Security + Governance
Security controls designed for live AI traffic, not static checklists.
RelayOne gives security and platform teams a single enforcement layer between applications and model providers. Policies execute in real time, with visibility that maps decisions back to users, apps, and devices.
Security outcomes teams care about
- Reduced AI data leakage risk through enforced redaction and policy gates
- Operational proof for compliance and internal audit readiness
- Consistent controls across managed, BYOC, and on-prem deployments
Enforcement Architecture
Three-layer control model for enterprise AI traffic
Ingress Control Layer
Every model-bound request is intercepted through RelayOne routing with policy checks before provider egress.
- Prompt and response inspection
- LLM provider allowlists
- Rule actions: allow, deny, redact, approval
Data Boundary Layer
Sovereignty and PII/PHI controls execute at runtime so teams cannot bypass regional constraints by accident.
- Region-aware policy rules
- PII/PHI pattern detection + redaction
- Evidence-backed policy decision logs
Identity + Access Layer
Access is scoped at org, department, project, user, and device levels for reliable least-privilege operations.
- Scoped entitlements for teams and agents
- Signed identities for agentic workloads
- Publishing controls for internal/external exposure
Security Architecture
Zero-trust model from ingress to egress
Every request traverses a full policy evaluation pipeline regardless of source or destination. No implicit trust is granted based on network position, identity provider, or prior authorization. Each decision is logged with full context for audit and incident response.
Every request authenticated and authorized independently at the routing layer
Encryption in transit for all control plane and gateway communication
Tenant isolation enforced at data, network, and policy evaluation layers
Control Coverage
Capabilities included in every production deployment
Traffic visibility and usage telemetry across all routed model calls
Approval workflows for sensitive routes, models, and data classes
Tamper-evident audit trail for security and compliance reviews
BYOC and on-prem deployment support with central policy governance
Policy simulation and staged rollout before hard-enforcement
Operational insights for cost, anomaly, and model drift signals
Compliance Readiness
Controls mapped to the frameworks your organization needs
SOC 2 Type II
Trust Services Criteria coverage across security, availability, and confidentiality. Audit-ready evidence collection with automated control verification.
GDPR
Data residency and sovereignty controls with regional routing constraints. Automated PII detection and redaction with decision logging.
HIPAA
PHI-aware enforcement with runtime redaction, access controls, and BAA-compatible architecture. Audit trail exports for compliance officers.
ISO 27001
Information security management controls mapped to Annex A. Risk assessment inputs with continuous monitoring and policy enforcement evidence.
Evidence
Give security and compliance teams verifiable proof, not assumptions
Capture policy decisions, redaction events, route context, and identity attribution in one place. Export decision trails for incident response, audits, and regulator-facing reviews.
- Capture: log each routed request with policy, actor, and destination metadata.
- Validate: attach control outcome (allow/deny/redact/approval) and evidence details.
- Report: expose dashboards and exports for security and compliance teams.
Ready to run AI programs with enforceable controls from day one?
Start now, or align on architecture and security requirements with the RelayOne team.