π‘οΈ AegisGate Security Platformβ’ β Secure Every AI Interaction
The only AI security gateway with five pillars of AI security (HTTP API, MCP, A2A, RESPONSE, Trust Framework), MITRE ATLAS enforcement, the EU AI Act Compliance Module, and zero external dependencies. Deploy in 60 seconds.
AegisGate Security Platform secures every AI interaction point with five pillars: HTTP API scanning, MCP protocol protection, A2A agent-to-agent verification, real-time response scanning, and the Trust Framework (v3.2.0) β continuous, cryptographically-signed trust scoring for every AI interaction. The EU AI Act Compliance Module (v3.3.0) adds 82 controls for EU AI Regulation 2024/1689, included with Professional+ tier.
π HTTP API Security
- 144+ detection patterns
- MITRE ATLAS 66 techniques
- PII, secrets, API key detection
- Bidirectional request/response scanning
π MCP Protocol Protection
- Session authentication + isolation
- 8 guardrails active
- MITRE ATLAS enforcement
- Tool authorization with risk matrix
π€ A2A Agent-to-Agent Security
- mTLS + HMAC-SHA256 integrity
- Capability enforcement per agent
- License-aware enforcement
- Rate limiting and audit logging
π‘οΈ Agent Response Security
- PII, secrets, hallucination, toxicity detection
- Fail-closed by default
- Redaction with multiple strategies
- Compliance reports (GDPR, HIPAA, PCI, SOC 2)
π Trust Framework NEW in v3.2.0
- Per-session trust score accumulator
- Ed25519-signed attestations on every event
- Cross-pillar correlation (MCP, A2A, Proxy, Response)
- Professional+ tier feature
- Read scores via
GET /api/v1/trust/score
Why AegisGate?
There are other AI security products. Here’s how AegisGate compares on the dimensions that matter to enterprise security teams:
| Capability | AegisGate | Lakera Guard | NeMo Guardrails | Rebuff | Protect AI |
|---|---|---|---|---|---|
| Deployment model | Self-hosted single binary | SaaS API only | Library (in-app) | Library (in-app) | Platform |
| HTTP proxy scanning | β | β | β | β | β οΈ |
| MCP protocol protection | β | β | β | β | β |
| A2A protocol protection | β | β | β | β | β |
| ACP protocol protection | β | β | β | β | β |
| Response-side scanning | β | β | β | β | β |
| Trust Framework (attestations) | β Ed25519-signed | β | β | β | β οΈ |
| MITRE ATLAS coverage | β 66 techniques | β οΈ Partial | β | β οΈ Partial | β |
| OWASP LLM Top 10 | β 49 patterns | β | β | β | β |
| EU AI Act controls | β 82 controls | β | β | β | β |
| Multi-framework compliance | β 10 frameworks | β | β | β | β οΈ |
| Tamper-evident audit logs | β Hash chain + RFC 5424 | β | β | β | β οΈ |
| Open source | β Apache 2.0 | β | β Apache 2.0 | β MIT | β |
| Air-gap deployable | β Single binary | β | β Library | β Library | β |
| Hardware footprint | 13.3 MB binary, < 256 MB RAM | n/a (SaaS) | In-process | In-process | n/a (platform) |
TL;DR: If you need protocol-level security (MCP, A2A, ACP) + compliance evidence + self-hosting, AegisGate is the only option that covers all three.
- Library-style tools (NeMo Guardrails, Rebuff) are great for in-app alignment but don't protect your network boundary
- SaaS tools (Lakera) require sending your traffic to a third party
- Compliance-focused tools (Protect AI) are platforms, not gateways, and don't include protocol coverage
Attack Surface Coverage
Your AI infrastructure spans multiple attack surfaces. Most security tools only cover one or two. AegisGate covers all six:
| Attack Surface | Risk | Traditional WAFs | LLM Alignment Tools | AegisGate |
|---|---|---|---|---|
| HTTP APIs | Prompt injection, data leakage, PII exposure | β οΈ AI-agnostic | β No | β AI-aware scanning, 144+ patterns |
| MCP Protocol | Tool poisoning, session hijacking, supply-chain attacks | β No native protection | β No | β Built-in protocol guard, 8 guardrails |
| A2A Communication | Agent impersonation, data tampering, capability escalation | β No native protection | β No | β mTLS, HMAC, capability enforcement |
| Agent Response | PII leakage, secret exposure, hallucination, toxicity | β No native protection | β οΈ Some | β Real-time response guard, 5 detectors |
| ACP Protocol | Message tampering, capability escalation, replay attacks | β No native protection | β No | β HMAC-signed messages |
| Trust / Audit | No traceability of agent behavior across protocols | β No native protection | β No | β Ed25519-signed attestations |
AegisGate fills these gaps with a single unified platform.
AegisGate secures all six in a single 13.3 MB binary you deploy in 60 seconds.
Five Pillars in Detail
π HTTP Proxy Security
Bidirectional scanning of every API request and response. 144+ patterns detect secrets, PII, and threats before they reach your AI services.
π MCP Protocol Protection
Session authentication, tool authorization, and 8 guardrails protect your AI agents from supply chain attacks and unauthorized tool execution.
π€ A2A Agent-to-Agent Security
Zero-trust guardrails for inter-agent communication. mTLS authentication, HMAC integrity, capability enforcement, and license-aware rate limiting.
π ACP Protocol Security
HMAC-signed messages, per-session rate limiting, and response scanning protect agent communication from tampering and replay attacks.
π‘οΈ Agent Response Security
Real-time scanning of LLM outputs for PII, secrets, hallucination, and toxicity. Fail-closed security protects sensitive data.
β‘ Rate Limiting & Throttling
Protect your AI infrastructure from abuse with intelligent rate limiting. Per-client, per-IP, and per-model quotas prevent DoS attacks and manage costs.
π Threat Intelligence
Real-time threat detection with pattern matching across 144+ signatures. Blocks prompt injection, sensitive data exfiltration, and adversarial attacks.
π Full Observability
Every AI request, response, tool call, and session is logged. SIEM-ready with structured JSON output and compliance reports.
EU AI Act Compliance Module (NEW in v3.3.0) β Included with Professional+ tier
The EU AI Act (Regulation 2024/1689) is the world’s first comprehensive AI regulation. AegisGate’s EU AI Act Compliance Module gives you a single source of truth for whether your AI system is compliant β across 82 controls in 8 categories.
82 controls, 8 categories
- Prohibited Practices (Article 5)
- Risk Management (Article 9)
- Data Quality (Article 10)
- Technical Documentation (Articles 11+12)
- Record-Keeping (Articles 13+14)
- Human Oversight (Article 15)
- Accuracy, Robustness, Cybersecurity (Articles 51β55)
- Annex IV Technical Documentation (AI-*)
Who needs it
- AI providers placing high-risk AI systems (Annex III) on the EU market after August 2026
- Deployers of AI in employment, education, law enforcement, critical infrastructure
- GPAI model providers with > 10Β²β΅ FLOPs of training compute
- EU + non-EU companies placing AI on the EU market
How it works
- 9 automatic controls β AegisGate enforces these in-line (input validation, data quality, log retention, etc.)
- 73 manual controls β AegisGate provides checklists, evidence templates, audit-ready reports
- Compliance scan endpoint:
GET /api/v1/compliance/scan?framework=eu-ai-actreturns coverage %, missing modules, remediation steps - Full audit report:
GET /api/v1/compliance/report?framework=eu-ai-actreturns all 82 controls with status
Tier & pricing
- Tier gate: Professional+ (Professional and Enterprise)
- Pricing: Included with Professional and Enterprise at no extra cost
- BAA + DPA: standard agreements cover EU AI Act data flows (see /legal/)
- Read the customer 1-pager: EU AI Act overview
Beta status: This module is fully implemented and tested in v3.3.0-beta.2. Counsel review of the legal interpretation is pending (v3.4.0+). Use for evaluation and pre-audit work; defer formal conformity assessment until counsel sign-off is complete.
Compliance Frameworks
Choose the coverage that matches your compliance needs.
| Framework | Community | Starter | Developer | Professional | Enterprise |
|---|---|---|---|---|---|
| MITRE ATLAS | β | β | β | β | β |
| NIST AI RMF | β | β | β | β | β |
| OWASP LLM Top 10 | β | β | β | β | β |
| ISO 27001 | β | β | β | β | β |
| GDPR | β | View | β | β | β |
| HIPAA | β | β | β | β | β |
| PCI-DSS | β | β | β | β | β |
| SOC2 Type II | β | β | Module | β | β |
| ISO 42001 (AI) | β | β | β | β | β |
| EU AI Act | β | β | β | β Included | β Included |
Starter tier adds SSO, RBAC, and GDPR view for SMB/SLED/SOHO teams. Developer tier adds full compliance and mTLS. Professional includes everything plus the EU AI Act Module at no extra cost. Enterprise adds custom frameworks and dedicated support.
Quick Start
# Pull and run docker run -d \ -p 8080:8080 \ -p 8081:8081 \ -p 8443:8443 \ ghcr.io/aegisgatesecurity/aegisgate-platform:v3.3.0-beta.2
# Verify deployment curl http://localhost:8443/health
By the Numbers
Enterprise Security Features
π Cryptographic Identity
ECDSA P-256 agent identity and verification. Challenge-response authentication with key rotation support.
π‘οΈ Fail-Secure Design
Insecure fallback replaced with fail-closed behavior. All security checks are fail-closed by default.
π STRIDE Threat Model
Comprehensive threat analysis covering spoofing, tampering, repudiation, information disclosure, DoS, and elevation of privilege.
π Cross-Protocol Correlation
Correlate threats across HTTP, MCP, A2A, ACP, and ANP protocols with real-time pattern matching.