Aegis by OneCompliant

The governed doorway
for enterprise AI

One sanctioned place for employees to use AI — where every prompt, document, and model response passes through enforced, audited security controls. The runtime layer that turns governance from a report into a control.

See It In Three Minutes

From "how do you control AI?" to evidence on demand

The executive briefing as a three-minute film — why ungoverned AI is a risk, how Aegis masks, routes, and records every interaction, and what your auditors get out of it.

Secure Enterprise AI Adoption

Governed, Controlled, and Operational

OneCompliant helps organizations adopt AI securely, responsibly, and at operational scale.

AI is already inside the enterprise. Employees are using public AI services, business units are integrating AI into workflows, and development teams are deploying AI-enabled solutions faster than governance models can adapt. Traditional security controls were not designed for AI-driven data movement, autonomous workflows, or dynamic model ecosystems.

OneCompliant was created to solve this gap.

We develop practical AI security and governance capabilities for regulated and enterprise environments — transforming AI governance from policy documents into operational controls.

The OneCompliant Platform

  • OASF — OneCompliant AI Security Framework. Structured governance and control domains for secure AI adoption.
  • OASAT — OneCompliant AI Security Assessment. Risk and maturity assessment aligned to evolving regulatory and operational requirements.
  • OASAP — OneCompliant AI Security Awareness Program. Enterprise AI security awareness and operational training.
  • Aegis — Runtime AI Governance & Enforcement. A governed enterprise AI gateway where prompts, models, workflows, and data interactions are inspected, controlled, audited, and policy-enforced in real time.

Aegis extends governance into operational reality. Instead of relying solely on policy statements or blocking access outright, organizations gain controlled enterprise AI access, policy-driven model routing, prompt and data inspection, runtime governance, audit visibility, and secure AI enablement across the enterprise.

Building the Governance and Runtime Control Layer

OneCompliant is an AI innovation company focused on secure and governed enterprise AI adoption. As AI rapidly evolves, organizations face a growing gap between AI capability and operational governance. Enterprises cannot stop AI adoption — but they urgently need secure, compliant, and scalable ways to control how AI is used across their environments.

OneCompliant develops the governance, security, and runtime enforcement capabilities required for enterprise AI operations. Our product ecosystem combines governance frameworks, operational assessments, enterprise awareness, and runtime enforcement technology into a unified AI governance platform.

Strategic Direction

OneCompliant is positioned at the intersection of AI governance, cybersecurity, enterprise compliance, and operational AI infrastructure.

AI adoption will continue accelerating, while governance and operational security requirements become increasingly complex. The future enterprise AI market will require governed AI access, intelligent model orchestration, runtime policy enforcement, and auditable AI operations.

OneCompliant is developing the operational security and governance layer designed to support that future — building scalable AI governance and runtime security capabilities as enterprise AI ecosystems continue to evolve.

OneCompliant is built on real operational experience across telecom, pharmaceuticals, aviation, critical infrastructure, and global enterprise cybersecurity operations.

How Aegis Completes OneCompliant

Assessment finds risk. Framework defines control.
Aegis enforces it — in real time.

Aegis is not a new direction. It is the missing runtime arm of a platform that already assesses risk, defines controls, and reports to the board. Today that platform can tell an enterprise what is wrong. Aegis lets it enforce what is right — and feeds real usage data back into governance.

Stage What OneCompliant already does What Aegis adds
Assess (OASAT) Fixed-price assessment scores AI risk against EU AI Act, NIST AI RMF and OASF. Findings become actionable: the assessment maps directly to runtime controls that remediate them.
Frame (OASF) Domain-based framework defines policy, control domains and authorisation boundaries. Becomes the policy engine: OASF controls drive what Aegis allows, redacts, or blocks at runtime.
Enforce (Aegis) Runtime oversight monitors AI decisions and data flows in production. Turns monitoring into enforcement: every prompt and response passes through the control point.
Report & feed back Executive risk reporting and audit-ready documentation. Aegis generates the live evidence — who, what data class, which model, what was redacted.

"Assess, define, enforce, prove — one closed loop. The assessment tells you where the risk is. The framework defines the rules. Aegis enforces them at runtime. And every enforcement decision becomes evidence that feeds back into governance — so the picture your board sees is grounded in what actually happened, not in policy documents."

Three Faces, One Product

Aegis works for everyone — differently

Aegis is one product with three faces. To the employee it is simply a better, faster place to use AI. To the security leader it is a control that measurably lowers AI risk. To the executive it is proof that AI governance actually operates — not just on paper.

To the employee

A better place to work with AI. A fast, browser-based AI workspace that is genuinely better than pasting company data into a consumer tool. They ask for an outcome — Aegis quietly selects a strong, approved model. The safe path is the easy path.

To the security leader

Risk that finally goes down. Every interaction is identity-bound, classified, and logged. Sensitive data is inspected and redacted before it leaves the boundary. Every decision is reconstructable for the board and the regulator.

To the executive

A governed AI capability the board can stand behind. Every interaction is policy-checked and recorded, so when an auditor, key customer, or regulator asks how AI is controlled, the answer is evidence on demand — not opinions.

What We Build First

Five capabilities. Each visible in a demo.
Each indispensable to the buyer.

1

Single governed entry point

Browser chat + API. The product only works if it is the easy default. Everything hangs off this.

2

Identity-bound access

SSO + MFA, role-aware. Ties every interaction to a real person and role. Table stakes for a regulated buyer.

3

Inspection & redaction before send

DLP driven by OASF. The core promise: secrets, PII, source code, regulated data never silently leave.

4

Intelligent model selection

40–45 LLMs in the catalogue. Best model auto-picked per task. Confidential work forced to approved routes.

5

Full audit trail

Every decision reconstructable. The evidence the CISO shows the board and the regulator. The proof the control is real.

"The employee thinks: that was easier than ChatGPT. The CISO thinks: I can finally see and control this. If both are true in one demo, OneCompliant has a product, not a pitch."

Intelligent Model Selection

The employee asks for an outcome.
Aegis chooses the model.

Aegis maintains a catalogue of approved models and, for every request, applies the governance policy and routes to the best endpoint. The safe choice becomes automatic — so no one pastes confidential data into a consumer tool just to "get it done."

40–45

approved models in the catalogue

Spanning the major providers — OpenAI, Anthropic, Google, Microsoft Azure — alongside private and on-premise endpoints. Each registered, classified, and governed; the full catalogue is shared during a briefing.

First — the non-negotiable gate

Data sensitivity & compliance. Confidential or regulated data is forced to approved, private, or EU-hosted models; public models are blocked for those classes — before any other consideration.

Then, among the models that clear the gate, Aegis optimises for what the task actually needs:

Cost

The most economical model that still meets the quality bar — no frontier-model pricing for routine work.

Carbon / CO₂

Route toward lower-carbon models and regions — and, because every call is logged, report the carbon footprint of AI usage for ESG and CSRD.

Speed / latency

The fastest endpoint for interactive, low-latency work where responsiveness matters most.

Quality / capability

The strongest model for complex tasks where accuracy is worth the extra cost or time.

Sensitivity-based routing and model selection are live in the prototype. Cost, carbon, and latency optimisation — and carbon reporting — are on the roadmap.

See it in the live demo
Deployment & Data Residency

Built EU-first. Deployed where your data must live.

EU-hosted by default

Aegis is designed EU-first — hosted in the EU, with audit data remaining in the jurisdiction you choose.

Private & on-premise options

Private-cloud and on-premise deployment paths for regulated environments where shared SaaS is not an option.

Your identity stack

Access is identity-bound through your enterprise SSO — every AI interaction attributable to a person and a role.

Integration paths

Gateway and API integration alongside your existing security stack — SIEM export and DLP alignment are part of scoping.

Deployment architecture is agreed during scoping — request a briefing for the deployment and data-residency options relevant to your environment.

Live Demo

See Aegis in action

The interactive prototype shows the two screens that matter: the employee AI gateway and the security audit view. Launch it to watch Aegis inspect, redact, route, and log a real interaction — then switch to the Security & Audit tab to see the closed loop.

Launch the interactive demo

Opens the full Aegis governance demo — real inspection, real AI, real audit trail.

Launch demo
Product Maturity & Roadmap

Governance first. Runtime security next.
A deliberate sequence, honestly staged.

We will not pretend Aegis is already a runtime AI security platform on day one. It is not, and that is by design. You cannot secure at runtime what you have not first governed. Aegis is delivered today as governance and control; runtime AI security is deliberately sequenced behind it — built on the assessment, framework, and enforcement layer that already runs in production enterprises.

Legend: Live Early Access On Roadmap Vision
1
Live — Delivered

OneCompliant Services

OASF, OASAT, OASAP — AI governance, AI risk assessments, and AI security reviews. In delivery today, with engagements at Merck KGaA, Orange Slovensko, Heidelberg Materials, and Avia Solutions Group.

AI governance Risk assessments Security reviews
2
Prototype — Early Access

Aegis Governance

The governed AI gateway: policy enforcement, prompt inspection, PII detection and redaction, model routing, audit trails, AI inventory, and AI approval workflows. Achievable now and in early access today.

Policy enforcement Inspection & redaction Audit trails
3
Planned — On Roadmap

Aegis Security

The SaaS platform layer: prompt injection detection, model abuse detection, jailbreak monitoring, AI SIEM integration, and AI SOC telemetry. Planned and on the roadmap — built on the governance foundation below it.

Injection detection Jailbreak monitoring SIEM / SOC telemetry
4
Future — Vision

Aegis Runtime Defense

The specialist runtime layer: data poisoning detection, model drift monitoring, AI supply-chain integrity, and adversarial attack detection — model inversion and evasion. Our long-term vision, sequenced last and deliberately.

Poisoning detection Model drift Adversarial defense

"Governance is delivered today. Runtime AI security is deliberately sequenced, not yet mature — and we say so. Credibility does not come from claiming to already be Palo Alto, Wiz, or CrowdStrike for AI. It comes from being precise about what runs in production now versus what we are building next."

Market Position

Where Aegis sits vs. the alternatives

vs. Consumer AI tools

What we replace for work use — great UX, zero control. Aegis keeps the UX and adds the control.

vs. LLM gateways / developer routers

Route by model name for engineers. They do not solve shadow AI for employees or speak the CISO's language.

vs. DLP / CASB incumbents

Can block AI sites — but blunt blocking drives shadow AI underground. Aegis is the sanctioned alternative, not just a wall.

vs. Enterprise suite built-in AI

Locked to one ecosystem and one model family. Aegis is the neutral, governed broker across all of them — backed by an independent framework.

"The real competitor is not a company — it is the status quo of 'ban it and hope.' Our entire pitch is: banning does not work. Here is the controlled alternative that does."

How Enterprises Start

Begin with a Proof of Value,
not a full deployment.

Enterprise security platforms are never adopted in one step — they are proven first. Aegis enters the same way: a focused 30- or 60-day Proof of Value inside a single business unit, scoped to your real use cases and your real data classes. You see governed AI access, inspection, redaction, routing, and a live audit trail working against your environment — before any organisation-wide commitment.

1

Scope — Week 0

One business unit, a defined set of use cases, and the data classes that matter most. We align the pilot to findings your OASAT assessment already surfaced.

2

Run — 30 / 60 days

Aegis governs live AI usage for the pilot group: prompts inspected, sensitive data redacted, models routed to approved paths, every interaction logged.

3

Prove — Readout

A board-ready readout: what was governed, what was redacted, which models were used, and the audit evidence — the proof the control is real, then a path to scale.

"OneCompliant is already inside these enterprises — in the committees, with the decision-makers, against real use cases. A Proof of Value is not a cold pilot. It is the next, low-risk step from a governance relationship that already exists."

Ready to govern your AI at runtime?

Aegis is currently in prototype and early access. If you are a CISO, CIO, or enterprise security leader evaluating AI governance infrastructure, we would welcome a direct briefing.