See every AI call.
Govern every AI call.

AIControls gives you real-time visibility and policy enforcement on every call — before the token is spent.

You're spending on AI. You just don't know on what.

"Which engineer called Opus 47 times yesterday?"

"Which agent is looping at $3K/week?"

"Is last quarter's spend productive work or waste?"

Your provider console won't tell you until next month. And even then, it's just one number with no breakdown.

AIControls for visibility

Every call. Every identity. Every dollar. In real time.

Every AI call across your organization — who made it, which model, which team, what it cost — visible in real time. Not an aggregate total at the end of the month. The whole picture, the moment it happens.

AIControls cost intelligence
AIControls for governance

Set the rules. Enforce them on every call.

Set the rules — which teams can access which models, what the budget limits are, who needs approval for expensive calls. Policies are written as code, stored in Git, and enforced on every call before the token is spent. If a call violates a policy, it's blocked. Everything is logged.

How it works

One governance layer between your teams and their AI providers.

AIControls sits in the path between your engineers and the models they use. Every request is identity-verified — Azure AD, Okta, or Kubernetes service account — so you know exactly who's making every call. Kyverno CEL policies enforce which groups can access which models, what the budget limits are, and how exceptions get approved. Everything is logged: identity, model, cost, policy decision. The rules live in Git, reviewed like any other infrastructure change. Enforcement happens at the boundary — not after the invoice arrives.

<2µs overhead
Zero code changes
Any LLM provider via LiteLLM
Engineers · Agents · AI Tools
AIControls
identity policy attribution audit
OpenAI · Anthropic Any provider via LiteLLM

Why us

AIControls is from Nirmata, the unified governance and policy-as-code company behind Kyverno, the most widely adopted policy engine in the world. 3.2B+ downloads. CNCF graduated. Running in production at the world's largest financial services, healthcare, and industrial enterprises.

Pricing

Every team. Every stage.

$5 per identity per month. 10K requests included.
Developers and agents priced the same.

Get started → Estimate your cost
Plans
Up to 150 identities
Team
$5 / identity / mo
annual commitment

Cost attribution, identity governance, and policy enforcement on every AI call — whether the caller is a developer or an autonomous agent.

Requests included 10K / identity / mo
Additional requests $5 / 10K requests
Month-to-month $5.50 / identity / mo
Get started →
Enterprise
Custom

150+ identities, self-hosted VPC deployment, or both. Everything in Team plus HA, SCIM, extended audit retention, and dedicated support with SLAs.

Identities 150+ (unlimited)
Requests Custom pool included
Billing Annual · quarterly true-up
Talk to us →
3.2B+
Kyverno downloads
CNCF
Graduated project
50%
of Fortune 500

Built on Kyverno, by the team that created it. The same policy-as-code engine that governs cloud-native infrastructure, applied to your AI workloads.

Pricing calculator

Estimate your cost.

What will you pay?

Adjust identities and request volume. Developers and agents count equally from the same pool.

Identities (developers + agents) 25
1 50 100 150
AI usage per identity Moderate · 10K req
Light Moderate Heavy Power user
Annual commitment savings
Team · 25 identities
$125
per month · 12-month commitment
Base (25 × $5.00) $125 / mo
Included requests 250K / mo
Additional requests
Annual commitment
Total / month $125
Annual commitment saves you $150 per year.
Enterprise territory. At 150+ identities, we'll tailor volume pricing, SLAs, and deployment to your environment. Get in touch →
Feature comparison

Everything you get.

Feature Team Enterprise
Identity &Access
Developer session governanceTrack and control every developer's AI session with time-bound tokens
Agent identity governanceAssign identities to autonomous agents and service accounts
OIDC / corporate SSOAuthenticate via your existing identity provider — Google, Azure AD, Okta
Google / Azure AD group resolutionMap corporate groups to policies automatically
Policy &Enforcement
Built-in policiesModel allow/deny lists, rate limits, and PII detection out of the box
Custom policy-as-codeWrite declarative YAML rules enforced deterministically at the proxy
MCP tool enforcementGovern which tools AI agents can access via Model Context Protocol
HITL approval workflowsRequire human approval before high-risk actions execute
Cost Governance
Identity-level cost attributionSee exactly who is spending what, by developer or agent
Per-identity token budgetsSet spending caps per person, team, or agent
Ticket / work item attributionAttribute AI cost to the task, not just the person
Budget alertsGet notified before spend crosses thresholds you set
Audit &Compliance
Audit trailImmutable log of every AI call, policy decision, and session
NIST / EU AI Act exportGenerate compliance reports mapped to NIST and EU AI Act frameworks
SIEM integrationStream events to your existing security tooling Basic
Deployment &Scale
SaaS hostedFully managed — nothing to deploy or maintain Default Available
Self-hosted (K8s / Helm)Run in your own infrastructure with a Helm chart Available Default
SCIM user provisioningAuto-sync identities from your directory
Audit log retentionHow long complete audit records are stored and queryable 30 days 1 year+
Multi-providerWorks with Anthropic, OpenAI, Gemini, LiteLLM, and others
High availabilityRedundant deployment across availability zones for production uptime
SupportHow you reach us when something needs attention Email / Slack Dedicated + SLA
Questions

Frequently asked questions.

See what governance looks like for your AI layer.

Stop guessing. Start governing.

Get started