Skip to main content
TrustGate can run wherever your AI traffic lives. You pick the deployment and enforcement model that matches your data sensitivity, latency budget, and operational posture.

Deployment options

SaaS

TrustGate is fully managed by NeuralTrust. Fastest to adopt; ideal for teams without strict data-residency or on-prem constraints.

Hybrid

Control plane is managed by NeuralTrust; the runtime data plane runs in your cloud. Recommended for most enterprise deployments.

On-prem

Full self-hosting in your environment, including the control plane. Required when data, policies, and logs must never leave your perimeter.

Why hybrid is the common default

  • AI traffic and prompts stay in your cloud.
  • NeuralTrust manages upgrades, detector models, and the policy surface.
  • Policies, detections, and logs can be pinned to your accounts, buckets, and SIEM.

Enforcement modes

Deployment answers “where does it run”; enforcement answers “is it on the critical path”.

Inline

TrustGate sits between the app and the LLM. It can block and mask in real time. Use for production traffic where control is required.

Out-of-band

Traffic is mirrored to TrustGate without blocking. Use for rollouts, audit environments, and baselining before enforcement.
A common rollout path is:
  1. Deploy hybrid, enforcement set to out-of-band, and let detections run for a couple of weeks.
  2. Review alerts, tune policies, and agree on actions with stakeholders.
  3. Flip the relevant policies to inline with block / mask.