Cytra Gateway how Cytra delivers compliance
The governed gateway between your AI agents and everything they touch.
Cytra Gateway is the mechanism behind Cytra's compliance: a managed MCP gateway and agent control plane. Every tool call runs through per-tenant policy, credential brokering, and a sandboxed executor — and every call becomes tamper-evident audit evidence mapped to the EU AI Act, NIST AI RMF, and ISO/IEC 42001. The compliance outcome, proven by how your AI runs.
Cytra Gateway is in private beta and is not yet generally available. Self-host and bring-your-own-key options are available to early-access tenants.
The problem
Agents are getting hands. Someone has to govern what they reach.
The moment an AI agent can call a tool, it can touch a database, a clinical API, or a production system — usually holding a long-lived credential and leaving no durable record. Cytra Gateway sits in the middle of that connection and makes every call governed by default: policy first, scoped credentials second, a sandbox third, and a verifiable record last.
How a call flows
Five deterministic steps. Every one of them audits.
The same governed path runs on every invocation.
- 01
Tenant + tool resolution
The inbound host resolves to a tenant, and the tool is matched to that tenant. An unknown host or a cross-tenant tool is denied — and audited.
- 02
Policy evaluation
A deterministic, per-tenant policy engine runs in document order with zero external calls: prod-write blocks, IP allowlists, budget ceilings, approval gates, PII redaction. An operator kill-switch can deny everything instantly.
- 03
Credential brokering
The per-tenant vault decrypts a downstream credential ephemerally and returns a short-lived, tool-scoped token. The raw key is never returned to the agent.
- 04
Sandboxed execution
The tool runs inside a deny-by-default sandbox with a hard timeout and no implicit network egress. Capabilities are granted per tool, not assumed.
- 05
Tamper-evident audit
The call — success or denial — is appended to a per-tenant SHA-256 hash-chain. Reorder, delete, or mutate one record and the chain fails verification.
One platform
A gateway, the governance around it, and the record it leaves.
Cytra Gateway is the flagship of a broader AI-governance platform. Capabilities tagged Private beta ship to early-access tenants; bias and fairness monitoring is available today.
- Private beta
Managed MCP gateway (bring your own client)
A hosted Model Context Protocol surface your existing MCP-compatible agents connect to. You point your client at the gateway; the governance happens in between.
- Private beta
Deterministic policy + kill-switch
Per-tenant rules evaluated identically every time, with no external calls in the decision path. A single operator kill-switch denies every invocation on that control plane instantly.
- Private beta
Credential brokering / per-tenant vault
Downstream credentials stay envelope-encrypted per tenant. The gateway issues short-lived, scoped tokens per call so raw keys never reach the agent.
- Private beta
Sandboxed tool execution
Tools execute inside an isolated, deny-by-default runtime with a hard timeout. Network and filesystem access are granted per tool, never assumed.
- Private beta
Runtime DLP + prompt-injection defense
Inline guardrails redact PII and screen for prompt-injection on the request and response path, so sensitive data and hostile instructions are caught as the call runs.
- Private beta
NHI / agent-identity governance
Treat agents and non-human identities as first-class principals: each has a scoped identity, its own policy lane, and its own audit trail. Access cannot be back-filled.
- Private beta
Compliance-as-record
Gateway runtime telemetry becomes continuous evidence, mapped to NIST AI RMF, ISO/IEC 42001, and the EU AI Act — with an auditor portal and attestation API on the roadmap.
- Private beta
Independently-verifiable WORM audit
Every event lands in a per-tenant, append-only hash-chain designed for an external party to verify. Denials are recorded, not silently dropped.
- Private beta
Compliance-attested MCP tool marketplace
A catalog of tools that have passed the gateway's ingest, schema-pinning, and signing pipeline before they can be published to a tenant. Untrusted bytes never become a live tool unattested.
Bias & fairness monitoring
AIF360-aligned fairness metrics and drift detection run continuously across your models; threshold breaches raise audit-trail entries, not just dashboard pings.
Compliance-as-record
The audit pack is a by-product of operating.
Because every governed call is already a structured, signed record, the gateway turns runtime telemetry into continuous evidence — mapped to the control objectives of NIST AI RMF, ISO/IEC 42001, and the EU AI Act. Instead of reconstructing what happened the week before an audit, you read the chain.
We describe Cytra's posture as aligned, not certified. The platform maps evidence to these frameworks; it does not assert that any certification has been granted. An auditor portal and attestation API are on the early-access roadmap.
NIST AI RMF — Govern / Map / Measure / Manage activities backed by recorded gateway events.
ISO/IEC 42001:2023 — AI management-system controls evidenced from runtime, not from a binder.
EU AI Act — Article 12 logging and the records an Annex IV / conformity assessment expects.
Per-tenant WORM hash-chain designed for independent verification of the evidence itself.
Built to be inspected
- Topology
- Cloudflare + AWS + Kong
- SOC 2 Type II
- In process
- HIPAA BAA
- In process
- Deployment
- Self-host + BYOK
- Your data
- Never trained on
- Availability
- Private beta
SOC 2 Type II and a HIPAA BAA are in process — Cytra does not claim either has been granted. Production infrastructure (isolated execution nodes, WORM object storage, the Konnect data plane) is provisioned as early-access tenants onboard.
Next step put a control plane in front of your agents
Govern every agent action, and keep the record.
Tell us about your agents and the systems they reach, and we'll scope private-beta access for your team.