🔐
Govern data before it leaves
PII and data-tier classification happen before the provider call, not only in post-hoc logs.
Change one URL · Govern AI egress · Sign evidence
Put governance where AI traffic leaves.
Talon’s gateway is the Talon 2.0 control point: a network chokepoint for LLM calls where policy runs before provider access and every decision becomes signed evidence.
App / agent
→ Talon gateway
→ identify caller
→ scan PII
→ classify data tier
→ evaluate OPA policy
→ enforce budget
→ check provider region
→ redact or deny
→ sign evidence
→ approved providerPII before providerCost before spendEU before egressEvidence after decision
Definition
A Talon-style gateway is not just a proxy.
A proxy forwards traffic. Talon decides whether the request is allowed, whether data must be redacted, which provider posture is acceptable, whether budget remains, and what signed record proves the decision later.
🇪🇺
Enforce sovereignty posture
EU strict, EU preferred, and global modes make provider jurisdiction a product primitive.
🧾
Generate evidence, not logs
Each request produces a signed record that can be exported and verified.
Talon 2.0 scope
What the gateway should prove.
| Control | Question it answers | Evidence fact |
|---|---|---|
| Caller identity | Which app, tenant, or workflow made the request? | caller, tenant_id, agent_id |
| PII and data tier | Was sensitive data present? | PII findings, input/output tier, redaction action |
| Model and provider policy | Was this model/provider allowed for this data? | model, provider, jurisdiction, routing decision |
| Pre-spend cost cap | Was budget checked before spend? | estimated cost, actual cost, caller budget |
| Evidence integrity | Can this record be trusted later? | input/output hashes and HMAC signature |
Evaluate Talon
Start with one existing LLM workflow.
Point one OpenAI-compatible client at Talon, send test PII, inspect the policy decision, and verify the signed evidence.