For Chief Information Security Officer
The AI you do not know is running.
AI exists in scripts, vendor tools, internal automations, and local inference systems. These operate outside governance. Before OBEXGATE enforces anything, it identifies what is actually there.
If you cannot see it before it happens, you cannot prevent it.
Not visibility. Prevention.
Observer Mode shows how your system behaves
Enforce Mode blocks actions before execution
If an action violates policy, it does not run
The visibility problem
Most security tooling assumes it knows what is running.
That assumption is false. Embedded AI, shadow integrations, and unmanaged inference endpoints sit outside the registered surface. A control that does not see them does not govern them.
OBEXGATE identifies what exists before enforcing it. Discovery feeds the same evaluation engine that runs at execution.
Operational difference. Without discovery: unknown systems run without governance. With discovery: hidden systems are surfaced, classified, and brought into the same control surface as registered agents.
What it produces for your SOC
Tamper-evident evidence, on the channels you already monitor.
Every governed decision produces a structured record. Verdicts, audit lineage, and incident artefacts route to the SIEM you already operate.
| Surface | What it does |
|---|---|
| Decision trace | Per-action record: what was evaluated, which frameworks applied, why the decision was made |
| Audit lineage | Tamper-evident chain across every governed event. Cryptographically verifiable. |
| SIEM egress | Splunk, Datadog, Elastic, SentinelOne, plus custom HTTP endpoints |
| Drift detection | Continuous, async monitoring of behavioural shift across agent population. Alerts route to your incident pipeline. |
| Contestation workflow | Right to challenge automated decisions. Regulatory requirement under EU AI Act and several jurisdictions. |
Adoption pattern
Observer Mode first. Enforcement when verified.
Every paying tier ships with Observer Mode. The same evaluation engine runs, but verdicts surface as alerts rather than blocks. This produces the data your team needs to validate rules before enforcement is enabled, and matches the testing cycle most enterprise security programmes already run.
When verification is complete, enforcement activates without redeploy.
Core invariants
Properties the system enforces, not policies you configure.
→ No execution without evaluation
Every governed action passes through the verification gate. No bypass path exists in the topology.
→ Unknown agents surfaced
Discovery runs continuously. Newly observed agents are classified before they are permitted to operate.
→ Enforcement cannot be bypassed
The commit authority is runtime-owned. There is no path to mutate state outside the gate.
→ Every decision traceable
Decision provenance is produced as a side effect of operation. Not assembled later.
See what is running that you have not registered.
Six questions. Personalised regulatory map, cost basis, statutory exposure. Or 30 minutes with the team to walk through what discovery would find in your environment.