Trust layer for AI

Ship AI features with policy, redaction, approval, and audit — from one gateway.

Airlock sits between your applications and AI providers. Route every call through a governed pipeline that enforces your policies, redacts sensitive data, requires human approval when needed, and writes an immutable audit trail.

Integrate in under an hour. One dependency, one env var, one endpoint.

Principles

Airlock makes trust boundaries explicit instead of implicit.

Policy first

Every request is matched to a versioned policy. No policy match, no call. Decisions are explicit, reviewable, and reproducible.

Sensitive data aware

Built-in detectors for email, phone, SSN, credit card, and custom regex. Redact, warn, block, or route for approval — per policy.

Human in the loop

Send high-risk requests to a human approval queue. Approvals resume the pipeline transparently — no bespoke plumbing per app.

Immutable audit

Every request writes a tamper-evident audit event with correlation IDs, the timeline, the policy version, and the decision reasoning.

Integrate in under an hour

Point your existing OpenAI-compatible client at the Airlock gateway. Attach your API key. Every call is governed, audited, and returned transparently.

# One HTTP call, fully governed.
curl -X POST "$AIRLOCK_URL/api/public/v1/completions" \
  -H "authorization: Bearer $AIRLOCK_API_KEY" \
  -H "x-correlation-id: job-4821" \
  -H "content-type: application/json" \
  -d '{
    "purpose": "support_reply",
    "model": "gpt-4o-mini",
    "messages": [{"role": "user", "content": "..."}]
  }'