Gateway
Encrypted inference for every model and agent
Encrypted inference at the gateway. Every model. Every agent.
The problem
Every model call leaves your perimeter in plaintext. No policy at the door, no record of what was sent.
Each app and agent hits its own provider its own way: keys sprayed across services, prompts and data egressing in the clear, and no single place that can say what was asked, what came back, or whether it was even allowed. The busiest path in your stack has the least control.
Encrypted inference at the gateway
The plaintext never lives at the gateway. Or anywhere else along the way.
Other gateways route. Mirror Gateway routes and keeps the inference path encrypted from the agent to the model and back. Pick the lane per route; Mirror never sees the plaintext on a non-Plain lane.
Gateway is hosted. VectaX runs where your data lives when it can't leave at all.
- 01
Agent or app
your code
An agent or app calls the Mirror endpoint with a request. Encryption happens at the source via the SDK.
- 02
Gateway
Mirror · encrypted in
The request enters encrypted. Mirror never sees the plaintext on the way in.
- 03
Policy + lane
AgentIQ · lane select
Policies fire on encrypted metadata where possible; the lane (Plain · E2E · FHE · Local) is picked per route.
- 04
Model
OpenAI · Anthropic · local · FHE
The chosen model receives the request. In plaintext only if the lane allows it; otherwise it computes on ciphertext.
- 05
Trace + receipt
Observability · signed
The response returns through the same path. A signed receipt and full trace land in Observability.
Pick the lane per route
Four lanes. Switch encryption posture per route, not per gateway.
Some routes need plain speed; some need encrypted in and out; some need FHE all the way through; some run entirely inside your boundary. Configure each route's lane independently.
Plain
fastest · no encryption in path
Standard routing for non-sensitive workloads. Gateway acts as a routing + observability layer; the model sees plaintext.
→ Mirror sees the call · model sees plaintext
End-to-end encrypted
encrypted in · encrypted out
The request and response are encrypted end-to-end between your client and the trusted model endpoint. Mirror routes ciphertext.
→ Mirror routes ciphertext · model decrypts inside trust boundary
FHE
model computes on ciphertext
Inference runs on ciphertext via VectaX. Plaintext never exists outside the agent. Use for the most regulated workloads.
→ Provably unreadable to Mirror itself
Local
model in your VPC · on-prem · sovereign region
Route to models you host. Gateway carries policy and trace, but the inference happens inside your boundary entirely.
→ Inference stays inside your network
Scale
Production throughput. Linear scaling.
Sustained throughput across 1k–10k concurrent agents on a single Mirror cluster. Kubernetes autoscale, no manual partitioning. Client-side encryption adds 2–5 ms.
| Concurrent agents | Sustained throughput | Tier 1 p95 latency | Gateway nodes |
|---|---|---|---|
| 1,000 | ~2,800 req/sec | ~45 ms | 3 nodes |
| 5,000 | ~13,500 req/sec | ~52 ms | 12 nodes |
| 10,000 | ~26,000 req/sec | ~68 ms | 24 nodes |
| Design ceiling | Linear scaling validated · Kubernetes autoscale | ||
Numbers are a shape, not a quote. Workload mix, model selection, encryption posture, and policy complexity all move them. The technical brief has per-config rows.
Complete visibility
Observability rides on top. Audit-grade, by default.
Generic gateways log HTTP. Mirror logs decisions. Every trace is searchable, attributable, and ready for audit. Four built-in views below; the underlying decision stream is also queryable as raw events.
Traces
every call · full path
Every routing decision, lane choice, policy verdict, classifier outcome, and inference call lands as a queryable trace. Signed, timestamped, attributable.
Cost
tokens · spend · breakdown
Spend by model, lane, agent, and route. Real-time and historical. Catches the agents that drift toward expensive models before the bill does.
Decision explorer
what fired · what almost did
Search every policy decision. See what blocked, what redacted, what passed with a near-miss. Drill from a single decision into the full request tree.
Per-agent timeline
one agent · whole story
Pick an agent from the registry; see every call it made, every policy that fired, every model it touched. Pre-built for investigation.
Why Mirror Gateway, not a generic AI gateway
Generic AI gateways route plaintext. Mirror Gateway runs encrypted by default.
Generic AI gateways
- Route plaintext to the model on every call
- Policy bolted on, or absent
- Logs say what happened, never what was blocked
- Cost is a dashboard, not a guardrail
- Trace is HTTP, not the decision tree
Mirror Gateway
- Encrypted lanes per route (Plain · E2E · FHE · Local)
- AgentIQ policy enforced at the door, in the request path
- Signed receipts and audit-grade decision stream by default
- Cost, lane, and agent visible on every call
- Trace is the decision tree. Search what fired, what didn't
Frequently asked
Questions, answered
What is Gateway and how does it relate to the other Mirror Security products?
We already have an API gateway. Why do we need a separate AI gateway?
What does 'policy at the door' mean in practice?
What are 'signed receipts' and why do they matter?
How does Gateway scale? What's the throughput ceiling?
Can Gateway connect to any LLM provider, or only Mirror Security's own infrastructure?
Get started
See encrypted AI security in action.
FHE-native inference. Runtime agent guardrails. Continuous red teaming. One platform. Book a working session with the team.
Six layers. One agent estate.
Every Mirror product is one layer of the same surface. Adopt one, or stack them.
VectaX
AI Data Security
Encrypt context, prompts, embeddings, and inference output end-to-end. AI keeps working on data that's mathematically guaranteed to stay private.
DiscoveR
Vulnerability Scanning
Hunt prompt injection, model leaks, and AI-specific zero-days as they emerge across every model, agent, and integration in your stack.
AgentIQ
AI Agent Security
Watch every action, tool call, and decision from your agents. Anomaly alerts, automated response, and a full audit trail built for compliance.
Zero
AI Governance
The agent estate, governed. Discovers every AI agent (sanctioned or shadow) and runs the four governance workflows.
Gateway
AI Gateway
Inspect, authenticate, and throttle traffic before it reaches your models. Prompt firewall, edge auth, and policy enforcement with an audit trail at the door.
CodePrism
AI Coding
Coding on encrypted code. Coding assistance, indexing, review, and security scans, all on ciphertext.