Gateway

Encrypted inference for every model and agent

Encrypted inference at the gateway. Every model. Every agent.

support-bot
claims-app
ops-runner
mirror-sdk
MIRROR GATEWAYone endpoint
PLAINno encryption
E2Eencrypted in flight
FHEencrypted in use
LOCALin your network
POLICY CHECK · SIGNED RECEIPT on every call
ModelsGPT-4o · Claude · Llama
MemoryMirror-VDB · Pinecone
Toolsshell · browser · search
MCP serversGitHub · Slack · Asana
Other agentsA2A · subgraph
Internal APIsyour backend · data

The problem

Every model call leaves your perimeter in plaintext. No policy at the door, no record of what was sent.

Each app and agent hits its own provider its own way: keys sprayed across services, prompts and data egressing in the clear, and no single place that can say what was asked, what came back, or whether it was even allowed. The busiest path in your stack has the least control.

Mirror restores Encryption, Policy, and Proof · on every call.

Encrypted inference at the gateway

The plaintext never lives at the gateway. Or anywhere else along the way.

Other gateways route. Mirror Gateway routes and keeps the inference path encrypted from the agent to the model and back. Pick the lane per route; Mirror never sees the plaintext on a non-Plain lane.

Gateway is hosted. VectaX runs where your data lives when it can't leave at all.

  1. 01

    Agent or app

    your code

    An agent or app calls the Mirror endpoint with a request. Encryption happens at the source via the SDK.

  2. 02

    Gateway

    Mirror · encrypted in

    The request enters encrypted. Mirror never sees the plaintext on the way in.

  3. 03

    Policy + lane

    AgentIQ · lane select

    Policies fire on encrypted metadata where possible; the lane (Plain · E2E · FHE · Local) is picked per route.

  4. 04

    Model

    OpenAI · Anthropic · local · FHE

    The chosen model receives the request. In plaintext only if the lane allows it; otherwise it computes on ciphertext.

  5. 05

    Trace + receipt

    Observability · signed

    The response returns through the same path. A signed receipt and full trace land in Observability.

Pick the lane per route

Four lanes. Switch encryption posture per route, not per gateway.

Some routes need plain speed; some need encrypted in and out; some need FHE all the way through; some run entirely inside your boundary. Configure each route's lane independently.

    Plain

    fastest · no encryption in path

    Standard routing for non-sensitive workloads. Gateway acts as a routing + observability layer; the model sees plaintext.

    → Mirror sees the call · model sees plaintext

    End-to-end encrypted

    encrypted in · encrypted out

    The request and response are encrypted end-to-end between your client and the trusted model endpoint. Mirror routes ciphertext.

    → Mirror routes ciphertext · model decrypts inside trust boundary

    FHE

    model computes on ciphertext

    Inference runs on ciphertext via VectaX. Plaintext never exists outside the agent. Use for the most regulated workloads.

    → Provably unreadable to Mirror itself

    Local

    model in your VPC · on-prem · sovereign region

    Route to models you host. Gateway carries policy and trace, but the inference happens inside your boundary entirely.

    → Inference stays inside your network

Scale

Production throughput. Linear scaling.

Sustained throughput across 1k–10k concurrent agents on a single Mirror cluster. Kubernetes autoscale, no manual partitioning. Client-side encryption adds 2–5 ms.

Concurrent agents Sustained throughput Tier 1 p95 latency Gateway nodes
1,000 ~2,800 req/sec ~45 ms 3 nodes
5,000 ~13,500 req/sec ~52 ms 12 nodes
10,000 ~26,000 req/sec ~68 ms 24 nodes
Design ceiling Linear scaling validated · Kubernetes autoscale

Numbers are a shape, not a quote. Workload mix, model selection, encryption posture, and policy complexity all move them. The technical brief has per-config rows.

Complete visibility

Observability rides on top. Audit-grade, by default.

Generic gateways log HTTP. Mirror logs decisions. Every trace is searchable, attributable, and ready for audit. Four built-in views below; the underlying decision stream is also queryable as raw events.

    Traces

    every call · full path

    Every routing decision, lane choice, policy verdict, classifier outcome, and inference call lands as a queryable trace. Signed, timestamped, attributable.

    Cost

    tokens · spend · breakdown

    Spend by model, lane, agent, and route. Real-time and historical. Catches the agents that drift toward expensive models before the bill does.

    Decision explorer

    what fired · what almost did

    Search every policy decision. See what blocked, what redacted, what passed with a near-miss. Drill from a single decision into the full request tree.

    Per-agent timeline

    one agent · whole story

    Pick an agent from the registry; see every call it made, every policy that fired, every model it touched. Pre-built for investigation.

Why Mirror Gateway, not a generic AI gateway

Generic AI gateways route plaintext. Mirror Gateway runs encrypted by default.

Generic AI gateways

  • Route plaintext to the model on every call
  • Policy bolted on, or absent
  • Logs say what happened, never what was blocked
  • Cost is a dashboard, not a guardrail
  • Trace is HTTP, not the decision tree

Mirror Gateway

  • Encrypted lanes per route (Plain · E2E · FHE · Local)
  • AgentIQ policy enforced at the door, in the request path
  • Signed receipts and audit-grade decision stream by default
  • Cost, lane, and agent visible on every call
  • Trace is the decision tree. Search what fired, what didn't

Frequently asked

Questions, answered

What is Gateway and how does it relate to the other Mirror Security products?
Mirror Gateway is the unified integration point for the Mirror platform, the single layer through which VectaX, AgentIQ, Zero, and DiscoveR operate together. Instead of integrating four security systems, customers route all AI traffic through Mirror Gateway, which handles identity verification, policy enforcement, encryption posture selection, routing, and signed audit in one place. One integration, one policy plane, one audit trail across the entire AI stack.
We already have an API gateway. Why do we need a separate AI gateway?
Mirror Gateway is not a general-purpose API gateway. It is a security control plane built for AI traffic. Standard API gateways handle routing and rate limiting for structured requests; they cannot parse prompt content, enforce AI-specific policies, apply FHE at the inference layer, or generate cryptographic attestation of execution environments. Mirror applies AgentIQ policy at the door, signs outputs for tamper-evident audit, routes to the chosen encryption lane (PLAIN, E2E, FHE, LOCAL), and streams encrypted responses.
What does 'policy at the door' mean in practice?
Mirror Gateway enforces policy before any AI model processes a request, not after. Every request passes through Mirror first, where AgentIQ policies fire: PII is redacted, prompt injection is blocked, agent identity is verified, and permissions are checked. Requests that fail policy are denied at the gateway before any model sees them. The model, the provider, and downstream systems only ever receive traffic that has passed the customer's security controls.
What are 'signed receipts' and why do they matter?
Every inference routed through Mirror Gateway generates a signed receipt: a cryptographic, tamper-evident record of what was sent, what was returned, which policy decisions were applied, and which execution environment processed the request. Unlike a standard log entry, which can be altered, a Mirror signed receipt is independently verifiable. For regulated industries under GDPR, HIPAA, EU AI Act, or SOC 2, signed receipts are the difference between asserting that controls worked and being able to prove it to an auditor.
How does Gateway scale? What's the throughput ceiling?
Mirror Gateway scales linearly on Kubernetes autoscale. The validated envelope is 1,000 concurrent agents at ~2,800 req/sec (p95 ~45 ms, 3 nodes), 5,000 concurrent agents at ~13,500 req/sec (p95 ~52 ms, 12 nodes), and 10,000 concurrent agents at ~26,000 req/sec (p95 ~68 ms, 24 nodes). Client-side encryption adds 2–5 ms. No manual partitioning, no provider lock-in. The full per-rig table is on /platforms/gateway.
Can Gateway connect to any LLM provider, or only Mirror Security's own infrastructure?
Mirror Gateway is provider-agnostic by design. It enforces identity, policy, encryption, and audit uniformly across all AI traffic, whether requests go to on-premises models via VectaX, private cloud confidential enclaves, or external LLM providers where policy permits. Customers are not locked into a single model or cloud. The customer's security posture (OWASP LLM Top 10 controls, EU AI Act compliance evidence, NIST AI RMF audit trails) travels with the AI traffic regardless of where compute happens.

Get started

See encrypted AI security in action.

FHE-native inference. Runtime agent guardrails. Continuous red teaming. One platform. Book a working session with the team.

Six layers. One agent estate.

Every Mirror product is one layer of the same surface. Adopt one, or stack them.

VectaX

AI Data Security

Encrypt context, prompts, embeddings, and inference output end-to-end. AI keeps working on data that's mathematically guaranteed to stay private.

Explore VectaX

DiscoveR

Vulnerability Scanning

Hunt prompt injection, model leaks, and AI-specific zero-days as they emerge across every model, agent, and integration in your stack.

Explore DiscoveR

AgentIQ

AI Agent Security

Watch every action, tool call, and decision from your agents. Anomaly alerts, automated response, and a full audit trail built for compliance.

Explore AgentIQ

Zero

AI Governance

The agent estate, governed. Discovers every AI agent (sanctioned or shadow) and runs the four governance workflows.

Explore Zero

Gateway

AI Gateway

Inspect, authenticate, and throttle traffic before it reaches your models. Prompt firewall, edge auth, and policy enforcement with an audit trail at the door.

Explore Gateway

CodePrism

AI Coding

Coding on encrypted code. Coding assistance, indexing, review, and security scans, all on ciphertext.

Explore CodePrism