Trust layer for AI

Ship AI features with policy, redaction, approval, and audit — from one gateway.

Airlock sits between your applications and AI providers. Route every call through a governed pipeline that enforces your policies, redacts sensitive data, requires human approval when needed, and writes an immutable audit trail.

Integrate in under an hour. One dependency, one env var, one endpoint.
Bring your own OpenAI key — connection guide. Airlock governs every request; your provider bills you directly.
Animation of a request passing through Airlock's governed pipeline: policy, redaction, approval, audit.
Every request moves through the same governed path.

Principles

Airlock makes trust boundaries explicit instead of implicit.

Policy first

Every request is matched to a versioned policy. No policy match, no call. Decisions are explicit, reviewable, and reproducible.

Sensitive data aware

Built-in detectors for email, phone, SSN, credit card, and custom regex. Redact, warn, block, or route for approval — per policy.

Human in the loop

Send high-risk requests to a human approval queue. Approvals resume the pipeline transparently — no bespoke plumbing per app.

Immutable audit

Every request writes a tamper-evident audit event with correlation IDs, the timeline, the policy version, and the decision reasoning.

What counts as an application?

In Airlock, an application is any product, service, workflow, or integration that sends AI requests through Airlock.

That can include internally built software, backend services, customer portals, support tools, document workflows, or integrations connected to enterprise systems like CRMs, ticketing platforms, or knowledge bases.

The key requirement is control of the request path. If your team can route the AI call through Airlock — directly, through an SDK, or through middleware — Airlock can govern it.

Airlock is not designed to inspect closed SaaS tools where the AI request is made entirely inside a vendor's system and cannot be routed through your gateway.

Internally built support portal
Backend document summarization service
CRM or ticketing workflow via middleware
Customer-facing AI feature
Internal policy assistant

Integrate in under an hour

Point your existing OpenAI-compatible client at the Airlock gateway. Attach your API key. Every call is governed, audited, and returned transparently.

# One HTTP call, fully governed.
curl -X POST "$AIRLOCK_URL/api/public/v1/completions" \
  -H "authorization: Bearer $AIRLOCK_API_KEY" \
  -H "x-correlation-id: job-4821" \
  -H "content-type: application/json" \
  -d '{
    "purpose": "support_reply",
    "model": "gpt-4o-mini",
    "messages": [{"role": "user", "content": "..."}]
  }'