Skip to main content
Four Pillars · One Correlation ID · End-to-End Traceability

The AI Security Layer
Your Apps Need

API Security · MCP Security · AI Gateway · Verification Engine — unified by a single correlation ID propagated end-to-end.

Most stacks bolt four separate vendors together and lose the thread between them. G8KEPR is one platform with one correlation ID — a threat detected at the MCP layer traces back to the originating user request and forward to the API response. That is architecturally impossible without shared infrastructure.

5-Tier Detection
OS-Level MCP Sandbox
Auto Prompt Caching
4-Layer Verification
Hash-Chain Audit
Start Free TrialExplore Features
4
Pillars
1 correlation ID
1,524
Threat patterns
15 categories
15+
LLM providers
incl. BYOI custom
5-tier
Detection pipeline
regex → behavioral
4-layer
Output verification
integrity → constraint
11
Compliance frameworks
auto evidence
2,952
API endpoints
v1 / v2 / v3
21-layer
Middleware pipeline
on every request

4 Products. 1 Platform.

Everything you need to secure APIs and AI applications

API Security

5-tier detection · 1,524 patterns · OWASP 10/10/10

A 5-tier ML detection pipeline (regex → embeddings → NLI → LLM → behavioral) with 100% precision on the CI-gated test corpus. Catches what signature-based WAFs miss.

1,524 threat patterns across 15 categories
Shadow API auto-block · TLS / JA3 fingerprinting
7 evasion vectors handled (base64, NFKC, fragmentation)
Explore API Security

MCP Security

7-step pipeline · OS-level sandbox · rug-pull detect

The only MCP security platform with OS-level sandboxing (RLIMIT_*, capability dropping) and SHA-256 rug-pull detection on every tool definition. Neither is mandated by the MCP spec.

7-step security pipeline per tools/call
IndirectInjectionScanner · MCP quotas · MFA gating
Session replay · cross-session correlation analyzer
Explore MCP Security

AI Gateway

15+ providers · auto prompt caching · adaptive breaker

One API across 15+ providers (incl. BYOI custom). Auto-injects Anthropic prompt caching for 88% savings at 10 calls. Adaptive Z-score circuit breaker beats Hystrix-style static thresholds. BYOK with AES-256-GCM.

5 routing strategies · 7 guardrail policies
EU AI Act risk-class header on every completion
Hard 16,384 token cap · SSRF-protected transport
Explore AI Gateway

Verification Engine

4 layers · BLOCK-capable · SUGGEST action

Most AI guardrails detect-and-alert after bad output ships. G8KEPR is BLOCK-capable at middleware position 14 — four independent layers, six explicit failure modes, and a SUGGEST action that returns a compliant alternative instead of just an error.

Conversation Integrity · Source Grounding · Tool · Constraint
Two-pass schema enforcement (inject + validate)
Citation grounding · hash-chain drift detection
Explore Verification Engine
MarketplaceComing Soon

Plugin marketplace for extending G8KEPR with community-contributed integrations — not yet shipped. The four pillars above are live today.

Architecturally Impossible Without A Unified Platform

One Correlation ID. All Four Pillars.

A single AI-assisted request traverses every pillar in sequence, sharing one correlation ID end-to-end. A threat detected at the MCP layer traces back to the originating user request and forward to the API response.

API Security
WAF · rate limit · 1,524 patterns
AI Gateway
15+ providers · cache · guardrails
MCP Interceptor
7-step · sandbox · rug-pull
Verification
4 layers · grounding · BLOCK
Audit Chain
SHA-256 hash · 3 verify levels
Single Correlation ID Propagated End-to-End
User Request LLM Provider Selected tools/call Intercepted
Sandbox Executed Output Verified (4 layers) Hash-Chain Entry Written
correlation_id ="a3f2-bee4-...-9c01" (shared across all rows above)
One query answers:
"Show me everything that happened as a result of request X — across all four pillars, in order."
Four-vendor stacks can't do this:
Each vendor has its own ID space. Stitching across them after-the-fact is forensic guesswork, not a single query.
Five Things No Competing Product Does

Novel Technical Capabilities

Five capabilities that exist in the platform — not in any competing API gateway, AI guardrail, or LLM proxy. Each ships in production today.

OS-Level MCP Sandbox

RLIMIT_CPU/AS/NOFILE/NPROC, setsid() process-group isolation, Linux capability dropping, two-stage SIGTERM→SIGKILL. The MCP spec mandates none of this.

934 LOCmodules/mcp/sandbox/executor.py

Tool Definition Hash Registry

Rug-pull detection. Tool definitions hashed at tools/list time, re-verified on every tools/call. Mid-session mutation blocked with a CRITICAL event.

SHA-256modules/mcp/tool_registry.py

Adaptive Z-Score Breaker

Statistical baselines per provider per hour-of-day, not static thresholds. Progressive recovery 10/25/50/100%. More resilient than Hystrix or Resilience4j.

3σ · 4 windowsgateway/router.py

Cross-Pillar Correlation

Every event across API → Gateway → MCP → Verification shares one correlation ID. End-to-end forensics from a single query — impossible with separate vendor stacks.

one ID · 4 pillarsshared correlation_id

Hash-Chain Audit System

SHA-256 chain where each entry signs the previous. Three verification levels (full, single, last-N). Tamper-evident evidence for SOC 2 CC7.2, HIPAA §164.312(b), FedRAMP AU-9.

7 modules · 3,866 LOCgenesis SHA-256 block

G8KEPR vs Traditional Gateways

We complement Kong, Apigee, and AWS — we don't replace them

FeatureG8KEPRKong / ApigeeAWS WAF
OWASP Top 10 (Web · API · LLM) — 10/10/10
5-tier ML detection (regex → embeddings → NLI → LLM → behavioral)
MCP rug-pull detection (SHA-256 tool-definition registry)
OS-level sandbox for MCP tool execution
Multi-LLM routing across 15+ providers
Automatic Anthropic prompt caching (88% at 10 calls)
Adaptive Z-score circuit breaker (vs static thresholds)
4-layer output verification with SUGGEST action
Cross-pillar correlation ID (one ID, end-to-end)
EU AI Act risk-class header on every completion
Hash-chain audit (tamper-evident, SOC 2 / FedRAMP-aligned)
Works alongside existing gateways (no replacement needed)

G8KEPR is designed to work alongside your existing infrastructure.
Use Kong for routing, G8KEPR for AI-specific security.

Platform FAQs

Common questions about the G8KEPR platform

Traditional gateways focus on routing, rate limiting, and basic auth. G8KEPR is purpose-built for the AI era: a 5-tier ML detection pipeline (1,524 patterns across 15 categories including LLM- and MCP-specific threats), MCP security with OS-level sandboxing and SHA-256 rug-pull detection, multi-LLM routing across 15+ providers with auto Anthropic prompt caching, and 4-layer output verification with a BLOCK-capable SUGGEST action. G8KEPR runs alongside Kong / Apigee / AWS — they handle routing, G8KEPR handles AI-specific threats and output verification.

Need help choosing the right features?

Talk to our solutions team →
Hash-Chain Audit · 2,000+ Mapped Controls · 14 Frameworks

Auditors Get Exports, Not Spreadsheets

Every pillar writes per-request evidence into a SHA-256 hash chain. Mappings to 14 compliance frameworks are pre-built. Subject to independent audit and attestation — G8KEPR provides the technical controls and evidence; your auditor issues the certification.

1,000+
NIST 800-53 Rev5
300+
PCI DSS v4
197
CSA CCM v4
153
CIS Controls v8
110+
CMMC 2.0
106
NIST CSF 2.0
93
ISO 27001:2022
84
FedRAMP
72
NIST AI RMF
64
SOC 2
48
HIPAA
27
ISO 42001
23
EU AI Act
22
MITRE ATLAS
4 Products in 1 Platform

Start Securing Your APIs
And AI Agents Today

Four pillars, one correlation ID, hash-chain audit, and 2,000+ mapped controls across 14 compliance frameworks — without changing a line of your application code.

API + MCP security
15+ LLM providers
4-layer verification
Cross-pillar correlation ID
Start Free TrialView Pricing

No credit card required • 30-day free trial • Cancel anytime