce · rolling out
0 prompts inspected · 446 blocked today
Data Shield
Data Security · DLP

Detects and redacts PII, secrets and cross-tenant data in prompts and responses before egress.

OWASP LLM02LLM08NIST
Detect · GAEnforce · rolling out
0 redactions · 12 egress blocks today
Agentic Shield
Agentic Behaviour

Flags goal drift, unauthorised tool calls and anomalous autonomous-agent actions in real time.

OWASP ASIMITRE ATLAS
Detect · GAEnforce · rolling out
0 agents guarded · 5 actions held today
Identity & AccessThe layer beneath the shields — every Prompt, Data and Agentic verdict is bound to the human or non-human identity behind it. One model, two surfaces.
Workforce SSO / SCIMNon-human / agent keysPer-key guardrail binding
finops · cost attributionmonthly
Engineering · Cursor
$18k
Support · Agentforce
$11k
Marketing · Copilot
$7k
Data · OpenAI API
$6k
AI FinOps

The CFO’s question, answered.

Attribute AI spend per tool, team and tenant; set token budgets and denial-of-wallet limits; report unit economics to the board. Cost observability is always-on for every tenant — an adjacency no AI-security vendor owns.

Token meteringShowback / chargebackBudgets & alertsDenial-of-wallet guard
FAQ

Frequently asked questions

How does Kapālins enforce AI security in real time?
In Proxy mode it runs inline as an AI gateway. Every call passes through three dual-mode guardrail shields, which run in Detect (observe) or Enforce (block) mode — so you can monitor first, then enforce policy on live traffic.
What are the three observation modes?
Proxy (inline gateway, real-time enforcement), Probe (scheduled probing of model endpoints and AI systems) and Connector (audit-log ingestion). Together they cover AI a gateway-only tool cannot reach.
What are the guardrail shields?
Three dual-mode shields run on every call: Prompt Shield (prompt injection, jailbreak, data leakage), Data Shield and DLP (PII, secrets, cross-tenant data) and Agentic Shield (goal drift, unauthorised tool calls). Each runs in Detect and Enforce mode and is tied to identity.
How does Kapālins stop prompt injection and jailbreaks?
Prompt Shield inspects every prompt and response inline for injection, jailbreak and leakage patterns. In Detect mode it flags them; in Enforce mode it blocks or redacts — and every event is tied to the workforce or agent identity behind it.
Does Kapālins secure AI agents and their tool use?
Yes. Agentic Shield monitors autonomous agents for goal drift and unauthorised tool calls, and ties each agent action to a non-human identity (agent key) — so agentic activity is governed the same way as human users.
How does Kapālins tie AI activity to identity?
Every prompt and agent action is bound to an identity — workforce SSO for people and non-human agent keys for autonomous agents — so you can see who or what did what, and enforce policy per identity.
Does Kapālins manage AI cost (FinOps)?
Yes. AI FinOps is always-on for every tenant: token metering, showback and chargeback by team and tool, budgets, and a denial-of-wallet guard that stops runaway spend.
Can we set FinOps budgets per team and per user?
Spend is metered live from the gateway request log and attributed by user, by team and by application. You set a budget per AI system or application, each mapped to a team or cost-centre, and that budget becomes a gateway cost-fence rule that warns or blocks on overage (the denial-of-wallet guard). Per-user spend is fully visible with anomaly detection — it flags when one person drives a disproportionate share of spend — so you get team-level budget allocation plus user-level visibility and accountability.
Does it integrate with our SIEM and XDR and existing tooling?
Yes. Connector ingests AI audit logs, and XDR and SIEM integration is available in higher tiers, so AI events flow into the same place your SOC already works.