Kapālins sits between your enterprise and every model, copilot and agent it touches — inspecting, governing, attributing cost and generating evidence. Bring any AI; we add the trust.
A gateway is one mode. Kapālins runs three, so the estate your staff actually use is governed — not just your API traffic.
Inline gateway. Full payload visibility and real-time enforcement on every API call — allow, flag or block.
Scheduled scanning of SaaS-embedded AI — Copilot, Agentforce, Gemini in Workspace — behaviour a gateway never sees.
Audit-log ingestion from admin APIs — inventories what is authorised, configured and drifting across the estate.
Prompt filtering, cross-tenant blocking and agent guardrails — every request resolved to one of three runtime outcomes. Detect and shadow modes are GA; block mode is rolling out rule-by-rule.
Attribute AI spend per tool, team and tenant; set token budgets; report unit economics to the board. An adjacency no AI-security vendor has claimed. (Roadmap Q3 2026.)