Platform / Runtime AI Gateway
Runtime AI Gateway
A self-hosted agent that proxies LLM API calls, applies DLP rules on the wire, and enforces Ed25519-signed policy. Prompts never leave the customer VPC in this deployment mode.
Last reviewed June 2026
Problem
The gap Runtime AI Gateway closes
Inline LLM guardrails inspect prompts at the edge of a managed vendor. Regulated buyers cannot accept the data-residency story: prompts contain customer PII, internal URLs, source code. The data must stay inside the trust boundary while still being filtered.
How Penaxtra approaches it
How Penaxtra delivers Runtime AI Gateway
The Penaxtra Runtime AI Gateway is a cross-compiled binary (Linux + Windows) that customers self-host inside their VPC. It terminates the agent-to-LLM-provider request, runs a six-pass normalization pipeline, applies DLP and tool-allowlist rules, then forwards the redacted request. Policy bundles are Ed25519-signed at the control plane; the gateway verifies before applying.
Technical capabilities
Runtime AI Gateway capabilities
Six-pass normalization: Unicode, leet, zero-width, base64, homoglyph, HTML entity
Tool allowlist per asset; rejects unauthorised tool calls regardless of model output
Per-domain budgets + rate limits (daily and monthly)
Ed25519-signed policy bundles with version pinning
P99 filter overhead under 0
8 ms.
Append-only block-event ledger forwarded to the control plane
Linux amd64 and Windows amd64 binaries shipped today
Compliance mapping
Runtime AI Gateway compliance mapping
Maps to OWASP LLM02 (insecure output handling), LLM06 (sensitive disclosure), LLM07 (insecure plugin), LLM08 (excessive agency), MITRE ATLAS AML.T0048 (model evasion), NIST AI 600-1 MANAGE-2.4, and EU AI Act Article 15 (cybersecurity).
Related
Explore further
Request a demo
Scoped walkthrough of the Platform / Runtime AI Gateway surface against your environment. No credit card.