New: Obichat is live — a governed AI chat workspace for every employee, built on the same policy engine.
v 2.4 · GANIST AI RMF · ISO/IEC 42001 · OWASP LLM Top 10

AI risk governance,
built for the way your
organization actually ships AI.

Obiguard Governance AI inspects every prompt, response, and tool-call across your stack — enforces policy, blocks exfiltration, and gives security & legal a single ledger of evidence.

Read the architecture ↗
Enforced at the gateway layer, before the model sees the prompt
LLM providers
40+ supported
Guardrail detectors
13+ shipped
Frameworks mapped
3continuous
Retraining required
0always
Obiguard is a MDEC-recognised company in Malaysia — awarded MSC Malaysia status by the Malaysia Digital Economy Corporation.
Trusted by &
backed by
Rylotrace
Glocai
Antler
MDEC
Cradle
02 / The Specimen

A live view from
a customer's production project.

Three violations fired in the past minute. One blocked by a Policy Set. Two routed to the Review Queue. All written to the Audit Log — searchable, exportable, and evidence-ready.
streaming · 12,402 ev/hr

Violations

last 60 minutes · 14 violations · 3 blocked · 5 flagged for review
Live
History
Export
Requests
12,402
+4.1%
Threats blocked
38
High: 6
Avg latency
18ms
p50
Active policy sets
47
3 drafts
Time
Event
Policy
Severity
Action
14:02:09
SSN in completion → support-agent · gpt-4.1
PII / US-SSN
HIGH
REDACT
14:01:58
Tool out-of-scope · db.query → payroll
Tool / Scope
HIGH
BLOCK
14:01:54
Prompt injection · act-as-developer-mode
Injection
HIGH
BLOCK
14:01:42
Off-allow-list model · llama-3.1-405b
Model / AL
MED
REVIEW
14:00:48
Customer record leak → rag-search
DLP / Customer
MED
REDACT
13:59:50
Toxicity 0.81 in agent reply
Content / Tox
LOW
LOGGED
03 / Capabilities

Six capabilities. One platform.
Every AI agent your org runs.

Obiguard wraps every AI agent your organisation operates — monitoring usage, enforcing policies, routing violations for human review, and maintaining the audit trail your compliance team needs.
01 — MONITOR

Dashboard & violations

A live project dashboard shows token usage, cost, request volume, errors, threats blocked, and average latency. The Violations view surfaces every policy breach — filtered, searchable, and exportable.

Real-time · threats blocked · p50 latency
02 — REVIEW

Human-in-the-loop review queue

Violations flagged for human judgment land in the Review Queue. Assign, annotate, and resolve — with a full audit trail from the original event to the decision.

Review Queue · assign & resolve
03 — ENFORCE

Policy Sets

Group enforcement rules into Policy Sets and assign them to AI Agents. Each set defines criteria, action (block / flag / allow), and whether violations route to the Review Queue.

Policy Sets · per-agent enforcement
04 — REGISTER

AI Use Cases & Agents

Maintain a living registry of every AI Use Case and Agent in your organisation. Link each agent to its policy set — so governance follows the workload, not the calendar.

Use Cases · agents & prompts
05 — LOG

Audit Log

Every prompt, response, tool-call, and policy decision is written to an Audit Log. Export it to CSV for your GRC stack, or hand the auditor a timestamped record.

Audit Log · CSV export
06 — GOVERN

Controls & Criteria

Define organisation-wide Controls and the Criteria that trigger them. Map each control to NIST AI RMF, ISO/IEC 42001, or OWASP LLM Top 10 — and stop rebuilding the mapping every audit cycle.

3 frameworks · continuous mapping
For Security

Make every AI agent a governed workload.

  • Violations dashboard with real-time threats blocked
  • Policy Sets block or flag unsafe agent behaviour
  • Audit Log exports to CSV for your SIEM or GRC pipeline
→ For CISOs & security platform teams
For Risk & Legal

Continuous evidence, not quarterly screenshots.

  • Controls mapped to NIST AI RMF, ISO 42001, OWASP LLM Top 10
  • Audit Log — every decision timestamped
  • Export as evidence for internal AUP audits and self-assessment
→ For Risk, Legal & Compliance
For AI Teams

Register, govern, and iterate on your AI agents.

  • AI Use Case & Agent registry — one source of truth
  • Policy Sets assign enforcement rules per agent
  • Review Queue routes edge cases to human judgment
→ For AI product & platform teams
04 / How it works

Live in 14 days.
Coverage from day one.

No model retraining. No migration. Obiguard slots in front of your existing AI gateway or speaks AWS/Azure/GCP-native APIs.
STEP 01 · CONNECT

30 minutes

Create a project, generate an Access Key, and route your AI agents through Obiguard. Works with OpenAI, Anthropic, Bedrock, Vertex, Azure OpenAI, and any OpenAI-compatible endpoint.

# route via Obiguard
$ export OPENAI_BASE_URL=\
  https://gw.obiguard.com/v1
→ project connected
STEP 02 · REGISTER

Day one

Add your AI Use Cases and register each AI Agent in the platform. Link agents to the business function they serve — so every governance decision has full context.

AI Use Cases registered
3 agents linked
1 project · t77
→ registry complete
STEP 03 · ENFORCE

When you're ready

Build a Policy Set — define your Criteria, set the action (block or flag), and assign the set to your agents. Violations surface immediately in the dashboard.

policy_set: no-pii-in-responses
action: block
agent: support-agent
review_queue: true
STEP 04 · REPORT

Continuously

Violations are logged to the Audit Log and routed to the Review Queue for human sign-off. Export a CSV of the evidence or hand the auditor a timestamped record.

audit log → logged events
violations → review queue
export → csv · on demand
nist-ai-rmf — mapped
05 / What ships today

The platform, not the pitch deck.

13+
Guardrail detectors

PII, jailbreak, toxicity, profanity, and ban-list detection, running at the gateway layer today.

40+
LLM providers supported

OpenAI, Anthropic, Bedrock, Azure OpenAI, Vertex AI, and more — one gateway in front of all of them.

3
Frameworks mapped

NIST AI RMF, ISO/IEC 42001, and OWASP LLM Top 10 — mapped continuously as a self-assessment aid.

0
Retraining required

Runs at the gateway layer. We don't touch your weights, your data, or your training pipeline.

06 / FAQ

Common
questions.

Don't see what you're looking for? Our solutions engineers respond within one business day.

Talk to an SE →
Does Obiguard see our customers' data?[01]
In SaaS mode, content is processed in-memory to make a policy decision — only the decision and metadata are persisted to the Audit Log. Private and on-prem deployment options are available for enterprise customers; talk to a solutions engineer about your requirements.
Does this add latency to model calls?[02]
Inspection runs on the request path, so it adds some latency — how much depends on which detectors are enabled for your policy. We're happy to benchmark your specific configuration during a pilot.
How is Obiguard different from a model gateway?[03]
Gateways route traffic. Obiguard governs it. We sit in front of your gateway or SDK and add the policy enforcement, violation tracking, review workflow, and audit trail that routing tools leave out of scope.
Which compliance frameworks do you support?[04]
Controls and Criteria can be mapped to NIST AI RMF, ISO/IEC 42001, and the OWASP LLM Top 10 today, as a self-assessment aid — plus your internal AUP. Additional framework mapping is on our roadmap; tell us which one you need.
How do Policy Sets and Criteria work together?[05]
Criteria define what triggers a policy event — a detector match, a keyword, a model call outside scope. Policy Sets group Criteria and assign them to AI Agents, with an action (block or flag) and an optional route to the Review Queue.
What is the Review Queue?[06]
Violations that need human judgment — edge cases, high-risk content, new agent behaviour — are routed to the Review Queue. Reviewers can annotate, approve, or escalate, and every decision is written to the Audit Log.
07 / Get started

Bring the same rigor you apply
to data and identity — to the AI
in your stack.

A 20-minute call with a solutions engineer is enough to scope your pilot. Most customers are enforcing policy in production within two weeks.

Read the architecture