Zero-trust AI Security

Govern every tool call. Inspect every prompt. Ship AI with confidence.

Igris sits at every layer of your AI stack, governing every MCP tool call, inspecting every LLM prompt, and giving security teams a single audit-ready dashboard.

Request a Demo →Read the Docs
Useralice@acme.com
prompt"summarize repo"
12:04:31
GuardLLM firewall
PII scan·injection·policy
Minimal overhead
AgentClaude 3.5
tool: repo.readgithub
+ 320ms
SentinelMCP gateway
role: developer·inject credentials
0.4ms
MCPgithub.com
repos:read200 OK
audit ↗
live · lens.igris.securityMinimal in-line overhead
Works with every major LLM provider
OpenAI
Anthropic
Google
Mistral
Groq
Cohere
60 providers
How it works

One layer between your agents and everything they touch.

Watch three concurrent requests pass through Igris in real time. Same agent, same SDK call, three different verdicts.

alice@acme.com
role: developer
support-bot
role: agent
eve@external
role: guest
IGRIS · INLINE
01identity
02policy
03scan
04route
deny-by-default
prompt
"summarize repo activity"
ALLOW
policy match
prompt
"email customer at john@acme.com their SSN 123-45-6789"
REDACT
2 PII fields · pass-through
tool
repo.delete(production)
DENY
scope mismatch · audited
openai · gpt-4o
200 OK · 240 tokens
anthropic · claude
200 OK · redacted ✎
github · mcp
— blocked at gate
lens.audit4,213 events / 24h
12:04:31allowuser=alice tool=repo.read0.4ms
12:04:32redact2 PII fields stripped from prompt0.7ms
12:04:33denyuser=eve scope=guest tool=repo.delete0.3ms
12:04:34allowuser=alice model=gpt-4o · 240 tok0.5ms
12:04:35ratesupport-bot · 88/100 calls/min0.2ms
12:04:36allowuser=alice tool=jira.issue.search0.4ms
12:04:31allowuser=alice tool=repo.read0.4ms
12:04:32redact2 PII fields stripped from prompt0.7ms
12:04:33denyuser=eve scope=guest tool=repo.delete0.3ms
12:04:34allowuser=alice model=gpt-4o · 240 tok0.5ms
12:04:35ratesupport-bot · 88/100 calls/min0.2ms
12:04:36allowuser=alice tool=jira.issue.search0.4ms
Capabilities

Security that lives inside your AI stack.

One SDK, one dashboard, one audit trail. Drop Igris between your agents and the world. Every call, prompt, and response is now governed.

01

Runtime governance

Sentinel sits between your agent and MCP. Deny-by-default policy, encrypted credential injection, complete audit log.

tool: github.repo.deleteDENIED
role: developer
policy: deny-by-default
02

LLM firewall

Guard inspects every prompt and response. PII redaction, injection detection, content policy, all inline.

“my SSN is 123-██-████”
⚠ PII redacted
✓ delivered to model
03

Unified observability

Lens streams every event from every product. Filter, search, replay, export. Built for engineers and CISOs alike.

● 12:04:31 tool.call200
● 12:04:33 prompt.scanflag
● 12:04:34 tool.calldeny
04

Incidents & session kill-switch

Denials, redactions, and policy violations roll up into a single incidents view. Suspend any session in one click.

blocked: execute_commandcrit
PII detected · SSN redactedwarn
sess_i9j0k1l2 suspended
05

Spend guardrails

Per-agent token and tool budgets enforced inline. Cap runaway loops before they bill. Alerts when usage trends hot.

agent: research-bot$48/$50
loop depth: 12cap
✓ throttled
06

Anomaly detection

Sentinel baselines normal agent behavior and flags drift. Unusual tool sequences, volume spikes, and off-hours access surface instantly.

tool calls: 240/minspike
pattern: off-baselineflag
✓ alert dispatched
Platform

Three integrated products. One security posture.

Each product works standalone. Together, they share a common telemetry layer that feeds Lens, so every denial, redaction, and tool call is audit-ready.

Igris Sentinel · Runtime

Every MCP tool call, governed at the source.

Add the SDK to your agent. Define deny-by-default policies. Inject credentials. Block unauthorized calls in real time.

  • SDK-first: one function call, TypeScript / Python / Go
  • Metadata-based policy engine, deny-by-default
  • AES-256-GCM credential vault, per-key allowlists
  • Real-time blocking + session kill-switch
  • Token usage tracking, complete audit trail
Explore Sentinel →
sentinel.igris.security · /tool-calls
Allowed
1,180
Denied
67
repo.read · org:acme/apiALLOW
jira.issue.searchALLOW
repo.delete · scope mismatchDENY
stripe.charge.create · $42.00ALLOW
s3.bucket.delete · no policyDENY
postgres.query · ro replicaALLOW
role: developerdeny-by-default
guard.igris.security · /chat/inspect
user → "Email john at john@acme.com his SSN 123-45-6789"
PII detected · email, SSN
policy: redact-and-pass · delivered ✓
model → "I won't share that. Email John at john@acme.com directly."
Response inspected · 0.4ms · no leakage
Igris Guard · LLM firewall

Inspect every prompt and response. Block what shouldn't pass.

Guard is a transparent proxy between your users and any LLM. Detect prompt injection, redact PII, enforce content policy, and apply user-level rate limits.

  • Transparent proxy, no provider changes
  • PII redaction + prompt-injection detection
  • User-level rate limits, per-connection
  • Form-based policy builder, no DSL required
  • Audit log of every flagged prompt and response
Explore Guard →
Igris Lens · Observability

Every event, every product, in one dashboard.

Lens aggregates logs, traces, denials, and anomalies from Sentinel and Guard into one real-time stream. CISOs get risk heatmaps. Engineers get trace-level debugging. Compliance gets one-click audit reports.

  • Unified event stream with filter & search
  • Slack, Discord & webhook alerts on incidents
  • KPI dashboards for tool calls, denials, spend
  • Audit trail with retention by tier (10–365 days)
Explore Lens →
lens.igris.security · /events
Tool calls
1,247
Denied
67
PII redacted
89
Cost
$2,341
12:04:31 sentinel.allow
12:04:32 guard.redact (pii)
12:04:33 sentinel.deny (policy)
12:04:35 guard.allow
12:04:37 sentinel.allow
Quickstart

From zero to governed in 3 steps.

Install the SDK, create a connection in the dashboard, route your calls through it.

STEP 01

Install the SDK

One command. TypeScript SDK, OpenAI-compatible interface.

terminal
$ bun add @igris-security/sdk

import { Igris } from "@igris-security/sdk";

const igris = new Igris({
  apiKey: process.env.IGRIS_API_KEY,
});
STEP 02

Create a connection

In the dashboard: Governance → Connections → New Connection. Pick a provider, give it a slug, paste your upstream key.

  • TypeLLM
  • Provideropenai
  • Slugopenai-prod
  • API keysk-•••8a4f

API key is encrypted at rest (AES-256) and never returned in any API response.

STEP 03

Govern every call

Use the OpenAI-shaped chat completion. The @<slug>/<model> prefix routes through the firewall.

agent.ts
const res = await igris.chat.completions.create({
  model: "@openai-prod/gpt-4o",
  messages: [{ role: "user", content: "Summarize SOC 2." }],
});

// → Prompt scanned (PII, secrets, injection)
// → Policy enforced
// → Credentials injected
// → Rate-limited (req / tokens / dollars)
// → Audit trail logged
Ready when you are

Ship AI without shipping risk.

Join teams using Igris to enforce runtime policies and maintain full visibility over their AI operations.

Request a DemoRead the Docs →