You own what your agents do.

See every agent. Enforce policy at runtime. Stay audit-ready.
Request a demo See the product
GenTrail agent discovery dashboard
THE PROBLEM

Agents make autonomous decisions.
Nobody can see, control, or prove what they did.

DISCOVERY KNOWN a-1 a-2 SHADOW ? ? ?

Can't see

How many agents are running? Where? Accessing what data? Most enterprises don't know.

RUNTIME AGENT action NOT ENFORCED AUTO-APPROVED LIMIT EXCEEDED

Can't control

Agents bypass approvals, chain unchecked actions, and exceed limits. Policies exist on paper, not in the runtime path.

EVIDENCE evidence incomplete AUDIT REQUEST waiting…

Can't prove

Auditors ask what your agents did. Your team reconstructs answers from logs and memory weeks later.

CA AB-2013 · IN EFFECT
TX TRAIGA · IN EFFECT
IL HB-3773 · IN EFFECT
NYC LL-144 · ENFORCED
China AI Regs · IN FORCE
Korea AI Act · IN EFFECT
Japan AI Act · IN EFFECT
Colorado · JAN 2027
EU AI Act · AUG 2026
CA AB-2013 · IN EFFECT
TX TRAIGA · IN EFFECT
IL HB-3773 · IN EFFECT
NYC LL-144 · ENFORCED
China AI Regs · IN FORCE
Korea AI Act · IN EFFECT
Japan AI Act · IN EFFECT
Colorado · JAN 2027
EU AI Act · AUG 2026
HOW GENTRAIL WORKS

Connect. Control. Certify.

01 · CONNECT

See every agent

Connect your cloud accounts and GenTrail discovers every agent running across your infrastructure, including the ones nobody approved.
→ Auto-discovery across your AWS account
→ Shadow agent identification and alerting
→ Custom registration via SDK or OpenTelemetry
Now nothing runs unseen.
app.gentrail.io
GenTrail agent discovery dashboard
02 · CONTROL

Enforce in real time

When an agent tries to do something it shouldn't, GenTrail blocks the action before it completes. In real time, in under 100ms.
→ Policy engine evaluates every agent decision
→ Block, warn, or pass before execution
→ Prompt injection and data exfiltration prevention
Now every action is checked against your policies, frameworks, and regulations.
app.gentrail.io
GenTrail real-time policy enforcement
03 · CERTIFY

Always audit-ready

Every enforcement action becomes a tamper-evident audit record. What the agent tried, which policy matched, what happened, and when.
→ Tamper-evident reasoning trail per decision
→ One-click export for auditors
→ Continuous evidence, not quarterly snapshots
Now you can prove compliance.
app.gentrail.io
GenTrail audit-ready compliance evidence
INTEGRATION

Start with visibility. Unlock enforcement.

Cloud scanning starts without touching your codebase. SDK integration adds deeper governance with minimal code.
WITHOUT SDK · STAGE 1

Cloud scan only

Connect cloud accounts. GenTrail discovers agents, scans infrastructure, and evaluates compliance posture. No code changes.
AWS 12 agents AZURE COMING SOON GCP COMING SOON SCAN 12 AGENTS DISCOVERED 2 shadow agents flagged · 3 unowned
Agent discovery and inventory
Infrastructure compliance scanning
Policy evaluation on scan completion
WITH SDK · STAGE 2

Full runtime enforcement

Integrate the SDK into agent code. Unlocks real-time policy enforcement at the decision boundary. Block actions before they execute.
GENTRAIL SDK AGENT SDK evaluate() · ⏱ < 100ms PASS BLOCK EVIDENCE LOGGED SOC 2 Type II · NIST AI RMF 1.0
Real-time block / warn / pass
Per-decision audit evidence
Prompt injection and exfiltration prevention
USE CASES

See every action. Understand every decision. Control every outcome.

DECISION INTERCEPT PRICING AGENT −42% discount GENTRAIL policy check max 25% · violated BLOCKED before commit SOC 2 Type II CC6.1
RETAIL

Pricing agent exceeds discount authority

GenTrail evaluates the pricing decision against discount policy and blocks the override before the deal is committed.

OUTPUT INSPECTION CLINICAL AGENT references Patient B GENTRAIL output policy cross-record · detected REDACTED before send ISO 27001:2022 A.8.11
HEALTHCARE

Clinical agent leaks PHI in its response

The agent can read records, but its response references another patient. Access controls miss this. GenTrail inspects the output and redacts before send.

DECISION TRACE SCREEN AGENT decision GENTRAIL trace decision recording · complete TRACED full audit trail NYC LL-144 · NIST AI RMF 1.0
HR & RECRUITING

Screening agent needs audit trail for bias review

GenTrail traces every screening decision and generates the evidence package required for NYC LL-144 and NIST AI RMF 1.0.

PLATFORM PRINCIPLES

Built different. By design.

The architecture decisions that make GenTrail fundamentally different from bolted-on governance tools.
DISCOVER agents + infra EVALUATE policy check ENFORCE block / allow EVIDENCE audit-ready proof CONTINUOUS LOOP
REAL-TIME, NOT RETROACTIVE

Enforce before execution

Policy decisions happen at the moment an agent acts, not after. GenTrail evaluates every decision at the boundary, before damage is done.
UNIFIED ENGINE

Agents + infrastructure, one platform

Agent behavior and cloud resources evaluated by the same policy engine. No stitching separate tools.
EVIDENCE BY DEFAULT

Every action creates proof

Enforcement decisions automatically generate tamper-evident records mapped to compliance frameworks.
COMPLIANCE MANAGEMENT

Run your audit process from one place

Define policies, track evidence, manage audit periods, and generate compliance reports. SOC 2 Type II, NIST AI RMF 1.0, ISO/IEC 42001:2023, and ISO/IEC 27001:2022 built in. No spreadsheets, no scattered tools.
ENCRYPTED
SECURITY FIRST

Your data is protected by default

Runs in your AWS account. Your data never leaves your infrastructure.
< 100ms
SUB-100MS LATENCY

Governance that doesn't slow you down

Real-time policy evaluation adds less than 100ms to agent execution. Your agents stay fast while staying compliant.
GENTRAIL VS ALTERNATIVES

Other tools watch the agent.
GenTrail governs it, end to end.

ALTERNATIVES
GENTRAIL
Behaviour detection
Traces and spans, but no policy context. No threat signal at runtime.
Flags anomalous agent behaviour as it happens, with policy context attached.
Runtime enforcement
Alert after execution, or pre-deploy checks only. No inline blocking.
Block or redact at the decision boundary, sub-100ms.
Compliance evidence
Company-level attestation. Manual evidence collection per audit cycle.
Per-decision evidence mapped to frameworks, generated automatically.
Unified data model
Separate tools for visibility, policy, and audit. No joined dataset.
Behaviour, policy, and outcomes in one queryable dataset.
Policy improvement
Static rulesets. Policy updates require manual review cycles.
Enforcement data feeds back into policy refinement continuously.
WHY THIS COMPOUNDS

Behaviour, policy, and compliance in one inline layer.

Observability vendors
Rich telemetry for debugging. But when an agent violates a policy, they record the event. They don't prevent it.
Compliance vendors
Map controls and produce audit reports. Essential for certification. But they only know what happened after someone tells them.
GenTrail
Sees behaviour, enforces policy, generates evidence. One request, one dataset. Structural, not stitched.
Deeper coverage leads to a richer dataset, which builds a stickier audit footprint over time.
INTEGRATIONS

Connects to what you run.

AWS Bedrock
Google Vertex AIComing soon
Azure OpenAIComing soon
OpenTelemetry
Custom SDK
COMPLIANCE FRAMEWORKS

Pre-built policy packs, with more on the way.

SOC 2 Type II
NIST AI RMF 1.0
NIST AI RMF GenAI Extensions
ISO/IEC 42001:2023
ISO/IEC 27001:2022
HIPAA · coming soon
+ more coming

See every agent. Trust through verification.

We'd love to show you around. Tell us a little about your setup and we'll put together a walkthrough that fits the agents you actually run.

Thank you.

We'll be in touch within one business day.

PRODUCT

Connect. Control. Certify.

From discovery to enforcement to audit-ready evidence. Manage your full compliance process from one platform.

app.gentrail.io
GenTrail agent discovery dashboard
DISCOVER
Full visibility at scale
Agent inventory · Shadow detection · Behaviour
CONTROL
Runtime enforcement
Block · Redact · Allow · Incident alerts
CERTIFY
Compliance evidence
Decision trace · Audit reports · Frameworks
SECURITY
Your data stays yours
Encrypted · Isolated · Flexible deployment
01
monitored shadow unowned
DISCOVER

Full visibility, no matter how many agents you run

Connect your AWS account and GenTrail maps every agent automatically. No manual inventory. Starting with AWS.

Built for scale and complexity

Whether you have fifty agents or fifty thousand, GenTrail discovers and catalogues them across environments without manual effort.

Shadow agents surfaced automatically

Agents deployed outside of governance, running in production, accessing data, making decisions with no oversight. GenTrail finds them.

Continuous behaviour tracking

What data each agent accesses, which APIs it calls, what actions it takes. A living behavioural profile that grows with every interaction.

02
AGENT action request POLICY ENGINE identity scope limit exceeded no approval ⏱ < 100ms PASS BLOCK → Email · Dashboard EVIDENCE LOGGED per decision
CONTROL

Enforce the rules, before anything goes wrong

Every agent action is evaluated against your policies before it executes. Bring your own rules or start with built-in framework coverage.

Real-time enforcement, not retroactive alerts

Block, redact, or allow at the decision boundary in under 100ms. Violations are caught and stopped before they reach production.

Bring your own policies or start covered

Upload compliance documents in plain language. Or select from built-in frameworks and let GenTrail generate enforceable rules automatically.

Policy editor for custom rules

Write policies in the dashboard. Built-in framework packs come pre-loaded so you start with coverage. Add or override rules in the editor.

Incidents reach you instantly

Blocked actions, policy violations, and anomalies reported through email, the dashboard, or webhooks.

03
team A team B ... FINANCE NETWORK DATA ENG SOC 2 Type II98% covered NIST AI RMF 1.094% covered ISO 42001:202391% covered EVIDENCE GENERATED signed · tamper-evident · audit-ready
CERTIFY

Every decision leaves proof.

Tamper-evident records generated automatically for every policy decision. Run compliance reports on demand. Hold evidence for as long as you need.

Full decision trace per agent

Who asked, what happened, which policy applied, what evidence was produced. Every decision is searchable, filterable, and exportable.

Compliance reports on demand

Run a report for any framework, any agent, any time window. Evidence is mapped to controls automatically. No manual assembly required.

Reports where your team works

Weekly posture reports, executive summaries, and incident digests delivered via email or the dashboard.

SECURITY & DEPLOYMENT

Your data stays yours. Always.

GenTrail runs in your AWS account. Your agent traces and audit evidence never leave your infrastructure. Encrypted at rest and in transit. Never used to train any model. No call-home - licensing is verified offline, inside your account.
Encrypted in transit and at rest
RBAC / Roles
Data residency controls
No customer data for training
INTEGRATES IN ABOUT 15 MINUTES

Add the GenTrail SDK to your code.

from aigentrail import GentrailGovernanceHook
from strands import Agent
agent = Agent(
hooks=[GentrailGovernanceHook()],
...
)
Python and Go SDKs available.
SUPPORTED FRAMEWORKS
SOC 2 Type II
NIST AI RMF 1.0
NIST AI RMF GenAI Extensions
ISO/IEC 42001:2023
ISO/IEC 27001:2022
HIPAA · coming soon
+ more coming
Upload compliance documents and GenTrail generates enforceable rules. Or select from built-in framework coverage and start governed immediately.

Ready to see it?

The best way to understand Gentrail is a live demo run against your own environment, your agents, your frameworks, your policies. Tell us where you're starting and we'll tailor it.

Thank you.

We'll be in touch within one business day.

PRICING

Start in your cloud. Upgrade when you're ready.

Free for 60 days in your AWS account. Upgrade to Unlimited when you need compliance.

Free

The real product in your AWS account. Not a hosted sandbox.
$0 for 60 days
ScopeMonitor and detect
ScaleUp to 10 agents
Time60-day evaluation, then read-only. About 30 days of trace history.
Download
Available on GitHub. Deploy to your AWS in about 15 minutes.
INCLUDES
  • See every agent running in your AWS
  • Trace / invocation viewer
  • Alerts via email and dashboard
  • One-click AWS (Bedrock) connect
  • Python SDK
  • API keys
  • Create custom rules and apply compliance frameworks
  • Real-time violation detection
  • Violation triage
  • Tool catalog
  • Self-hosted BYOC (AWS) deployment
  • Login / onboarding

Unlimited

Govern, audit, and prove it.
Custom pricing
ScopeFull compliance and governance
ScaleUnlimited agents
TimeContinuous, full retention
Contact us
EVERYTHING IN FREE, PLUS
  • Compliance dashboard
  • Built-in frameworks (SOC 2 Type II, NIST AI RMF 1.0, NIST AI RMF GenAI Extensions, ISO/IEC 42001:2023, ISO/IEC 27001:2022)
  • AWS security scan (66 checks)
  • Audit periods
  • Auditor workpapers
  • Signed attestations
  • Sample reviews
  • Sign-off workflow
  • Drift alerts
  • Printable compliance report
  • Crosswalk views
  • Aux evidence records (CUECs, subprocessors, data-flow)
  • Agent classifications
  • Policy agent scoping
  • Inbox
  • Org chart
  • Roles
  • PII redactionComing soon
  • Decision ReplayComing soon
  • AI policy extractionComing soon
  • Sync enforcement APIComing soon
Discover

Automatic discovery of your Bedrock and SDK agents. Live inventory, full trace and tool-call visibility.

Trust

Your traces and evidence stay in your cloud - licensing is verified offline, with no call-home. Encrypted at rest and in transit.

Upgrade in place

When you need audit evidence, compliance frameworks, and unlimited agents, swap the license. Same install, same data.

WHY IT PAYS OFF

Pays for itself on labour saved alone.

$227K/yr
Returned per year
For every 100 hrs/week of compliance work your team carries
2,275
Hours back / year
Per 100 hrs/week - analyst + engineering time returned to real work
35%
Automation cap
We automate evidence toil, not judgment - human-in-the-loop by design
Labour only
What we count
Payroll you can verify - breach, fine & sovereignty value excluded on purpose
Modeled at $90/h analyst · $140/h engineering. Run it on your numbers in a demo.
FREQUENTLY ASKED
What is the 60-day evaluation?
Free runs the real product in your AWS account for 60 days. Full monitoring, detection, and tracing for up to 10 agents. After 60 days it goes read-only. Your data is preserved.
How do I upgrade?
License swap in place. Same install, same data, same AWS account. Compliance dashboards, audit periods, attestations, and unlimited agents unlock immediately.
What happens after 60 days?
The install stays. Read-only access continues so your team can browse the inventory and historical traces. Capture pauses until you upgrade.
Where does my data live?
In your AWS account. GenTrail is BYOC only. Encrypted at rest and in transit. Your agent traces and audit evidence never leave your infrastructure, and licensing is verified offline with no call-home. Optional AI-assisted features (policy rule extraction, tool classification) call third-party model APIs using your own API keys and provider accounts - GenTrail provides no model service, those calls never reach us, and the features stay off until you configure them. Never your traces, and never to train GenTrail models. If you opt into cross-account compliance scans, you grant a read-only, ExternalId-gated role that you can revoke at any time.
How long does setup take?
Cloud scanning starts within minutes of connecting your AWS account. Deploying Gentrail into your own AWS account (BYOC) takes about 15 minutes with our Helm and CloudFormation templates. Adding the SDK for runtime enforcement on an agent typically takes under an hour.
Do you use customer data for training?
No. Never. Your traces, policies, and evidence belong to you and are not used to train any model, ours or anyone else's.
What compliance frameworks are supported?
SOC 2 Type II, NIST AI RMF 1.0, NIST AI RMF GenAI Extensions, ISO/IEC 42001:2023, and ISO/IEC 27001:2022 are supported today, with more on the way.
How do I get pricing for Unlimited?
Talk to our sales team. Pricing depends on agent count and compliance scope. The contact form below gets you a same-week response.

Let's talk about your use case.

Tell us about your setup and we'll come back with a plan that fits.

Thank you.

We'll be in touch within one business day.

ABOUT GENTRAIL

Built by operators of the systems now being governed.

We've built production-grade AI at Amazon, designed enterprise policy and authorization engines, and run financial-grade infrastructure at the scale where a governance failure becomes a business risk.

THE MOMENT WE KNEW
WHAT WE BUILT
Agentic AI systems, policy engines, financial infrastructure, at enterprise scale.
WHAT WE SAW
Agents making decisions no one could trace. Compliance teams scrambling weeks after incidents.
WHAT WAS MISSING
A governance layer that works at runtime, not after the damage is done.
WHY WE BUILT GENTRAIL

The gap between agent deployment and agent governance is already costing companies millions.

Enterprises are deploying AI agents at unprecedented speed. But governance infrastructure hasn't kept up. The tools that exist were built for a world where humans make decisions.

Agents change that equation. They act autonomously, chain decisions, and access sensitive data without asking. Someone had to build the control layer. So we did.

WHAT WE BELIEVE

Three convictions that shape the product.

01

Governance at runtime, not after the fact

Retroactive audits don't prevent harm. Policy evaluation has to happen at the moment an agent acts, before the damage is done.

02

Evidence is a byproduct, not a project

Compliance evidence should be generated automatically from enforcement, not assembled manually by teams months later under audit pressure.

03

Speed and safety aren't tradeoffs

Sub-100ms policy evaluation means agents stay fast while staying governed. You shouldn't have to choose between shipping and compliance.

THE TEAM

Built by operators, not observers.

Trust is becoming the premium in AI. As agents move from suggesting to acting, the hard part isn't the model. It's runtime control, policy that holds at the moment of action, and audit-ready evidence afterward. Trust, but verify. It's a runtime systems problem before it's a compliance one.

We've built exactly those systems: production-grade AI at Amazon, AI/ML research in models, enterprise policy and authorization engines, and financial-grade pipelines processing billions of transactions a day. High-scale, high-integrity work where traceability and correctness are non-negotiable. Across 30+ combined years at Amazon and decades more across financial services, cloud, and regulated industries, including $1.5B+ in P&L. We built Gentrail because we've watched autonomous software outrun the controls around it.

Start a conversation.

Whether you're exploring agent governance or ready to move, we'd like to hear what you're working on.

Thank you.

We'll be in touch within one business day.

FREE BYOC EVALUATION

Generate your free GenTrail license

60-day evaluation · up to 10 agents · runs in your own cloud. Your key appears here and we email a copy.