Sovereign AI control plane

Your

obstruo is the neutral control layer for regulated AI. One plane sits in front of every provider, so you can govern what your AI can see, say, and do, and prove it on every call.

Take the free AI governance assessment Get a demo
EU-resident GDPR-native, EU AI Act-ready Cross-vendor, provider-neutral
app.obstruo.ai/keys
GOVERNANCE
API keys
One obstruo key per app. Provider keys rotate behind it, no redeploy.
New obstruo key
Obstruo keys3 active
NAMEMODEENDPOINTCOUNTRY
Northwind production Proxy api.obstruo.ai/northwind/v1 France
Northwind production EU Proxy api.obstruo.ai/northwind/v1 France
prod-key Proxy api.obstruo.ai/northwind France
Logical models obstruo resolves to a real provider model
obstruo-chat claude-3.5-sonnet gpt-4o gemini-1.5-pro priority routing, failover
Neutral by design. We do not build models, we govern them. obstruo sits in front of
OpenAI Anthropic Google Mistral Azure Bedrock
The gap

AI is already inside the enterprise.
Governance is not.

Companies are deploying AI faster than they can govern it. Every LLM call is becoming a potential compliance event, and most organizations have no single place to decide what reaches a model, where it is processed, and how it is audited.

Sensitive data leaves the building

Customer PII reaches providers without consistent redaction. Each team reinvents anonymization, or skips it.

Keys and logs are scattered

Provider keys live across teams and tools. Audit trails are fragmented across vendor dashboards no one owns.

Governance is bolted on after

Compliance arrives after deployment. The EU AI Act makes AI a governance problem, not only a technical one.

The control plane

One neutral layer in front of every call

Apps and agents hold one obstruo key. Every request passes through the control plane, redacted, routed, enforced, and logged, before it reaches any provider.

Your apps and agents
Support copilot
Treasury agent
Internal tools
Control plane
Redact
Route
Enforce
Audit
Any provider
OpenAI
Anthropic
Google, Mistral, ...
In-path enforcement

Active control, not only observability

Because every call already passes through the gateway, obstruo can act on it in path. No queue, no agent to wake, no redeploy. Three kinds of control, one plane.

LIVE
Negative control
redact, block

Strip or stop what must not pass: PII, secrets, jailbreaks, prompt injection, before it reaches the model.

BUILDING
Positive control
inject, mandate

Require what policy says must be present: context, disclaimers, allowed tools, on the way through.

COMING SOON
Deferred control
hold, escalate

When policy says a human must decide, hold the action, escalate with context, and emit a signed Article 14 record.

The product

One console for the whole AI surface

From keys and redaction to the governance registries your agents will need. Some surfaces are live today, others are in preview, with the governance model already wired into the gateway.

Enforce, live

Redact PII before it reaches the model

A per-country pipeline of regex, NER, and LLM entity detection tokenizes sensitive data on the way in. A prompt from Germany leaves with GDPR-grade redactions; the same prompt from California gets CCPA-grade.

  • 14 categories of PII, jurisdiction-aware
  • Reversible tokenization, your own custom rules
  • fail-closed by default
Redaction, test panelENABLED
Hi, this is {PERSON_0000018b} from ACME. Email {EMAIL_000003d2} or call {PHONE_00000196}. SSN {US_SSN_00000188}. CC {CREDIT_CARD_291}.
5 matchesEMAIL_ADDRESSPHONE_NUMBERUS_SSNCREDIT_CARDPERSON
Kill switch, engage a stop2 active kills
SCOPE
API key
Agent
MCP
Region
MODE
Hard kill
Drop in path, 403
Degrade
Safe fallback
Quarantine
Capture, no effect
EnforceCOMING SOON

A scoped kill switch for any key, agent, or region

Stop traffic at the gateway the moment something goes wrong: hard kill, safe degrade, or quarantine. It takes effect in path immediately, with no async plumbing and no redeploy. Every engage and restore is signed into the audit log.

Observability, live

Every call, with the evidence to prove it

One audit trail across every provider and agent: the full call chain, the routing decision, and the redaction state preserved exactly as it was at request time. Query it, export it, and retain it for years.

  • Auditor view and CSV export
  • Retention up to 2,555 days
  • Filter by key, model, status, or PII state
Audit logExport CSV
Any key Any model Any status Has redactions
TIMECLIENTMODELPIISTATUS
17:05:2910.60.0.16obstruo-chat3 redacted200
17:04:5810.60.0.04obstruo-chatnonefailover
17:02:1110.60.0.09obstruo-embedding1 redacted200
Governance registriesCOMING SOON

Bring every agent, MCP server, and skill under governance

The gateway sees what your agents actually do, so it can discover them, classify risk, and hold their tools and data sources to one policy. A registry for the AI surface area, half-filled for you.

4 / 9 governed
Agents

Owners, risk, data sources, tools, and approvals in one registry. Auto-discovered from gateway traffic.

Owner Risk Coverage
5 / 9 governed
MCP servers

Trust, transport, auth posture, and per-tool permissions. Flag destructive tools before an agent connects.

Verified Transport Per-tool
5 / 10 governed
Skills

Source, bundled scripts, and the capabilities each skill is allowed to use. Approve code execution and egress.

Source Capability Trust
Registries are in preview. The governance model is live in the console so you can review it before the enforcement plumbing ships.
Why obstruo

Built for control, not lock-in

Provider independence

Route across models, providers, and regions by policy and cost. Failover when one degrades. No governance locked into a single vendor ecosystem.

EU data residency

EU-resident by default. Pin traffic to in-jurisdiction endpoints and keep processing where your regulators expect it.

Active governance

Policy is enforced in path on every call, not reported on after the fact. Redact, route, hold, or block, and emit signed evidence as it happens.

One registry for the AI surface

Agents, MCP servers, and skills in one place: owners, risk, data sources, and per-tool permissions, discovered from real gateway traffic.

Integration

One key. One endpoint.

Point your existing SDK at obstruo and change nothing else. Provider keys live in the vault, redaction and routing apply in path, and the audit record is written before a single token leaves your network.

Drop-in OpenAI-compatible API
Logical models resolve to the real provider
Around 20ms gateway overhead, p50
from openai import OpenAI

client = OpenAI(
    base_url="https://api.obstruo.ai/northwind/v1",
    api_key=OBSTRUO_KEY,   # one key, provider keys live in obstruo
)

resp = client.chat.completions.create(
    model="obstruo-chat",   # logical model, obstruo picks the provider
    messages=[{"role": "user", "content": prompt}],
)
# PII redacted, call routed, decision written to the audit log
Compliance

Evidence-ready by construction

Sovereign AI is not only about where the model runs. It is about who controls the data, the rules, the routing, and the audit evidence.

EU AI Act
Article 14 human oversight records
GDPR
Article 32, data minimization in path
SOC 2 Type II
Controls audited annually
ISO 27001
Information security management
HIPAA-ready
Healthcare redaction templates
Data residency
EU-resident
Pricing

Start small, govern at scale

Free
€0/mo
Evaluate the gateway
  • 1M tokens, 2 provider keys
  • Regex redaction, 3 rules
  • 3-day audit retention
Start free
Starter
€149/mo
First production app
  • 25M tokens, 5 provider keys
  • NER redaction, guardrails
  • 14-day audit retention
Choose Starter
Growth
POPULAR
€599/mo
Scaling AI across teams
  • 100M tokens, 20 provider keys
  • Audit log API, read-only
  • 60-day audit retention
Choose Growth

Your AI. Your data. Your control.

Put one control layer in front of every LLM call. Deploy AI faster, without giving up control over data, compliance, and auditability.

Get a demo Read the docs