Product How It Works Why Altrace Pricing Request Access

How It Works

Every request. Governed.

Altrace sits between your AI agents and the models they call. Here is what happens when a request passes through.

Request Access Platform overview →

The Invisible Layer

Your agents don't know it's there

Your Agent
Sends request
Altrace
Scans request → forwards
Scans response ← returns
Cost recorded, audit logged
Claude
Processes request
Returns response
Allowed
Agent receives response
Both directions scanned
Zero friction

Your agents run at full speed. Altrace adds milliseconds — the model takes seconds. You never notice.

The $82,000 API Key

An agent exceeds its budget

In February 2026, a stolen API key ran up $82,314 in Gemini charges in 48 hours. Fortune 500 companies collectively leaked $400M in unbudgeted AI agent cloud spend that quarter.

Your Agent
Calls GPT-4 API
$487 spent of $500 budget
Altrace
Estimates request cost: $18
$487 + $18 = $505
Exceeds $500 limit
×
Blocked
Request rejected
Model never called
Zero cost incurred

Blocked before the request reaches the LLM. Your bill stays exactly where you set it.

The OpenClaw Incident

You activate a kill switch

In 2026, an AI agent deleted 200+ emails from a Meta alignment researcher's inbox. She typed "STOP" repeatedly. The agent kept going. There was no kill switch.

You
One API call:
POST /kill/team/finance
Altrace
Kill switch persisted
All new requests blocked
Active connections severed
×
All Traffic Stopped
All new requests blocked
Active streams cancelled
Persists through restarts

One API call. Every agent on the team stops instantly. Survives restarts. No gaps.

The Shadow AI Problem

Sensitive data blocked before the model

77% of employees paste company data into LLMs. In January 2026, a misconfigured AI chat app exposed 300 million messages — including PII, credentials, and confidential business data — from 25 million users.

Your Agent
Sends customer record
containing SSN, email, card number
Altrace
Inbound scan: sensitive patterns detected
Multiple independent detection layers
Request blocked pre-flight
×
Blocked
Request never reaches the model
Sensitive data stays in your infrastructure
Decision recorded in audit trail

SSN, email, card number in the prompt. Altrace caught all three before the request left your network. The model never saw it.

The Kiro Incident

An agent acts without authorization

In December 2025, Amazon's Kiro AI agent autonomously deleted and recreated a production AWS environment — without approval — causing a 13-hour outage. The two-person approval process hadn't been extended to AI.

Your Agent
Calls issue_refund
without first calling
lookup_order
Altrace
Prerequisite check fails
Required verification step missing
Tells the agent what to do first
×
Self-Repair
Agent receives remediation hint:
"Call lookup_order first"
Agent self-corrects and retries

The agent skipped a required step. Altrace blocked it and told it exactly what to do first. Automatic self-correction — no human needed.

The 300 Million Messages

PII appears in a streaming response

In 2025, researchers found seven vulnerabilities in GPT-4o and GPT-5 that allowed data exfiltration during streaming responses. In January 2026, 300 million streaming chat messages were exposed from a popular AI app.

LLM Provider
Streaming response
Delivered word by word
Altrace
Scans each fragment in real time
Social Security number detected
Policy violation triggered
×
Stream Cancelled
Stream terminated
Connection closed
Violation logged in audit trail

Altrace watches every word as it streams back. The moment sensitive data appears, the stream is killed. Not after — during.

The MCP Injection Crisis

A prompt injection attempt is intercepted

In 2025, attackers embedded hidden SQL in support tickets that tricked an AI agent into exfiltrating private tokens. The official GitHub MCP server was hijacked via poisoned public issues. 30+ MCP CVEs followed.

Your Agent
Sends user input containing
hidden injection instructions:
"Ignore all previous instructions..."
Altrace
Ingress scan: injection pattern detected
Multiple detection layers triggered
Request blocked pre-flight
×
Blocked
Injection never reaches the model
Session risk level elevated
Decision recorded in audit trail

Jailbreaks, prompt injections, hidden instructions — caught and blocked before they reach the model. The attacker gets nothing.

These incidents were preventable

Every scenario above is running live on real AI traffic. Request a walkthrough and see Altrace stop these attacks in your environment.

Request Access