← Back to site Get started →
Platform Brief · Confidential

The AI governance gateway
your workforce has been waiting for.

membrAIn eliminates the only thing standing between your organization and the AI tools that actually matter — the security, compliance, and governance gap that keeps IT saying no while employees go around them anyway.

FIPS AES-256-GCMEncryption standard
One env varFull deployment
Every OSZero install
$149–$349Per agent / month
The problem
67% of enterprises have already been breached by AI tools they didn't approve.

The AI adoption gap is not about willingness — it's about trust. Your team wants Claude, GPT-4o, and Gemini. Your organization's best performers are already using them on personal accounts, in browser sessions that IT cannot see, sending prompts that contain company data to providers that have no contractual relationship with your organization.

Meanwhile, IT and legal are saying no to the official request. Not because AI isn't valuable — the data on that is unambiguous — but because there is no governance layer. No audit trail. No DLP protection. No way to prove compliance to a regulator who asks what happened.

The result: the security-conscious organization falls behind. The employees work around it. The data leaks anyway. And when something goes wrong, there is no evidence chain to investigate it.

67%
Enterprises breached by shadow AI
50min
Saved per AI user per day
26%
CIOs cite security as #1 AI blocker
The scenario that keeps CISOs awake at night
An AI agent reads a vendor email, follows an embedded malicious instruction, and exfiltrates 60,000 customer records. The firewall logs show nothing unusual. No human touched a credential. OWASP 2026 ranks this — goal hijacking via indirect prompt injection — as the #1 AI security threat. Traditional security tools cannot detect it because it looks like normal HTTPS traffic to an AI provider.
The solution
One URL that governs every AI call across your entire organization.

membrAIn is a cloud-hosted API gateway that sits between your LLM SDKs and every AI provider. Your developers change one environment variable. Everything else — FIPS encryption, DLP scanning, threat detection, lineage chain, audit log, cost attribution, compliance documentation — happens automatically at the gateway, before any message reaches a model.

No agent to install. No MDM required. No code changes beyond a single env var. Works on Windows, macOS, Linux, iOS, Android, Docker, CI/CD, and serverless — because it is just a URL, and every platform that makes an HTTPS request works with it.

# Before — ungoverned, unencrypted, invisible to IT
ANTHROPIC_API_KEY=sk-ant-...

# After — fully governed, two variables, zero code changes
ANTHROPIC_BASE_URL=https://gateway.getmembrain.ai/c/your-account-id
MEMBRAIN_KEY=mbr_live_citadel_your-key-here
Every AI call from that moment on
✓  DLP scanned before the LLM sees the payload (40+ pattern types)
✓  FIPS AES-256-GCM encrypted in the audit record
✓  Ed25519 signed lineage envelope — unforgeable provenance chain
✓  Real-time threat detection — 8 OWASP Agentic threat categories
✓  Token cost attributed by agent, team, and project
✓  Visible in governance dashboard within milliseconds of the first call
How it works
Three layers. One gateway. Complete protection.
1
Unlock — every AI tool that actually matters
Claude Sonnet 4.6. GPT-4o. Gemini 2.0. AWS Bedrock. Azure OpenAI. Every major provider through one governed gateway URL. IT and legal say yes — because the controls are real and auditable. Your team stops using shadow AI because the real tools are finally approved. Multi-provider routing with automatic failover across three global regions.
2
Protect — detect and contain threats before they execute
Every payload is DLP-scanned before the LLM sees it. Prompt injection patterns checked. Goal hijacking detected. Behavioral baseline anomaly scoring runs per agent. When a threat is detected at HIGH severity, the agent is automatically quarantined, a signed incident report is generated, PagerDuty fires, and your security team is notified — all within 30 seconds, before any human touches a keyboard.
3
Prove — compliance documentation that writes itself
Every AI interaction is logged, FIPS encrypted, Ed25519 signed, and SHA-256 hash-chained in an immutable audit trail. EU AI Act Article 11 technical documentation is auto-generated from gateway telemetry. HIPAA §164.312 audit controls report. SOC 2 CC6.1 evidence package. GDPR Article 30 record of processing. No manual assembly required — the audit log is the compliance artifact.
Technical architecture
Built with zero supply-chain risk and a minimal attack surface.

The gateway is written in Go using the standard library only — no external dependencies by design. Every external dependency is a supply-chain attack surface; the core gateway has none. It runs on Cloudflare's global edge network across 300+ locations, or on Fly.io for dedicated multi-region deployment. The DoH resolver runs as a Cloudflare Worker that intercepts DNS queries for 30+ AI provider domains and returns the gateway IP — covering browser sessions and mobile without any endpoint install.

Layer 1 — Encryption
FIPS AES-256-GCM application layer
AES-256-GCM with hardware acceleration (AES-NI). FIPS 140-3 validated via aws-lc-rs. The lineage envelope is encoded into the AES-GCM AAD field — authenticated but not encrypted, zero payload overhead. <200μs per message. Not channel encryption — payload encryption that survives into the audit record.
Layer 2 — Provenance
Ed25519 cryptographic lineage chain
Every message carries a signed lineage envelope: source agent UUID, claim type (WITNESSED / INFERRED / RELAYED), confidence class, upstream hash, timestamp, Ed25519 signature. Tamper the lineage, invalidate the message. The chain traces every claim back to its origin — unforgeable, auditable, mathematically verifiable.
Layer 3 — Intelligence
Trust scoring and threat detection
40+ DLP patterns scanned inline before AES encryption. Prompt injection pattern library (OWASP ASI01). Behavioral fingerprint baseline per agent — deviation scoring catches novel attacks that pattern matching misses. Excessive agency detector validates tool call scope against registered capabilities.
Layer 4 — Governance
Full enterprise governance suite
Cost attribution by team/agent/project with hard budget stops. Model version pinning with approval workflow. Acceptable Use Policy acknowledgment enforced at gateway — first call blocked until employee signs. Auto-quarantine with signed PDF incident reports in <30 seconds. Compliance documentation auto-generated from audit log.
Competitive landscape
The only platform with FIPS encryption and cryptographic lineage.

Every competitor secures the channel or monitors traffic. None deliver application-layer FIPS encryption with an unforgeable cryptographic lineage chain embedded at the wire level.

Capability membrAIn TrueFoundry Prompt Security WitnessAI Bifrost
FIPS AES-256-GCM✓ App layer
Cryptographic lineage✓ Ed25519
Zero endpoint install✓ One env var~ Library~ Config~ Agent~ Self-host
iOS / Android support✓ All platforms
DLP pre-LLM scanning✓ 40+ patterns~ Limited
Auto-quarantine + report✓ <30s PDF~ Alerts~ Alerts
AUP gateway enforcement
EU AI Act compliance docs✓ Auto-generated~ Manual~ Manual
Starting price$149/agent/moQuote onlyQuote onlyQuote onlyFree OSS
Compliance & certifications
Built for regulated industries from day one.

membrAIn's architecture was designed to meet the requirements of regulated environments — healthcare, financial services, legal, government contractors — where AI governance is not optional and the cost of a violation is measured in seven figures.

FIPS 140-3 EU AI Act (Aug 2026) HIPAA §164.312 SOC 2 Type II (in progress) GDPR Article 30 OWASP Agentic Top 10 NIST AI RMF

EU AI Act (August 2026 enforcement): Full enforcement for high-risk AI systems begins August 2, 2026, with fines up to €35M or 7% of global revenue. membrAIn's auto-generated Article 11 technical documentation, audit log, and human oversight mechanisms directly address the obligations for organizations deploying AI in employment, healthcare, financial services, or critical infrastructure.

HIPAA: The DLP engine blocks or redacts PHI (including DOB, MRN, NPI, and 12 other identifiers) before any prompt reaches a model provider. Every interaction is logged with a HIPAA-compliant audit trail that satisfies §164.312(b) requirements.

Pricing
Transparent. Pays for itself on day one.
Fortress
$149
per agent · per month · min 10 agents · annual
AES-256-GCM gateway encryption
DLP scanning (40+ patterns)
Prompt injection detection
Immutable audit log
Multi-provider routing
Governance dashboard
Most popular
Citadel
$249
per agent · per month · min 10 agents · annual
Everything in Fortress
ECDH P-384 forward secrecy
Behavioral baseline + anomaly detection
Auto-quarantine + signed incident reports
Cost attribution + hard budget stops
EU AI Act / HIPAA compliance docs
Model version pinning + AUP enforcement
Cosmos
$349
per agent · per month · min 10 agents · annual
Everything in Citadel
Shamir 5-of-3 threshold key custody
SIEM integration (Splunk, Sentinel)
Air-gapped deployment option
99.99% uptime SLA
Dedicated account team

PLATFORM 100–1,000 SEATS: $150K–$500K/YR · ENTERPRISE OEM 1,000+ SEATS: $500K–$2M + ROYALTIES

Return on investment
The ROI isn't membrAIn. It's everything membrAIn unlocks.

Enterprise workers using AI save 40–60 minutes per day. At a loaded hourly cost of $65, that's $2,708–$4,062 per employee per year in recovered productivity — for every employee who gains access to governed AI tools. membrAIn at Citadel for 50 agents costs $149,400/year. The productivity value of 50 employees gaining AI access is $135,000–$203,000/year. Before token savings, incident avoidance, or compliance cost reduction.

The more accurate framing: what is the cost of the next AI-related compliance violation? A single HIPAA violation averages $50,000–$1.9M. A GDPR enforcement action for undocumented AI processing: up to €35M. A data breach from shadow AI: industry average $4.88M (IBM 2024). membrAIn's annual cost at any tier is a fraction of any one of those outcomes.

Ready to give your team the AI tools worth using?

15-minute live demo. We connect your AI tools through the membrAIn gateway live and show the governance dashboard in real time. Under NDA on request.

Get started now → Back to site

© 2026 Rahab Vajra Pact LLC · Charlotte, NC · hello@getmembrain.ai · Patents pending