membrAIn — Unlock AI Across Your Workforce

What we cover

Every AI tool. One governance layer.

Most AI governance tools only cover what you build. We cover what you build, what your vendors built, and what your employees use on the side.

Lane 1 · API Gateway

Custom AI apps

Real-time interception of every API call. Set 2 env vars in your app. Works with Anthropic, OpenAI, Google, Bedrock, Azure OpenAI, Ollama. Full prompt + response visibility. Inline DLP, AUP enforcement, sub-50ms overhead.

Claude GPT-4o Gemini Bedrock Azure Ollama

Lane 2 · Audit Connectors

SaaS-embedded AI

For AI features your vendors built into their tools. We pull audit logs directly from each vendor on a 5-minute cadence, normalize the events, sign them, and unify them with your gateway audit chain.

M365 Copilot GitHub Copilot Workspace AI Salesforce Q3 Slack Q3

Lane 3 · Browser Extension

Shadow AI

For employees using ChatGPT and Claude.ai on personal accounts. Push the managed extension via Group Policy or Intune. Pre-flight DLP scan blocks SSNs and API keys before they leave your network. Every interaction logged.

ChatGPT Claude.ai Gemini Perplexity DeepSeek Mistral

All three lanes feed one D1 audit chain · one DLP scanner · one compliance report.

What each lane actually does
Gateway: real-time DLP & blocking on agents you build. Connectors: post-hoc audit of SaaS AI — we ingest logs after the fact, we don't block Copilot. Extension: browser-only DLP with pre-flight blocking before paste/submit.

The problem

Your team is already using AI.
You just can’t see it.

✗

Shadow AI everywhere

47% of employees use personal AI accounts for work. 67% of enterprises have already suffered a breach from unmonitored AI use. Your policy says no. Your team says yes anyway.

✗

Stuck with the wrong tools

Your org defaults to Copilot because it’s bundled. Claude Sonnet 4.6 and GPT-4o fundamentally change what your best people can do. Your team deserves the tools that matter, not the ones easiest to procure.

✗

No audit trail, no compliance

EU AI Act enforcement begins August 2026. HIPAA violations from AI use are already happening. Without an immutable audit trail, you cannot investigate, remediate, or prove compliance to anyone.

✗

Prompt injection and agent hijacking

OWASP 2026 ranks goal hijacking #1. An agent reads a vendor email with an embedded malicious instruction, executes it, and exfiltrates 60,000 records. Your firewall logs show nothing unusual.

The membrAIn fix — two environment variables

          # Before: direct to provider (ungoverned)

          ANTHROPIC_API_KEY=sk-ant-...

          # After: governed gateway (zero code change)

          ANTHROPIC_BASE_URL=https://gateway.getmembrain.ai/c/acct

          MEMBRAIN_KEY=mbr_live_citadel_your_key

✓ FIPS AES-256-GCM active · Ed25519 lineage signed
✓ DLP scanning before LLM sees payload
✓ Real-time threat detection · audit log streaming
✓ Portal dashboard live on first call

Every OS. Every platform. Zero install.
Windows · macOS · Linux · iOS · Android · Docker · CI/CD · Serverless. If it makes an HTTPS request, membrAIn governs it. No agent. No MDM. No IT ticket.

How it works

Three layers. One URL.
Complete protection.

01 / UNLOCK

Every AI tool that actually matters

Claude Sonnet 4.6. GPT-4o. Gemini 2.0. AWS Bedrock. Every provider through one governed gateway. IT and legal say yes — because the controls are real. Your team stops shadow AI because the real tools are finally approved.

Zero code changes

02 / PROTECT

Detect and contain threats before they execute

DLP scans every payload before the LLM sees it. Prompt injection detection. Goal hijacking patterns. Behavioral baseline anomaly scoring. When a threat fires, the agent is auto-quarantined and a signed incident report generated — before a human touches a keyboard.

8 OWASP threat categories

03 / PROVE

Compliance documentation that writes itself

Every AI interaction logged, FIPS encrypted, Ed25519 signed, and hash-chained. EU AI Act Article 11 docs auto-generated. HIPAA audit controls. SOC 2 evidence package. GDPR Article 30 record. Built automatically from gateway telemetry — no manual assembly.

EU AI Act · HIPAA · SOC 2 · GDPR

Full platform

Everything built to deliver
the complete solution.

Twelve components. All production-engineered. The gateway ships first and delivers the core value. Everything else layers on.

Cloud API Gateway

Core · Ships first

Go/Rust reverse proxy on Cloudflare Workers. OpenAI-compatible API surface. mTLS per enrolled agent. AES-256-GCM + Ed25519 lineage inline. Multi-region auto-failover. Sub-50ms overhead. Health check + real-time telemetry. The entire product in one URL.

Go / RustCloudflare Workersaws-lc-rs FIPSmTLS

DLP Scanning Engine

Core · Ships first

Inline payload scan before AES encryption and before the LLM sees the content. 40+ pattern types: SSN, PHI, credit card PANs, API keys, credentials, source code. ML classifier for secrets. Block | Redact | Warn dispatch in <5ms. Violation logged without storing content.

Regex + MLHIPAA patterns<5ms overhead

Key Management System

Core · Ships first

ECDH P-384 key delivery (Citadel tier). Per-channel key derivation with 38/38 stress tests passed. Rotation cascade: one API call rotates entire fleet. Ed25519 per-agent signing keypair provisioned at enrollment. Shamir 5-of-3 threshold for Cosmos tier.

ECDH P-384Ed25519Shamir

Threat Detection Engine

Core · Ships first

Prompt injection pattern library. Goal hijacking and indirect injection detection. Behavioral fingerprint baseline per agent. Excessive agency scope validator. Data exfiltration anomaly scoring. Agent impersonation via Ed25519 verification. Auto-quarantine on HIGH severity in <30 seconds.

OWASP Top 10Behavioral MLAuto-quarantine

Audit Log Pipeline

Core · Ships first

In-process buffer → async flush → Ed25519 signed NDJSON → S3 / SIEM. Every interaction logged: agent ID, model version, token counts, trust score, DLP result, lineage hash. Immutable hash-chained. Queryable from portal. SIEM export to Splunk, PagerDuty, custom webhook.

NDJSONS3 / SIEMHash-chained

Incident Response Automation

Q2 2026

Auto-quarantine on threat detection. Signed PDF incident report in <30 seconds. PagerDuty + Slack webhooks. 4 default playbooks: injection, exfiltration, DLP, budget exceeded. Admin releases agent via portal — logged action. Mean time to contain target: <60 seconds end-to-end.

PagerDutySlackSigned PDF

Cost Attribution + Budget Controls

Q2 2026

Token spend by team, agent, and project in real time. Configurable budget limits with three enforcement tiers: soft alert at 80% (email + Slack), hard alert at 95% (PagerDuty), hard stop at 100% (gateway returns 429, all calls blocked). Finance and IT both get what they need.

Real-time attributionHard budget stopsPer-agent granularity

Compliance Report Generator

Q2 2026

Queries audit log → auto-generates structured compliance documentation. EU AI Act Article 11 technical documentation. HIPAA §164.312 audit controls. SOC 2 CC6.1 evidence package. GDPR Article 30 record of processing. Export PDF or structured JSON. No manual assembly required.

EU AI ActHIPAASOC 2GDPR

Model Governance + AUP Enforcement

Q2 2026

Model version pinning per agent. Change notifications when providers update underlying weights. Approval workflow before updates go live. Acceptable Use Policy acknowledgment — gateway holds first call until employee acknowledges. Every acknowledgment logged to immutable audit chain.

Version pinningAUP enforcementApproval workflow

DoH Resolver — Layer 2

Q2 2026

DNS-over-HTTPS profile extends gateway coverage to browser sessions and shadow AI. Intercepts AI provider domains (api.anthropic.com, api.openai.com, 30+ more). MDM push for managed devices. Android: Private DNS setting. iOS: MDM profile. Chrome: Group Policy. Zero user action on managed devices.

DoHMDM / Intune / JamfiOS · Android · Chrome

Integration Wrappers

Q3 2026

@membrain/langchain — one-line drop-in around any LangChain LLM. CrewAI agent-to-agent interception. MCP server wrapper for tool call governance. LangGraph, AutoGen, custom agent support. Most frameworks require only the gateway URL change — no wrapper needed at all.

LangChainCrewAIMCPAutoGen

npx membrain verify CLI

Q3 2026

One command confirms the integration is working: encrypted message sent, trust score returned, lineage chain verified, dashboard shows agent live. The “you’re done” moment. Removes all uncertainty from the first-time onboarding experience. Target: under 10 seconds from zero to green.

Node.js CLInpx zero-installDashboard auto-open

Competitive comparison

The only platform with FIPS encryption
and cryptographic lineage.

Every competitor secures the channel or monitors traffic. None deliver application-layer FIPS encryption with an unforgeable cryptographic lineage chain. That is the moat.

Capability	membrAIn	TrueFoundry	Prompt Security	WitnessAI	SlashLLM	Bifrost	Akamai AI Firewall
FIPS 140-3 AES-256-GCM	✓ Application layer	✗	✗	✗	✗	✗	✗
Cryptographic lineage chain	✓ Ed25519 signed	✗	✗	✗	✗	✗	✗
Zero endpoint install	✓ 2 env vars	~ Library	~ API config	~ Agent	~ Container	~ Self-host	~ Proxy
iOS & Android support	✓ All platforms	✗	~ Web only	✗	✗	✗	~ Edge
DLP / PII scanning (pre-LLM)	✓ 40+ patterns inline	✓	✓	✓	✓	~ Limited	✓
Prompt injection detection	✓ 8 OWASP cats	✓	✓	✓	✓	~ Basic	✓
Auto-quarantine + signed report	✓ <30s PDF	~ Alerts only	~ Alerts only	✓	~ Alerts only	✗	~ Alerts only
Cost attribution + hard stops	✓ Hard budget stops	✓	✗	✗	✓	✓	✗
Acceptable use enforcement	✓ Gateway-enforced	✗	✗	✗	✗	✗	✗
Model version pinning	✓ Per-agent approval	~ Routing only	✗	✗	~ Routing	✓	✗
Compliance docs auto-generated	✓ EU AI Act + HIPAA	~ Manual	✗	~ Manual	✓	✗	✗
Multi-provider routing	✓ One URL all	✓	✓	~ Limited	✓	✓ 20+	~ API
Starting price / model	$149/agent/mo	Enterprise quote	Enterprise quote	Enterprise quote	Enterprise quote	Free OSS	Enterprise quote

Pricing

Transparent. Every dollar accounted for.

Three components. No hidden fees. You see exactly what you pay for in the portal — with downloadable invoices and per-component breakdowns.

Component 1

$999

platform fee · per month

Always-on infrastructure

The gateway, the audit chain, the DLP engine, the AUP enforcement, the compliance reports. Pays for the platform itself, regardless of how much you use it.

Component 2

$49

per integration · per month

Each connection you govern

An "integration" is an API service you register (one per custom AI app) or an audit connector (M365 Copilot, GitHub Copilot, Workspace AI). Each one synced, signed, and audited.

Component 3

$15

per active user · per month

Each governed identity

Unique employee identities that actually used AI through any of our three lanes this cycle. Deduped — if alice@acme.com appears in M365 Copilot and the extension, she counts once.

Example: 200-person company

What you would pay each month

Platform fee

Always-on governance

flat

$999

7 integrations

5 custom AI apps + M365 + GitHub Copilot

7 × $49

$343

160 active users

Unique identities seen across all sources this cycle

160 × $15

$2,400

Total / month

$3,742

For reference: 200 employees × the average $40-60/seat/month enterprise AI governance pricing = $8,000-12,000/month. membrAIn lands at less than half that because we only charge for users actually using AI, not seats sitting idle.

Your workforce deserves
better AI tools.
IT deserves peace of mind.

Give your workforce
AI tools worth using.

Your workforce deservesbetter AI tools.IT deserves peace of mind.

Give your workforceAI tools worth using.

Request a demo

Create your account

Sign in to membrAIn

Your workforce deserves
better AI tools.
IT deserves peace of mind.

Give your workforce
AI tools worth using.