The problem
The assumption every AI governance tool is built on
Every API gateway, every proxy-based governance solution starts from the same premise: AI traffic passes through a central point that we control.
In 2023, that was a reasonable assumption. Developers called APIs. APIs were easy to proxy. In 2026, developers run AI agents locally. Claude Code runs on their laptop. Cursor's AI engine never leaves their IDE. Gemini CLI talks directly to Google.
The gateway assumption isn't just wrong — it creates false confidence. You can configure ANTHROPIC_BASE_URL to point at a gateway, document the policy, and ask every developer to comply. Some will. Some will forget. Some will deliberately work around it. And you'll never know the difference. Your CISO sees a green dashboard. Your auditor sees a coverage report. Neither reflects what's actually happening on developer machines.
The gap
The session your gateway never saw
Without Svalin
A developer opens Claude Code. They ask it to analyse a production database schema. You've configured a gateway and asked developers to route traffic through it — some do. But this developer runs a quick unset ANTHROPIC_BASE_URL in their terminal. The session goes directly to Anthropic's servers.
Your gateway logs the sessions it saw. It has no way to detect the ones it didn't. Your policy engine never fired. Your CISO's dashboard still shows full coverage — because the gap is invisible by design.
One developer. One unset variable. No log entry. No policy enforcement. No way to know it happened.
With Svalin
The same developer opens Claude Code and unsets the environment variable. It doesn't matter. Svalin's agent — deployed to their machine via MDM, independently of any proxy configuration — detects the session at the OS level. The bypass attempt is logged as a compliance alert. The session is captured regardless of routing.
The session is logged with a tamper-evident chain. The bypass event is flagged with device identity and timestamp. Data categories, AI provider, and policy decisions are all recorded — whether the developer cooperated or not.
Complete coverage. Bypass detected. Cryptographic proof.
Comparison
API Gateways vs Svalin
Both claim to govern AI. Only one can prove completeness.
| API Gateway / Proxy | Svalin | |
|---|---|---|
| Deployment model | Cloud-hosted proxy — traffic must be routed through it | MDM-deployed agent per device (Jamf, Intune, Kandji) |
| Covers Claude Code | ✕ Not enforced — requires developer cooperation, bypasses undetectable | ✓ Yes — captured at device level |
| Covers Cursor AI | ✕ Not enforced — requires developer cooperation, bypasses undetectable | ✓ Yes — captured at device level |
| Covers Gemini CLI | ✕ Not enforced — requires developer cooperation, bypasses undetectable | ✓ Yes — captured at device level |
| Tamper-evident logs | ✕ No — logs can be modified or deleted | ✓ Yes — cryptographic chain, any gap is detectable |
| Completeness proof | ✕ No — can only prove routed sessions | ✓ Yes — every session is accounted for |
| Developer friction | High — requires proxy config, re-routing, browser settings | Zero — silent MDM deployment, no workflow changes |
| Audit-ready evidence | Partial — only what passed through the gateway | Complete — exportable reports for every major framework |
How it works
Governance at the source, not the gateway
Svalin intercepts AI sessions where they originate — on the developer's machine — before any traffic reaches an AI provider. No proxy re-routing. No browser extension. No developer action required.
Deploy via MDM
Svalin's lightweight agent is pushed to every developer machine through your existing MDM — Jamf, Microsoft Intune, or Kandji. No developer action needed.
Capture every AI session at the device level
The agent wraps MCP servers and monitors AI tool configurations at the OS level — Claude Code, Cursor, Gemini CLI — before traffic leaves the machine. No routing required. Bypass attempts are detected regardless of how they're executed.
Build a tamper-evident log chain
Each session entry is cryptographically linked to the previous one. Any gap, deletion, or modification breaks the chain and is immediately detectable — even by administrators.
Enforce policies before traffic leaves
Policies deployed via MDM apply on device. Data category rules, provider restrictions, and content controls fire before any data reaches an AI provider.
Generate audit evidence on demand
One-click compliance reports mapped to EU AI Act, NIST AI RMF, ISO 42001, ISO 27001, SOC 2, and GDPR. Complete evidence, no manual gathering.
Audit readiness
Questions your auditor will ask
AI governance audits are moving from policy documentation to operational evidence. These are the questions that expose gateway-dependent tools.
Auditor question
"Can you show me every AI session from the last 90 days, including sessions that didn't go through your gateway?"
Svalin logs every session at the device level, regardless of routing. The answer is yes — with a cryptographic completeness proof showing no session is missing from the record.
Auditor question
"What data was sent to Claude Code last Tuesday by your engineering team?"
Svalin captures session context at the point of origin. Data categories, AI provider, user, timestamp, and policy outcome are available for any session, any user, any time range — exportable for audit.
Auditor question
"How do you know your governance controls weren't bypassed?"
Svalin operates at the OS level via MDM — independently of proxy configuration. Even if a developer unsets environment variables, uses a VPN, or finds another workaround, the bypass is detected and logged as a compliance event. Tamper-evident log chains mean any gap or modification is cryptographically detectable. Governance completeness is provable, not assumed — the chain either holds or it doesn't.
See the sessions your gateway is missing
Request a demo and we'll show you exactly what AI activity is happening outside your current governance perimeter.
Request a Demo