Skip to main content

Control Zero Self-Managed

Control Zero Self-Managed brings AI governance to on-premises environments. Two products address the full spectrum of AI risk in regulated, security-sensitive, and compliance-driven organizations.

Products

Control Zero for Apps

Govern every AI API call, MCP tool invocation, and agent action across your infrastructure. The same policy engine, gateway proxy, and SDK enforcement available in Control Zero Cloud, deployed entirely within your network boundary.

  • Transparent gateway proxy for LLM traffic (Anthropic, OpenAI, and compatible providers)
  • MCP-level tool call interception and policy enforcement
  • PII detection and masking before data reaches any model provider
  • Sub-3ms compiled policy engine running locally
  • Immutable audit trails for every decision

Control Zero for Shadow AI

Discover unauthorized AI tools, exposed credentials, and hidden model traffic across your fleet. An SSL-inspecting proxy adds DLP controls for browser-based AI chat applications.

  • Endpoint and network agent (Scout) for AI service discovery
  • SSL-inspecting proxy for chat application DLP (detect, block, mask)
  • Credential exposure scanning
  • Continuous monitoring with dashboard visibility

Deployment Options

OptionDescription
On-premisesDocker Compose deployment on your own infrastructure.

Air-gap tarball and hybrid deployment modes are planned for future releases.

Key Capabilities

  • License-based seat management: Offline validation, no phone-home requirement.
  • Preflight and postflight health checks: Automated verification before and after installation.
  • Support bundle generation: Collect diagnostics with automatic secret redaction.
  • Configurable logging: Five log levels, structured JSON format, audit and application log separation.
  • Anti-tampering protection: Config integrity monitoring and cryptographic policy verification.
  • SSL-inspecting proxy: Chat DLP with CA certificate deployment for enterprise endpoints.

Self-Managed Guides