The Architecture of Modern Business
Toggle navigation
HomeAboutProductsContact
Get in Touch

Sentinel AI Gateway Security

Security controls designed for governed AI operations

Sentinel AI Gateway brings data handling, retention boundaries, audit traceability, and access isolation into the controlled request path.

Security posture

Metadata-first loggingRetention controlsPolicy before provider calls

Logging policy at a glance

CategoryDefault behavior
Captured by defaultRequest identifiers, route decisions, latency, token usage, budget signals, and policy outcomes.
Excluded by defaultProvider credentials, raw prompts and responses, and unmasked sensitive fields when redaction policy is active.

Request path

1. Client requests enter Sentinel AI Gateway through a governed ingress path.
2. Policy evaluates data handling, PII treatment, and budget rules before provider execution.
3. Routing selects the approved provider path and preserves one operational trace.

Policy modes

  • Allow for explicitly trusted workload paths.
  • Redact sensitive entities before provider forwarding.
  • Block requests that violate policy criteria.

Access controls

  • Per-project keys and environment scoping for workload isolation.
  • Workspace boundaries for platform teams and applications.
  • Future SSO and more granular RBAC without changing the core control model.

Security roadmap

  • Planned: SSO integrations for enterprise identity alignment.
  • Planned: finer RBAC controls for policy administration.
  • Planned: deeper key-management integrations for regulated environments.

Security FAQ

Do you log raw prompts or raw model responses by default?

No. Sentinel AI Gateway is designed around metadata-first logging and configurable retention controls.

How does PII handling work?

Policy can detect sensitive entities and apply allow, redact, or block decisions before provider forwarding.

Can retention windows be configured?

Yes. Retention profiles can align to environment and review requirements so teams keep the right evidence without default over-retention.

Are provider keys exposed to application clients?

No. Provider credentials stay server-side inside the Sentinel policy and routing layers.

Can audit evidence be exported?

Yes. Structured operational records are intended to support security, finance, and platform review workflows.

Security contact

Discuss Sentinel AI Gateway security requirements

Use the shared Caldorus contact path for data handling reviews, retention requirements, audit questions, or platform security discussions.

Request a security reviewExplore resources