BAA coverage with every AI provider handling PHI
Audit logging of prompts and responses
Secure storage for AI logs
Log export to long-term retention for audits and investigations
Key management across teams and environments
Model access controls to govern which systems can call which models
PHI and PII de-identification to limit exposure in LLM calls and logs without affecting response quality
Request inspection and traceability for compliance reviews
Budget and usage controls that stop requests when limits are reached
Capacity and availability management for production workloads
A BAA from OpenAI or Anthropic covers the provider’s liability. It doesn’t give you audit logging, de-identification, or access controls. Those are still your problem.
Compliance at the gateway, not in application code
BAA coverage, audit logging of every request and response, encrypted storage, and no model training on PHI are enforced on every LLM call. The compliance layer lives at the gateway, not in custom application code.
Key management and model governance
Organize usage with scopes for applications, teams, and environments. Restrict which models each scope can access and attribute every request for audit and cost visibility.
PHI de-identification (coming soon)
Reduce scope of PHI exposure by de-identifying sensitive data in requests and logs and restoring it only when needed. PHI is protected without breaking application logic or relying on manual safeguards.
Observability and verification
Inspect actual requests and responses, verify de-identification, and retain logs for compliance and incident review. Controls are visible and provable, not theoretical.
Cost and usage controls
Set budget limits per scope and set alerts or hard stops when thresholds are reached. Usage can be monitored in real time so teams can manage AI spending intentionally.
Production-grade reliability without managing AI infrastructure
Protocol translation, capacity management, and high availability are handled within the gateway. AI traffic runs on production-grade infrastructure designed for reliability and scale.
View docs
Managed AI fits into existing systems and workflows
Change models any time, no compliance review needed
Controls apply wherever AI is used, including internal dev work
All requests are logged, secured and auditable
Every tool call your team and agents make, logged, and controlled
AI Gateway governs what models see. MCP Gateway governs what tools your team and agents can call and logs every action they take. If your team is using Claude or ChatGPT with MCP servers, every tool call is controlled at the infrastructure layer.
Learn more about the mcp gateway
date range
last 7 days
server
All
tool
All
user
All
Occurred at
Jan 17, 2026
13:11:43 UTC
Jan 17, 2026
13:09:13 UTC
Jan 17, 2026
13:07:49 UTC
Jan 17, 2026
13:05:22 UTC
user
qualification-agent
Robot
Sally G.
sally.green@acme.com
Jane D.
jane.doe@acme.com
qualification-agent
Robot
server
notion
github
github
notion
Tool
notion_notion-update-view
create_pull_request
create_branch
notion_notion-update-view
args
2 args
1 arg
1 arg
2 arg
user agent
claude-code/2.1.141
claude-code/2.1.141
claude-code/2.1.141
claude-code/2.1.141
Developer workflows are part of the risk surface
AI risk doesn't start and end with production features. Engineers use AI in debugging, data exploration, and internal workflows every day. When they connect Claude to internal tools through MCP servers, those connections are part of the same risk surface.
Without an approved path, it becomes difficult to explain and defend how AI is used across the organization when customers ask about PHI handling, data retention, or model training. AI Gateway governs LLM usage wherever it happens. For teams connecting Claude to tools through MCP, Aptible MCP Gateway extends the same controls to tool calls.
Change models without affecting risk
Choosing a model should be a product decision, not a compliance event.
With Aptible AI Gateway, adopting a new model doesn’t require redesigning controls or reopening compliance reviews. Model changes stay within the same managed control layer, so logging, encryption, and guardrails remain consistent as providers, tools, and usage evolve.
Built to evolve as AI workflows change
AI Gateway is designed as a control layer, not a point solution. For teams also using Claude with MCP servers, Aptible MCP Gateway extends governance to tool calls: access control, audit logging, and credential management for every tool an agent or team member can reach.
No compliance events
Switching models or adopting new providers doesn't reopen reviews or require new contracts
Consistent Layer
Same controls across all models and workflows
Extends to tool calls
MCP Gateway applies the same controls to every tool your team and agents can reach
View the Changelog
Ship AI features that use real patient data
Build LLM-powered workflows such as summarization, extraction, and care coordination that rely on full patient context. AI Gateway provides logging, de-identification, and compliance controls that allow teams to introduce AI features into regulated applications.
Separate production from experimentation
Create scopes for production, development, and internal workflows with different model access rules and budget limits. Teams can explore new models and ideas while keeping production environments stable and governed.
Provide clear evidence during audits and security reviews
Inspect prompts and responses, retain logs for compliance requirements, and demonstrate how PHI was handled across models and environments. AI Gateway gives teams the visibility needed to answer security and diligence questions confidently.
Control cost and operational risk
Set budget limits per scope, and receive alerts or stop requests entirely when thresholds are reached. Unlike cloud billing alerts, this cuts off usage before you exceed it. AI spending becomes predictable and governable, not just visible.