Skip to content
Back to pricing
Enterprise

AI Gateway for teams at scale

The same open-source engine, with the governance, security, and support enterprises need to run AI in production. Tell us about your team and we'll put together a plan.

SSO, SCIM & RBAC

SAML single sign-on, automated provisioning, and role-based access across every workspace.

Governance & guardrails

Budgets, quotas, per-tenant policy, and audit logs for every model request.

Managed or self-hosted

Run the managed FerroCloud control plane, or deploy in your own VPC / on-prem.

SLA-backed support

A dedicated Slack channel, onboarding, and solution architecture from our team.

Security & compliance

Security reviews, data-residency controls, and SOC 2 / compliance support.

Built for scale

The same 14K RPS engine, hardened for multi-team production deployments.

Get in touch

We typically respond within one business day.

We'll only use your details to respond to this request. No spam, ever.

Deployment

Run it where your security model lives

Managed, in your VPC, or fully air-gapped — the same gateway in every topology.

fastest start

FerroCloud managed

Ferro Labs operates the gateway fleet, control plane, and upgrades — point your SDK at one endpoint.

control plane
ferro-operated
key custody
ferro-managed vault
network egress
ferro vpc → providers
data stays in your cloud

Your VPC

The data plane runs inside your cloud account with customer-held keys; the only traffic that leaves is the provider egress you allow.

control plane
ferro-operated
key custody
customer-held
network egress
providers only
full control

Self-hosted / air-gapped

Run the gateway binary on your own infrastructure against local models — no external connectivity required.

control plane
self-managed
key custody
customer-held
network egress
none required

Security architecture

Control plane and data plane, separated

The data plane serves requests; the control plane governs them — they meet only at policy sync and audit emit.

Security architecture

DATA PLANE — YOUR TRAFFICCONTROL PLANE — CONFIG & AUDITtrust boundaryclienttls 1.3 termauthn ed25519 jwtpolicy + guardrailspii redactionprovider egressadmin apirbac · 9 scopesconfig versioningaudit log → siem
  • AES-256-GCM at rest
  • Ed25519 JWT
  • SSO · OIDC + SAML
  • no training on your data

Governance

Policy on every request — with receipts

Every policy decision traced, every dollar attributed — budgets, caps, and audit events included.

Policy evaluation · single request

demo data
POST /v1/chat/completions · claude-sonnet-4-6trace 8f42c1d9
stage
ms
verdict
  • auth.api_key0.08mspass
  • tenant.rate_limit0.11mspass
  • budget.check0.19mspass
  • guardrails.word_filter0.21mspass
  • guardrails.pii_scan0.42mspass
  • cache.semantic_lookup1.1msmiss
  • route.select0.31msselected
  • provider.invoke838ms200
gateway added latency: 2.42ms · 0.3% of totalwall time 840.42ms

Cost governance

demo dataMTD
MTD spend
$8,412 of $13,000
+12.4% vs last month
Spend by model
  • claude-sonnet-4-6
    $3,861
  • gpt-4.1
    $2,204
  • gemini-2.5-pro
    $1,310
  • claude-opus-4-8
    $780
  • others
    $257
Budget events

team:research exceeded 80% of monthly budget · 2h ago

warning

budget cap raised by admin@ · 3d ago

resolved

Trust & compliance

Built for security review

The controls and documentation your security team will ask about, ready before they ask.

Single sign-on

  • OIDC + SAML
  • RBAC — 9 scopes / 4 roles

Audit & export

  • structured audit logging
  • SIEM export

Encryption

  • TLS 1.3 transit · AES-256-GCM rest
  • Ed25519-signed JWTs

Data handling

  • no training on customer data
  • retention 3 / 30 / 90 days
SOC 2 Type II — targeted H2 2026GDPR DPA — availableSelf-host / air-gapped — availableResponsible disclosure — security@ferrolabs.ai