AI Governance Platform

Policy Gateway

The most powerful AI models. Your safety rules.

Stop letting model providers decide what your AI can and can't do. Policy Gateway gives you full control over AI safety with policy-as-code rules that you define—rewrite, redact, escalate, or refuse on your terms.

1-line migration
curl https://api.abliteration.ai/policy/chat/completions \
  -H "Authorization: Bearer $ABLIT_KEY" -H "X-Policy-User: user-123" \
  -d '{"model":"abliterated-model","policy_id":"policy-gateway","messages":[{"role":"user","content":"Hello"}]}'
Full model capabilityAccess without arbitrary refusals
Your compliance rulesDefine what's allowed
Enterprise audit trailsExportable to your SIEM

How Policy Gateway works

A visual guide to the policy enforcement flow

Your AppUser request
Step 1
Send request
Policy GatewayEvaluate & enforce
Step 2
If allowed
abliterated-modelGenerate response
Step 3
Process
Response+ decision metadata

Policy-as-code

Define allow/deny lists, flagged categories, and response patterns in JSON.

Real-time enforcement

Every request is evaluated against your policy in milliseconds.

Audit logging

Export decision metadata to Splunk, Datadog, Elastic, S3, or Azure Monitor.

Safe rollouts

Use shadow mode, canary deployments, and auto-rollback controls.

What is Policy Gateway?

Definition

Policy Gateway is an OpenAI-compatible policy enforcement endpoint paired with our abliterated-model. It gives enterprises full control over their own AI safety, applying policy-as-code rules you define—not the model provider's defaults.

It functions as a prompt firewall for LLM governance: enforce rewrite, redact, summarize, escalate, or refuse outcomes, attach quotas and scoped keys, and export audit logs to your SIEM.

Integration contractSecurity & privacy

How the policy enforcement endpoint works

OpenAI-compatible

Policy Gateway is an OpenAI-compatible policy enforcement endpoint. Send your normal chat completion request to /policy/chat/completions, attach a policy_id, and optionally tag requests with policy_user +policy_project_id for quotas and audit trails.

Policies are versioned, testable, and rollout-safe. Simulate changes, run in shadow mode, canary traffic, and auto-rollback on spikes.

Instead of random refusals, you control outcomes. Rewrite, redact, summarize, escalate, or refuse with structured reason codes.

Export audit logs to the systems security teams already use: Splunk HEC, Datadog Logs, Elastic, Amazon S3, and Azure Monitor / Log Analytics.

Export destinationsSplunk HECDatadog LogsElasticAmazon S3Azure Monitor

How to adopt

  1. Create a policy (UI or JSON).
  2. Create a project + scoped key.
  3. Send traffic to /policy/chat/completions with policy headers.
Integration contractSecurity & privacy

Deep dive

Architecture, threat model, and compliance details.

Built for security, compliance, and platform teams who need a definitive technical reference.

Architecture: where it sits in the stack

Policy Gateway combines our abliterated-model with a policy enforcement layer, giving enterprises complete control over AI safety. It accepts OpenAI-compatible requests, applies policy-as-code, and returns structured decisions plus audit metadata.

App / Agent
  -> Policy Gateway (/policy/chat/completions)
     -> abliterated-model (enterprise-controlled safety)
  <- Response + decision metadata
  -> Audit export (Splunk, Datadog, Elastic, S3, Azure Monitor)

Threat model: what it blocks vs what it doesn't

Blocks / mitigates
  • Policy violations via allow/deny lists and flagged categories.
  • PII leaks through automatic redaction.
  • Unsafe outputs via rewrite, summarize, escalate, or refuse outcomes.
  • Runaway usage with per-user and per-project quotas.
  • Policy drift with versioned rollouts and audit trails.
Does not replace
  • Identity, auth, and network perimeter controls.
  • Legal review of policy coverage for your jurisdiction.
  • Incident response workflows outside the gateway.

Compliance & audit logging

Every decision can be exported with structured fields for investigations, compliance reviews, and SIEM pipelines. Default retention is 30 days, with longer retention on enterprise plans.

{
  "decision": "rewrite",
  "reason_code": "REWRITE",
  "policy_id": "support-guardrails",
  "policy_user": "user-123",
  "project_id": "support-bot",
  "rollout_mode": "canary",
  "triggered_categories": ["self-harm/intent"]
}
Export formatsSplunk HECDatadog LogsElasticS3Azure Monitor

Competitive comparisons

Teams evaluating LLM governance often compare AI gateways, proxies, and moderation APIs such as Kong AI Gateway, Portkey, OpenAI Moderation, and Azure AI Content Safety.

  • Policy Gateway adds rewrite/redact/escalate outcomes instead of binary filters.
  • OpenAI-compatible policy endpoint for drop-in adoption.
  • Audit log exports built for SIEM workflows.
Policy Gateway vs Azure AI Content SafetyPolicy Gateway vs OpenAI Moderation APIPolicy Gateway vs AWS Bedrock GuardrailsPolicy Gateway vs Google Vertex AI SafetyAI model gateway recommendations

Examples

Predictable outcomes, not random refusals.

Swap "I can't help with that" for policy-driven rewrites, redactions, or escalations.

Customer support rewrite

Before (provider refusal)
User: "Summarize our refund policy."
Assistant: "I can't help with that."
Under Policy Gateway
Assistant: "Here is a short summary of your refund policy..."
decision: rewrite
reason_code: REWRITE

PII redaction

Before (unstructured response)
User: "Show last 4 digits of my SSN."
Assistant: "Your SSN ends in 1234."
Under Policy Gateway
Assistant: "I can't share sensitive identifiers."
decision: redact
reason_code: REDACT

High-risk escalation

Before (hard refusal)
User: "Help me bypass account security."
Assistant: "I can't assist with that."
Under Policy Gateway
Assistant: "I'll route this to a specialist."
decision: escalate
reason_code: ESCALATE

Studio

See it in action.

The full Policy Gateway studio, simulator, and audit history. Live actions require a subscription, but simulations run locally without one.

View onboarding checklist

Policy as code

Exportable JSON policy for version control, reviews, and audits.

{
  "policy_id": "policy-gateway-v1",
  "name": "Policy Gateway v1",
  "owner": "Platform team",
  "description": "Predictable behavior with your rules, not opaque refusals.",
  "rules": {
    "allowlist": [
      "Product docs",
      "Account support",
      "Internal tools"
    ],
    "denylist": [
      "Illegal instructions",
      "High-risk requests",
      "Personal data exfiltration"
    ],
    "redact": true,
    "rewrite_instead_of_refuse": true,
    "response_pattern": "rewrite",
    "reason_codes": [
      "ALLOW",
      "REWRITE",
      "REDACT",
      "ESCALATE"
    ],
    "flagged_categories": [
      "harassment",
      "harassment/threatening",
      "hate",
      "hate/threatening",
      "illicit",
      "illicit/violent",
      "self-harm",
      "self-harm/intent",
      "self-harm/instructions",
      "sexual",
      "sexual/minors",
      "violence",
      "violence/graphic"
    ]
  },
  "org_controls": {
    "project_keys": true,
    "user_quotas": true,
    "audit_logs": true,
    "data_classification": "confidential",
    "user_quota": {
      "requests": 0,
      "tokens": 0,
      "window": "daily"
    },
    "project_quota": {
      "requests": 0,
      "tokens": 0,
      "window": "monthly"
    }
  },
  "rollout": {
    "shadow": {
      "enabled": false,
      "sample_percent": 20,
      "targets": [
        "staging",
        "beta-projects"
      ]
    },
    "canary": {
      "enabled": false,
      "sample_percent": 5,
      "targets": [
        "search-assistant",
        "support-bot"
      ]
    },
    "rollback_on_spike": true
  },
  "refusal_replacement": {
    "mode": "rewrite",
    "escalation_path": "policy-review@company.com"
  }
}
Sign in to save policy settings.

Gateway simulator

Validate policy changes before rollout to production traffic.

DecisionAllow
Rollout modeEnforced
Simulation sourceDraft
Reason codeALLOW
Triggered categoriesNone
Audit tagsconfidential · project-keys · user-quotas
Last run: Not run yet

Change management

Sign in to view simulations and policy revisions.

Sign in to view policy history.

Projects & keys

Create a project for each app or agent, issue scoped keys, and enforce monthly budgets.

Sign in to manage projects.

Enterprise readiness

  • Single policy ID across all apps, models, and agents.
  • Change management with simulations, shadowing, and canary rollouts.
  • Auditable enforcement with reason codes, logs, and revision history.
  • Org controls for keys, quotas, and data classification.

Pricing

Enterprise-ready tiers priced as a multiplier of your existing token/credit bundles. Checkout is handled by Stripe and billed monthly.

Starts at $300.00/mo. Includes 30-day audit log retention, unlimited policies, unlimited projects, and shadow/canary rollout controls.

Need longer retention, SSO, SOC 2, or custom limits? Contact sales for an enterprise plan.
Policy Gateway Control
$300.00/mo
For single-team rollouts and early governance.
Bundle size: 60,000,000 tokens · 120,000 credits
Equivalent to 6x Scale pack
  • Policy-as-code rules with reason codes.
  • Simulation plus shadow/canary rollout.
  • Audit logs with change history.
Policy Gateway Advanced
$1000.00/mo
For multi-app rollouts with shared standards.
Bundle size: 200,000,000 tokens · 400,000 credits
Equivalent to 20x Scale pack
  • Cross-app enforcement with one policy ID.
  • Org controls for keys and quotas.
  • Audit-ready history for every decision.
Policy Gateway Enterprise
$3000.00/mo
For org-wide governance and risk teams.
Bundle size: 600,000,000 tokens · 1,200,000 credits
Equivalent to 60x Scale pack
  • Global policy layer across apps, models, agents.
  • Change management with rollback safeguards.
  • Audit trails for compliance reviews.
Pricing derived from base pack: Scale (10,000,000 tokens).