Skip to content
shadowiq
Architecture · three planes · one signed surface

Built like a payment network. Priced like software.

Inline data-path with millisecond SLOs. Isolated control-plane. Evidence plane anchored to an external transparency log you can verify yourself. Deploy SaaS, VPC, or self-hosted — same binary, same bundle, same evidence format.

Request a technical reviewDeveloper references
What this is

Summary

ShadowIQ is a three-plane AI governance platform: an inline data plane (AI Gateway running WASM-compiled policies with sub-75ms p99 latency), a control plane (registry, evaluation engine, policy studio), and an evidence plane (Ed25519-signed decisions, Merkle-tree rollups, anchored to Sigstore/Rekor). It deploys as SaaS, in a customer VPC, or fully self-hosted with FIPS-validated cryptography.

The planes

Every request. Every policy. Every receipt. In one picture.

DATA PLANE · INLINE · STATELESSCONTROL PLANE · STUDIO · REGISTRYEVIDENCE PLANE · SIGNED · ANCHOREDClient SDKProxyMiddlewareAI GatewayWASM policies · p99 74msredact · block · sign · routeOpenAIAnthropicBedrockAzure OpenAIRegistryGitOps · OTel · PromStudioGitOps · OTel · PromEvalsGitOps · OTel · PromPoliciesGitOps · OTel · PromWorkflowsGitOps · OTel · PromAdminGitOps · OTel · Promblk 0x4e12a0ed25519 · merkleblk 0x4e12a1ed25519 · merkleblk 0x4e12a2ed25519 · merkleblk 0x4e12a3ed25519 · merkleblk 0x4e12a4ed25519 · merkleblk 0x4e12a5ed25519 · merkleblk 0x4e12a6ed25519 · merkleblk 0x4e12a7ed25519 · merkle
Data plane

Stateless. Horizontally scaled.

Pre-compiled WASM policies run in parallel; warm tenant pools keep p99 tight under burst traffic. Median 12 ms, p99 under 75 ms across 14 production workloads.

  • WASM compiled policies
  • Parallel evaluation
  • p99 74 ms
  • Streaming-aware
Control plane

GitOps-native. OTel-instrumented.

Registry, policy studio, evaluation engine, and admin — all API-first and Terraform-compatible. Every change is signed on merge.

  • Terraform provider
  • OpenAPI 3.1
  • OTel end-to-end
  • GitHub/GitLab sync
Evidence plane

Append-only. Independently verifiable.

Ed25519 signatures (HSM-backed on Enterprise), hourly Merkle rollups, anchored to Sigstore/Rekor or your chosen transparency log. Auditors verify without our credentials.

  • Ed25519 · FIPS-validated
  • Sigstore / Rekor
  • OSCAL export
  • Zero-trust verifier
Deploy · SLO · Residency · Availability

Facts, not marketing.

Deployment
SaaS · VPC · self-host
Latency
p50 12 ms · p99 74 ms
Residency
US · EU · UK · APAC · on-prem
Availability
99.99% regional · multi-region opt-in
Crypto
Ed25519 · FIPS 140-3 validated
Isolation
Per-tenant keys · per-region anchors
Build provenance
SLSA Level 3 · signed container images
Standards
OCSF · OTel · OSCAL · SCIM · SPIFFE · CloudEvents · FIDO2
Ready to see the signet in motion?

Your 30-minute demo. A signed audit trail by the end of it.

We'll wire ShadowIQ into one live workload, block a prompt injection in real time, and hand you a cryptographic receipt — before the meeting ends.

Schedule a 30-minute walkthroughReview pricing