AI Gateway — IT Governance
Brutor AI Gateway
Route, secure, and govern all AI traffic — LLMs, MCP servers, and autonomous agents — through one high-performance control plane.
Core Capabilities
LLM Management & Routing
One API for every AI model. Switch providers without changing code.
- 200+ preconfigured models across all major providers (OpenAI, Anthropic, Google, Azure, self-hosted)
- Routing groups with weighted load balancing, failover, and cost-based routing strategies
- Model health checks with configurable intervals and automatic unhealthy model exclusion
- Batch processing — submit thousands of requests asynchronously at reduced provider cost
- Secure API key vault — provider keys encrypted at rest, managed centrally, never exposed to users
- Response caching via Redis for repeated queries
MCP Server Governance
Govern every tool your AI connects to.
- Add MCP servers manually or from the built-in MCP registry
- OAuth proxy handles authentication automatically — tokens encrypted, never exposed to clients
- Deploy MCP servers directly from Docker catalog or GitHub repos
- Kubernetes deployment support for production environments
- Use the built in system MCP servers for Agent Skills and Web Search
- Capability filtering — control which tools, resources, and prompts each group can access
Agent Skill Management
Capture your business logic. Let AI execute it.
- Define agent skills that encode your organisation’s processes, procedures, and domain knowledge
- Skills implemented as MCP tools — any MCP client can discover and use them
- Version-controlled with metadata, scripts, templates, and workflow definitions
- Publish/unpublish controls — skills must be explicitly published before they’re available
- Assign skills to specific resource groups — marketing gets marketing skills, engineering gets engineering skills
Guardrails & Data Governance
Security baked in. Every request filtered. Every response checked.
- Built-in guardrails enabled by default: PII detection, prompt injection blocking, toxic content filtering, banned words
- External guardrail providers: AWS Bedrock Guardrails, Lakera, with most-restrictive-action-wins logic
- Apply guardrails globally or per resource group — different teams can have different security profiles
- Guard surfaces: LLM input/output, MCP input/output, Agent Skill input/output
- API key vault — provider credentials stored encrypted, rotatable, and never exposed to client-side code
Resource Groups & RBAC
Mirror your organisation. Govern at every level.
- Hierarchical resource groups: organisation → department → team → app → agent
- Each group has its own: AI models, MCP servers, Agent Skills, Guardrails, Members, API keys, Limits, and Governance
- Resource Inheritance: child groups inherit resources from parents unless set to standalone – additive
- Governance Inheritance: the effective policy is always the most restrictive value across the group and all its ancestors
- Per-group usage dashboards: requests, cost, tokens, model-level and tool-level breakdown
- 12+ RBAC roles with granular permissions — create custom roles for any access pattern
- Gateway users (portal login) and API keys (agent/app access) as separate authentication paths
Observability & Mission Control
Real-time dashboards. Complete audit trails. Nothing hidden.
- Mission Control dashboard: requests over time, success rates, P99 latency, data transfer, cache stats
- Infrastructure health: real-time status of every MCP server and AI model — reachable or not
- LLM economics: token costs, average cost per request, model-level cost comparison
- Alert system: usage limit breaches, unhealthy models, with acknowledgement workflow
- Prometheus, Grafana, Loki, and OpenTelemetry integration for the full observability stack
Cost Control & FinOps
Know your AI spend. Control it before it controls you.
- Per-group budget limits: daily dollar caps, token limits, request limits for both LLM and MCP
- Real-time enforcement: exceed a limit and the next request is blocked (HTTP 429)
- Batch processing support — route non-urgent workloads through provider batch APIs at up to 50% lower cost
- Usage dashboards at every level: organisation-wide, per-team, per-model, per-tool
- Cost attribution: see exactly which group, user, or API key generated each cost
- Alerts with Slack webhook integration for proactive budget management
Audit & Compliance – Policy-as-Code support
Built to support your compliance journey — from EU AI Act to HIPAA.
- Complete audit trails — every admin action, AI interaction, and tool call logged with who, when, and what
- Proxy logs with full request/response bodies — filterable by user, group, model, server, and date range
- Drill-down from summary views to individual interaction detail
- EU AI Act Article 9 support — guardrails, resource groups, and access controls enforce risk management policies as code
- EU AI Act Article 12 support — traceability and automatic record-keeping with 6-month log retention
- Infrastructure for HIPAA, SOC 2, and GDPR compliance — data governance, access controls, and audit trails your compliance team needs
Performance
Enterprise-grade governance.
Zero performance tax.
Zero performance tax.
The Brutor AI Proxy is built in Rust for maximum throughput and minimum latency overhead. Governance shouldn’t slow your AI down — and with Brutor, it doesn’t.
- High-performance Rust proxy architecture
- Asynchronous I/O for concurrent request handling
- Lightweight governance checks at the proxy level, not via external network hops
- Built-in guardrails run in-process for minimal latency impact
