Control Zero for AI Governance
Govern What Your AI Does.
At Runtime.
Your AI agents call tools, access data, and take actions you never approved. Control Zero intercepts every request, evaluates it against your policies, and enforces the result before execution. Allow, block, warn, or audit. You set the rules. We enforce them.
$ pip install controlzeroNo account required
The problem
AI agents gain new capabilities every week. They invoke tools, query databases, write files, and call external APIs. Existing guardrails are probabilistic. They detect some bad outputs. They miss the actions in between.
The answer
Deterministic policy enforcement. Every action checked against your rules before execution. Allow, block, warn, or audit. You define the boundary. Control Zero enforces it. Every decision logged.
// 000
What do you want to govern?
Pick your starting point. Each path is the complete answer.
Govern Claude Code, Cursor, etc.
Pre-execution policy checks for coding agents. Every tool call evaluated before it runs.
Get started →Govern an AI app I'm building
Wrap your Python, Node, or Go agent with the SDK. Per-tool enforcement and audit in three lines.
Get started →Govern an existing app, no code changes
Point the API base URL at the gateway. Zero code changes. Works with every major LLM provider.
Get started →Block PII in chat UIs (claude.ai, ChatGPT, Gemini)
DLP overlay scans pastes before they reach the provider. Deploy across your fleet via MDM.
Get started →Discover where AI is used in my org
Scout finds ungoverned AI tools across SaaS catalogs and billing exports. Discovery-only observability.
Get started →Run fully offline (air-gap)
Deploy the full platform in your own infrastructure. Policies evaluate locally. No external calls.
Get started →// 001
The Shift
AI Agents Are Autonomous.
Your Governance Should Be Too.
Every week, AI agents gain new capabilities: writing code, managing infrastructure, accessing production systems. The tools they use (MCP, function calling, tool use) create new trust boundaries that traditional security cannot see.
Your LLM provider gives you model access controls. Your cloud provider gives you IAM. Neither governs what happens between the model and the tool call. That gap is where data leaks, unauthorized actions, and compliance violations live.
Control Zero fills that gap. A compiled policy engine that runs in your process. A transparent gateway proxy that evaluates every request. Open source SDKs for Python, Node.js, and Go with integrations for LangChain, CrewAI, AutoGen, and more. The same governance layer, whether you are a solo developer or a platform team.
11+
Framework integrations
0
Code changes for gateway mode
<1s
Policy sync time
// 002
Three modes. Two integration patterns. One product.
Both patterns ship on every tierPick where governance runs (Hosted our cloud, Hybrid mixed, or Local your infra) and pick how you wire it in (gateway proxy for zero code changes, SDK for fine-grained per-tool control). Every combination ships on the free tier. Local mode works without an account.
Gateway Proxy
HostedHybridLocalZero Code Changes
Point your AI agent at the Control Zero gateway instead of the LLM provider. Change one environment variable. Supports Anthropic, OpenAI, Google, Ollama, DeepSeek, MoonshotAI, and HuggingFace. Transparent proxy with policy enforcement on responses, DLP scanning, model access control, cost caps, and full audit trail.
SDK Integration
HostedHybridLocalFine-grained Control
Wrap your AI calls with the open source SDK for per-tool governance, secret injection, and local policy evaluation. Works without an API key in local-only mode. Available for Python, Node.js, and Go.
Developer API, MCP Server, and SDK
Governance as Code
REST API
Full policy management, audit queries, usage metering, and automation. Every dashboard action available programmatically.
MCP Server
Let Claude manage your Control Zero policies via prompt. Install in any MCP-compatible client (Claude Desktop, Claude Code, Cursor) and your AI assistant becomes a Control Zero admin. Also governs tool calls across every tier. Install via npm: @controlzero/mcp-server.
SDK
Python and Node.js SDKs with 11+ framework integrations: LangChain, LangGraph, CrewAI, AutoGen, OpenAI Agents SDK, Pydantic AI, and more.
Three deployment modes
Actions flow through Control Zero cloud. Dashboard, audit log, and policy sync managed for you. Zero ops.
Policies managed in our cloud. Enforcement runs on your infrastructure. Data stays in your VPC.
Full platform on your infrastructure. No external calls. Same governance, fully offline.
// 002b
Every coding agent. One policy.
Install the SDK once. Policies, audits, approvals, and credential-leak protection flow through the same engine regardless of which agent your engineers use.
Control Zero
Policy plane
Claude Code
Cursor
Windsurf
GitHub Copilot
Gemini CLI
Codex CLI
Cline
JetBrains AI
Aider
OpenClawAgents covered
10
SDK languages
3
Decision per call
< 1 ms
Logos and trademarks are property of their respective owners. Listed for integration reference only.
// 003
How It Works
01
Install
Install the SDK or point your API base URL at the gateway. One package, one line of config. No infrastructure changes. Works with OpenAI, Anthropic, Google, LangChain, CrewAI, AutoGen, MCP, and more.
02
Define Policies
Set rules from the dashboard, via API, or in a local JSON file. Model allowlists, cost caps, tool restrictions, PII filters. Policies are cryptographically signed and cached locally.
03
Enforce and Audit
Every request evaluated in real time. Allow, block, warn, or shadow. Five enforcement modes. Full audit trail on every decision. Searchable, exportable, compliance-ready.
// 004
Every Surface Covered
AI governance is not a single integration point. Your agents operate across SDKs, APIs, coding tools, and browsers. Control Zero meets them at every boundary.
Coding Agent Hooks
Pre-execution policy checks for Claude Code, Gemini CLI, Codex, and more. Every tool call evaluated before it runs. Works with any CLI agent that supports hooks.
See // 002b for the full network.
Browser Extension
Coming soonDLP scanning for AI chat interfaces in the browser. Detect and block sensitive data before it leaves your organization through web-based AI tools.
Shadow AI Discovery (Scout)
Coming soonFind ungoverned AI usage across your organization. Scout identifies AI tools and endpoints operating outside your governance perimeter.
DLP Scanning
Detect PII, secrets, and sensitive data in AI requests and responses. Custom regex rules, built-in detectors, and multi-locale support including Korean.
Policy Signing and Tamper Detection
Policies are cryptographically signed and verified before evaluation. Tamper attempts trigger configurable responses: fail closed, alert, or quarantine the agent.
Air-Gap and Self-Managed
Deploy the full platform in your own infrastructure. No external dependencies. Same governance capabilities, fully air-gapped. Policies evaluate locally.
Role-Based Access Control
Assign roles to team members with granular permissions. Control who can create policies, view audit logs, manage agents, and configure enforcement modes.
Fleet Management
Coming soonManage governance across dozens or hundreds of AI agents from a single dashboard. Group agents by project, apply policies at the organization or project level.
Alerts and Immutable Audit Trail
Configure alert channels for policy violations. Every governance decision is logged to an immutable audit trail. Searchable, exportable, compliance-ready.
// 005
How We Compare
Different tools solve different problems. Control Zero is the only platform that governs AI across SDKs, proxy, browser extensions, coding agents, and shadow AI discovery in a single product.
| Capability | Control Zero | Nightfall | LayerX | Lakera |
|---|---|---|---|---|
| SDK + proxy governance | Y | - | - | - |
| Coding agent hooks (9+) | Y | - | - | - |
| MCP server governance | Y | - | - | - |
| API-level DLP | Y | Y | - | Y |
| Custom regex rules | Y | Y | - | - |
| Policy tamper detection | Y | - | - | - |
| Self-managed / air-gap | Y | - | - | Partial |
| Shadow AI discovery | Y | - | Y | - |
| Free tier | Y | Partial | - | Y |
| Browser AI chat DLP | Soon | Y | Y | Y |
Self-serve setup. No sales calls. No contracts.
Start free in under 60 seconds. Upgrade when you need more.
Start Governing Your AI Today.
10,000 governed actions per month on the free tier. No credit card required. Works without an account in local-only mode.
Get Started Free