Govern LLM access the way you govern everything else.
LLMs are now load-bearing in sales, engineering, support, and research. Your company needs the same controls you have for AWS or GitHub: per-team budgets, audit logs, SSO, role-based access, and a single pane showing what's being spent where. Modelux is that plane.
LLM usage has the shadow-IT problem, but worse.
Employees signing up for their own OpenAI plans
You can't stop it and you can't see it. There are probably twenty orphan API keys on your company's card that you don't know about.
Finance can't reconcile the LLM spend
One line item on the Anthropic invoice. No breakdown by team, department, or project. Chargeback is impossible.
No policy surface
Legal wants to block Claude for customer-support use. Security wants to block data-heavy prompts from Sales. You have no enforcement point.
Audit is a spreadsheet
Who approved GPT-4 for the research team? When did the budget change? Nobody knows. You search Slack.
Policy as code, enforced at the proxy.
The custom-rule DSL lets you route based on tags attached at the API boundary: tenant plan, team, sensitivity class, budget headroom. Write the policy once, enforce it for every request in the company.
- ▸ Branch on tenant, team, sensitivity, budget
- ▸ Block models per-team (e.g. no GPT for customer data)
- ▸ Auto-downgrade near budget caps
- ▸ Test policy changes against historical traffic
{
"strategy": "custom_rules",
"rules": [
{ "if": "tags.team == 'support'",
"then": "@support-allowed"
},
{ "if": "tags.sensitivity == 'pii'",
"then": "@pii-safe-providers"
},
{ "if": "budget.used_pct >= 0.9",
"then": "@cheap"
},
{ "else": "@production" }
]
} Controls built for how companies actually work.
Single plane for all company LLM traffic
Every app, every team, every coding-agent seat routes through Modelux. One set of credentials, one audit log, one policy surface. Finance gets the breakdown they need.
Per-team projects with independent budgets
Model each team as a project. Assign budgets with auto-downgrade at the cap. Allocate spend back to business units with per-tag rollups.
RBAC with SSO / SAML
Owner / admin / member / viewer roles per organization. SSO via SAML (Enterprise). Audit every config change and API-key action.
Tenant-aware routing
Custom rules dispatch enterprise customers to @premium, internal tooling to @cheap, and research to @frontier — all based on tags attached at the API boundary.
Enterprise controls that match your compliance bar.
SSO / SAML / SCIM
Provision users from Okta, Azure AD, Google Workspace. Deprovisioning revokes API keys automatically.
Audit log
Every management-API mutation, key creation, role change, and config update is recorded with actor, timestamp, and diff.
IP allowlists
Restrict management-API and proxy access to known corporate IPs or VPN ranges.
Custom retention
Configure log retention beyond 90 days, or disable payload retention entirely.
Warehouse export
Scheduled Parquet exports of logs and audit events to your own S3/BigQuery/Snowflake.
Dedicated deployment
Single-tenant or VPC-peered proxy instances. DPA and BAA available on request.
Bring your LLM footprint into policy.
Platform engineering, finance, security, and engineering leadership get the visibility and controls they need — without getting in the way of the teams using the tools.