Skip to main content

    THE ENGINE · AI GATEWAY

    Pre-action assurance for every AI and agent call.

    Continuous Operational Assurance for Enterprise AI. Reign’s AI Gateway is the runtime point at which every model call, every tool invocation, every autonomous-agent action is inspected before state change. Pre-action assurance is the operating discipline. The Gateway is what executes it.

    AI Gateway is the engine behind Pre-action assurance, the first half of Reign’s runtime and outcome assurance loop.

    Identity-bound calls
    Policy applied pre-action
    Evidence by construction

    Trusted by security-conscious enterprises

    Technology
    Semiconductor
    Space Tech
    The two-question wedge, made operational

    Before vs. after Reign AI Gateway

    Two questions decide everything. Can you prove a given agent or model action was authorized before it happened? Can you produce the evidence on demand? Without pre-action assurance, the answer is no on both. With the Gateway, the answer is yes by construction.

    QuestionWithout pre-action assuranceWith Reign Gateway
    Agent and model actions before state changeExecuted first, reviewed later (if at all)Inspected pre-action. Allowed, transformed, or blocked.
    Policy enforcementDocumented in a wiki. Not enforced in the call path.Applied inline by the Gateway on every call.
    Identity on each callService account or shared keyBound to user, agent, and tool scope.
    Residual riskUnknown. Assumed acceptable.Scored per action with policy basis.
    Evidence for auditReconstructed after the factCaptured contemporaneously by the Gateway.
    Tool calls (MCP, REST, gRPC, CLI)Outside the governance surfaceInside the same control plane as model calls.
    The Engine

    The Reign Gateway stack

    Three-layer enforcement architecture. Identity-bound calls, inline guardrails, and contemporaneous evidence on a single control plane.

    Policy Decision Point

    Identity, Intent, Inspection

    Every model call and every tool invocation is intercepted before state change. Identity is bound to the call. Intent is checked against policy. The action is inspected, scored, and either allowed, transformed, or blocked. No implicit trust. No bypass path.

    Key Benefits

    Identity-bound calls
    Policy-applied inspection
    Pre-action enforcement

    Guardrails at the Wire

    PII, Secrets, Prompt Injection, Tool Abuse

    PII redaction, secret detection, prompt injection defense, content policy, and tool-call validation are applied inline. The same enforcement plane covers LLM prompts, agent reasoning steps, and downstream tool calls (MCP, REST, gRPC, CLI).

    Key Benefits

    Inline PII and secret redaction
    Prompt injection defense
    Tool-call validation

    Evidence by Construction

    Contemporaneous Audit, Residual Risk

    Every decision the Gateway makes (allow, transform, block, escalate) is recorded contemporaneously with its policy basis, identity, and residual risk score. Evidence flows into the Audit Ledger and into Assurance Packs without a separate evidence-collection step.

    Key Benefits

    Contemporaneous records
    Residual risk scoring
    Direct feed to Assurance Packs
    Built for the Agentic Era

    The agentic era broke the gateway model. Reign rebuilt it.

    Older AI gateways stop at the prompt. Reign’s Gateway treats the model call and the agent’s downstream tool call as one governance surface. MCP, REST, gRPC, and CLI tools sit inside the same control plane, with the same identity, the same policy, and the same evidence stream.

    MCP-NATIVE, PROTOCOL-AGNOSTIC

    Model Context Protocol is a first-class surface. So are REST or OpenAPI, gRPC, and CLI execution. Every transport carries the same RBAC, the same tool-signature checks, and the same audit trail.

    AGENT CHAIN EVIDENCE

    Multi-hop agent and tool sequences are reconstructed end to end. Every step is identity-bound, policy-checked, and recorded with its residual risk score. The evidence flows into the Audit Ledger and Assurance Packs.

    REIGN, VENDOR, OR CUSTOMER TOOLS

    Tools operated by Reign, by a vendor (Atlassian Cloud, GitHub Copilot, others), or by your own team. All three are governed by the same Gateway with no second control plane.

    The MCP threat surface the Gateway is built to close

    Agent tool calls introduce attack patterns older gateways do not see.

    Tool Poisoning

    Malicious instructions hidden in tool metadata manipulate agents into unauthorized actions. First documented by Invariant Labs, April 2025.

    Tool Shadowing

    Cross-server contamination. A malicious server corrupts the behavior of trusted tools on the same client, silently.

    Rug Pull

    Tool behavior silently altered after user approval. Current clients don't detect or notify when tool descriptions change post-install.

    How the Gateway closes it

    MCP-specific defenses, applied inline on every tool call.

    Tool Signature Verification

    Cryptographic signing of tool packages. Block unsigned and tampered tools.

    Description Change Detection

    Continuous monitoring of tool metadata for unauthorised changes. Rug pull defense.

    Tool-Level RBAC

    Per-user, per-agent, per-tool access controls with data scope limiting.

    Policy Engine + Approvals

    Human-in-the-loop for high-risk operations. EU AI Act Art. 14 alignment.

    Agent Chain Reconstruction

    End-to-end tracing of multi-hop agent→tool→tool sequences. OpenTelemetry export.

    Credential Vault (SSO/SCIM)

    Replace static API keys with enterprise-managed auth. OAuth 2.1 + PKCE.

    Cross-Agent Dependency Map

    Visual graph of agent-tool relationships. Identifies single points of failure.

    Server Lifecycle Management

    Deploy, version, monitor, and deprecate servers. Continuous health monitoring with failover.

    Audit Ledger Integration

    Agent Chain evidence flows directly into Audit Ledger (CAVR) and Assurance Packs.