AI control plane for regulated industries.
Three sequential gates classify, authorize, and route every AI request. Detected sensitive content is tokenized before any model is invoked. Vendor-independent. Deployment-agnostic.
Healthcare available today · Government, legal, and financial verticals on the roadmap
The assessment runs on the same engine that protects your organization.
Three Gates isn't a quiz tool. It's an AI compliance platform with a Three-Gate architecture that ensures AI systems only receive data your organization has explicitly authorized.
Gate 1
What is this data?
Classification
A multi-layer detection cascade identifies PHI, PII, and sensitive content in real time.
Gate 2
Who's asking?
Authorization
Role-based authorization with context-aware policy enforcement.
Gate 3
Where can it go?
Routing
Risk-based routing to the right AI model with the right protections.
Every AI interaction in your organization passes through these three gates. Including the assessment your team just took.
Layer 1
Sensitive data, classified.
Detected sensitive content is tokenized before any model invocation.
A multi-layer detection cascade identifies PHI, PII, and sensitive content, then replaces detected values with typed semantic tokens before any AI provider is called. The architecture is configurable per vertical and per tenant.
Pre-submission tokenization
Detected sensitive values are replaced with typed semantic tokens before any general-purpose AI model is invoked. The model reasons over tokens; rehydration occurs only at authorized execution boundaries.
Layered detection
A defense-in-depth cascade combines multiple independent detection layers, configurable per vertical. No single layer is the system; the cascade is.
Real-time scanning
Debounced detection as users type. Sensitive content is flagged in real time, before it leaves your tenant.
Layer 2
Every request, authorized.
Already using AI? Route it through Three Gates. One line of code.
The API gateway sits between your team and any AI provider. Azure OpenAI, Anthropic, OpenAI, Ollama, or custom models. Every request passes through the three-gate pipeline: classified, authorized against policy and purpose, then routed with the right protections.
API Gateway
A unified proxy for all AI interactions. Sensitive-data scanning, rate limiting, streaming support, and a complete audit trail on every request.
Multi-Provider Routing
Provider-agnostic with health tracking, automatic failover, and org-level model routing. Switch providers without changing application code.
Browser Extension
Side panel chat, floating action button, and context menu actions. All with real-time content preview and the same policy enforcement as the API.
Layer 3
Every team, trained.
They don't just learn about compliance. They experience it.
Training modules put your team inside real AI scenarios. Identifying sensitive data, enforcing policies, responding to incidents. Interactive exercises run against the same detection engine that protects your production traffic.
Interactive Sandbox
Exercise types covering data classification, tokenization, policy enforcement, and domain-specific scenarios. Hands-on practice with the real detection engine.
Readiness Assessment
Scenario-based assessment across compliance categories. Org-level readiness reports with k-anonymity protections and baseline-locked scoring.
Certification & LMS
Open Badges 3.0 certificates, SCORM/xAPI export for your existing LMS, and compliance evidence packages with full audit trail.
Layer 4
Every interaction, provable.
Show auditors exactly what your AI touched, when, and why.
Every AI interaction generates an immutable audit record. The compliance command center aggregates risk events, generates scheduled reports, and produces the executive summaries your leadership team needs.
Unified Audit Trail
Immutable logs for every AI request, policy decision, and configuration change. Designed for long-horizon retention with encryption-key operation tracking.
Compliance Reports
Compliance command center with health scoring, risk event detection, scheduled PDF reports, and executive summaries. Generated automatically.
AI Configuration Assistant
Natural-language tools for managing policies, detection settings, and routing. With read-only, write, and destructive operation tiers.
Built for regulated industries
Three Gates is vertical-agnostic by design. Healthcare ships first; other regulated verticals are on the roadmap.
Healthcare
LiveAI compliance for hospitals and large practices, designed to support HIPAA Security Rule obligations. PHI detection, policy enforcement, BAA-ready routing.
Government
RoadmapCUI handling and 800-53-baseline-aligned controls for civilian and defense agencies handling sensitive-but-unclassified data. FedRAMP authorization is not currently pursued.
Legal
RoadmapPrivileged communications and matter-scoped data isolation for firms running AI on client data.
Financial
RoadmapPCI, GLBA, and material-non-public-information guardrails for banks, asset managers, and fintechs.
5-layer
detection cascade
Pre-submission
tokenization of detected PHI
316
compliance tests
7-year
retention architecture
WCAG 2.1 AA
accessible
25
AI configuration tools
Three ways to start.
Pick the door that matches where your organization is today.
Free
Take the AI readiness assessment.
Healthcare-specific, scenario-based, completable across multiple sessions. You receive an anonymized readiness report with regulatory citations and a remediation path.
See the platform
Request a platform demo.
A working walkthrough of the three-gate pipeline, the gateway, the workbench, and the audit trail. We tailor it to your vertical and your stack.