Kapālins sits between your enterprise and every model, copilot and agent it touches — inspecting, governing, attributing cost and generating evidence. Bring any AI; we add the trust.
A gateway is one mode. Kapālins runs three, so the estate your staff actually use is governed — not just your API traffic.
Inline gateway. Full payload visibility and real-time enforcement on every API call — allow, flag or block.
Scheduled scanning of SaaS-embedded AI — Copilot, Agentforce, Gemini in Workspace — behaviour a gateway never sees.
Audit-log ingestion from admin APIs — inventories what is authorised, configured and drifting across the estate.
Every prompt, response and agent action passes three guardrail shields — each running in two modes: Detect (observe & score, GA) and Enforce (block inline, rolling out rule-by-rule). Bound to identity underneath; mapped to OWASP and MITRE ATLAS above.
Blocks prompt injection, jailbreaks and system-prompt leakage before the model ever responds.
Detects and redacts PII, secrets and cross-tenant data in prompts and responses before egress.
Flags goal drift, unauthorised tool calls and anomalous autonomous-agent actions in real time.
Attribute AI spend per tool, team and tenant; set token budgets and denial-of-wallet limits; report unit economics to the board. Cost observability is always-on for every tenant — an adjacency no AI-security vendor owns.