Skip to main content
A short reference for the questions that come up most often. If you are missing one, tell us and we will add it.

What is the difference between “Gateway” and “Runtime”?

  • Runtime is the layer: the set of capabilities TrustGate provides at request time (interception, detections, policies, enforcement, observability).
  • Gateway is the component inside the runtime that accepts traffic and applies routing and policies.
In short: Runtime is what TrustGate does; the Gateway is the thing doing it.

Is TrustGate a WAF?

It uses the same pattern — inline inspection and enforcement at the edge — but adapted to AI.
  • A WAF understands HTTP: paths, headers, SQL injection, XSS.
  • TrustGate understands AI: prompts, generations, documents, and tool calls.
You can (and should) run both. They protect different layers.

Does TrustGate block traffic?

It can. Every policy has an action from the set allow, log, mask, block. Inline deployments can block or mask in real time; out-of-band deployments only observe. See Deployment modes.

Does TrustGate use LLMs?

Some detectors use small, specialized models for classification (for example jailbreak or toxicity). These run inside your deployment (or the NeuralTrust plane you chose) — they do not send your traffic to third-party providers.

Will TrustGate slow down my app?

Inline enforcement adds detection overhead to each request. In hybrid deployments the data plane runs in your cloud, so network latency is dominated by the upstream LLM. Plugins are designed to run in parallel and early-exit once a decisive signal is found.

Can I start in “observe only” mode?

Yes, and it is usually the recommended rollout. Run policies with log or run the runtime out-of-band, review detections, then flip to mask or block once policies are tuned.

How does TrustGate handle sensitive data in logs?

Sensitive fragments are redacted according to policy. TrustGate stores minimal tokens or hashes so you can investigate without re-exposing content. See Observability.

Does it work with agents and MCP?

Yes. Tool calls (including MCP) pass through the same policy engine as prompts and responses. See MCP & tool security.

Is it provider-agnostic?

Yes. TrustGate works with any LLM provider, including self-hosted models and internal APIs, in either native or proxy mode. See Integrations.

Where should I start as a platform engineer?

  1. Read Architecture.
  2. Skim Security capabilities.
  3. Pick one high-value route, run TrustGate in observe mode.
  4. Tune policies, then move to inline enforcement.