Get early access
MCP-native

Control what your AI does.
Not just what it accesses.

The credential layer for AI.

AI agents are starting to take real action — refunds, deploys, infra changes, transfers. Gatekeeper sits between any LLM (Claude, ChatGPT, Cursor, MCP clients) and your credentials. Every request verified, anything outside policy denied. The LLM never sees the credential.

AI
Any LLM
MCP-native. Any agent. Any model. Any provider.
  • Claude
  • ChatGPT
  • Cursor
  • +Any LLM
GATEKEEPER · Policy-enforced execution layer
POLICY ENGINE
Deterministic rule-based enforcement: every request verified, no LLM discretion.
What can this AI do?
SCOPED PER IDENTITY · PER SESSION
From where?
NETWORK BOUNDARIES YOU DEFINE
How much can it spend?
CAPS AND RATE LIMITS YOU SET
DENY BY DEFAULT
SECURE EXECUTION
AWS Nitro Enclave
PCR0 · PER-CALL
Your Credentials
  • AWS keys
  • Wallet keys
  • Stripe
  • GitHub
  • OpenAI
  • Card numbers
  • Any bearer token

Encrypted on your device.

We store ciphertext.

Zero-knowledge.

Target API
  • Stripe
  • AWS
  • GitHub
  • OpenAI
  • +Any HTTPS API
MCP
  • Filesystem
  • Database
  • +Any MCP server
RESULT ONLY · LLM NEVER SEES THE CREDENTIAL · IMMUTABLE AUDIT LOG
Every request verified · No LLM in the policy path · Anything outside your rules is denied
✓ You're on the list. We'll reach out personally.
Trusted by
Cross RiverMagic EdenPhantomFalconX ReapFlowdeskB2C2Maple FinanceWenia Cross RiverMagic EdenPhantomFalconX ReapFlowdeskB2C2Maple FinanceWenia
Compliant with
SOC 2 Type II · GDPR · DORA · MiCA
The shape of the problem

Every team building with AI hits the same wall.

Credentials weren't designed for software that decides on its own. The gap between human authorization and AI execution is where the new breach class lives.

PAIN_01 / KEY EXPOSURE

"How do I give my agent access to Stripe and AWS without hardcoding my API keys? There's no safe way to do this."

r/LangChain · 847 upvotes
PAIN_02 / CONFUSED DEPUTY ↓

An AI agent with secrets:read access posts a production Stripe key into a public Slack channel. No permissions are misconfigured — the system just never checks the intersection of read and write.

Pattern · Confused Deputy
PAIN_03 / RUNAWAY SPEND

An agent loops 47 calls before anyone notices and burns $200. Spend caps don't exist at the credential layer — only on the API provider's billing dashboard, after the charge already cleared.

Pattern · Runaway agent
Use cases

What teams use Gatekeeper for.

Concrete policies for the credentials your AI actually touches.

AI agents using Stripe
Refunds under $500 — auto-execute
Refunds above $500 — human approval required
API key in agent context — blocked at the gateway
Engineering agents using GitHub
Issues, PR drafts, code review comments
Merges to main — human approval required
Secret patterns in outbound writes — blocked
Cloud agents using AWS
Read-only diagnostics, S3 reads, log queries
IAM, RDS, networking changes — human approval required
AWS keys never leave the enclave — SigV4 signed inside
Crypto and fintech agents
Scoped operational tasks within daily caps
Transfers above threshold or to new addresses
Signing key exposure or non-allowlist destinations
How it compares

Built for AI. Not retrofitted from humans.

Password managers and enterprise PAM weren't designed for software that thinks. Here's what changes when you start from the AI down.

Capability Password managers Enterprise PAM Gatekeeper
LLM never receives the credential
Zero-knowledge (operator can't read it)
Hardware-attested enclave execution
Per-identity spend caps and rate controls partial
MCP-native gateway