Zero Trust AI Enclaves

Secure Your AI Deployments. Without Slowing Them Down.

Route AI agents, LLMs, and MCP servers through a private, identity-first enclave — no shared API keys, no open ports, no firewall changes. Every connection authenticated before it exists.

Join the AI Accelerator
netfoundry it and ot solution infographic
99.99% reduction in AI attack surface
0 inbound ports required
68% of employees already using Shadow AI due to deployment delays*
The challenge

AI Deployments Are Fast. Securing Them Isn’t.

Every new AI agent, LLM, MCP, tool, or data source can trigger a new data path. And every new data path triggers another round of changes to firewalls, routing, NAT, and DNS. This slows deployments and encourages shadow AI workarounds.

  • Firewalls and VPNs not designed for service-to-service AI traffic
  • Shared API keys distributed to agents create sprawling credential risk
  • Open inbound ports expose LLMs and MCP servers to attack
  • Authorization based on IP addresses, not identities
  • Security reviews delay deployment; teams default to shadow AI
Traditional approach — exposed AI infrastructure Your Environment AI Agent AI Agent App Server MCP Server EXPOSED LLM / MCP Provider LLM API Open inbound port MCP Server Shared API key Lateral movement risk Attackers can scan & exploit
The NetFoundry solution

A Private Enclave for Every AI Interaction

NetFoundry implements a Zero Trust AI Enclave — a private, policy-governed overlay that is invisible to the internet and performs authentication and authorization before any connection exists. No open ports. No API keys. No routable path until authenticated and authorized.

Authenticate first. Connect second. Always.

Unlike traditional networking where network reachability exists before authentication, NetFoundry’s AI Enclave performs identity verification and policy evaluation before any routable path is created. If identity and policy do not authorize the interaction, no connection is made.

  • Every AI agent, LLM, and MCP server gets a cryptographic certificate identity — bound to the specific workload, not just a shared key
  • Outbound-only connections from all components – no inbound ports, no firewall holes or rules
  • Identity-based access reduces the need for shared secrets.
  • Service-level least-privilege access — agents can only reach what policy explicitly permits
  • Full end-to-end encryption
  • Identity-based authorization, visibility, and management
  • Agent connectivity optionally embedded via SDK
Slide 1
Slide 2
Slide 3
Slide 4
Slide 5
Slide 6
Slide 7
Slide 8
Slide 9
Slide 10
AI Gateway capabilities

Secure and Govern Every AI Interaction at Scale

The AI Enclave centralizes control over all communications between agents, models, and services — with specific capabilities for the unique demands of AI infrastructure.

LLM Gateway

Manage interactions with external and internal LLMs — route requests across models, enforce usage policies, and implement load balancing or failover. No exposed endpoints, no distributed API keys.

MCP Gateway

Secure, standardized access to MCP servers using identity-based authentication. Agents can only discover and invoke tools within their policy scope — eliminating secret-based access entirely.

LLM Semantic routing

Determine whether a query should route to a public model (e.g., GPT-4o) or a private self-hosted model — optimizing for both cost and data privacy requirements automatically.

Cost and token tracking

Budget, limit, and track the dollar cost of AI asset usage by team and project — giving finance and security teams unified visibility without needing separate tooling.

Outcomes

Faster Deployments. Smaller Attack Surface.

🚀

Accelerated AI deployments

Only outbound connections required — no firewall changes, no VPN setup, no network reconfiguration. New agents, tools, and models connect in minutes, not weeks.

🔒

Invisible attack surface

The enclave is completely private and invisible from the internet. No open ports means no discovery, no scanning, no exploitation. The enclave doesn’t exist to attackers.

👁

Identity-based visibility

All traffic associated with an identity rather than an IP address — giving meaningful insight into which agent is doing what, across every environment and cloud.

Instant policy changes

Access granted or revoked immediately. Policies defined centrally and updated programmatically — respond to evolving requirements without infrastructure changes.

🛡

No shadow AI

When official rollout is as fast as unofficial workarounds, teams stop creating unauthorized connections. Secure by design means secure by default — removing the incentive for shadow AI.

📋

Simplified governance

One identity model, one security framework for all AI interactions. Consistent policy enforcement across on-prem, cloud, and partner environments — with full auditability.

How Zero Trust AI Enclaves Address the Core Challenges

AI Connectivity Challenge Zero Trust AI Enclave benefit
Deployments slowed by network change requirements Accelerates deployments using only outbound connections. No changes to VPNs, firewalls, or other network infrastructure — ever.
Expanded attack surface from exposed AI services The enclave is completely private and invisible. Each connection authenticated and authorized before it’s established. No routable path exists until identity and policy authorize it.
Shared API Keys distributed to agents Identity-based authentication via certificates reduces the need for shared secrets and API keys entirely — removing the most common source of AI credential compromise.
Poor visibility into multi-cloud AI traffic All traffic associated with a specific identity rather than IP address — providing meaningful, auditable understanding of connectivity across every environment.
Inconsistent governance across agent ecosystems Centralized policy management with identity-based rules, updated programmatically. One security model applies consistently across all agents, models, and environments.
No control over which models agents can access Service-level least privilege: agents can only discover and invoke tools and models within their explicit policy scope — nothing more.
Deployment options

Deploy the Way You Need

NetFoundry offers three deployment options to match your AI architecture, compliance requirements, and operational preferences.

All options work across internally- and externally-controlled environments. For teams building AI components directly, the OpenZiti SDK embeds secure connectivity into your agents and models at development time — network as code, not an afterthought.

OpenZiti

Community / open source

  • Community support
  • Self-deployed and managed
  • Self-orchestrated

Self-Hosted

Enterprise — your infrastructure

  • 24×7 enterprise-grade support
  • Self-deployed with NetFoundry guidance
  • Operations, logging, and assurance tools
  • Production architecture guidance
  • Contracted relationship with indemnification
  • FIPS compliant

Cloud (Recommended)

NetFoundry-managed, fully hosted

  • 24×7 enterprise support
  • Fully managed by NetFoundry, 99.95% SLA
  • Contracted relationship with indemnification
  • 100+ global PoPs
  • Fully automated lifecycle management
  • FIPS compliant
  • SOC 2 Type II compliant
“NetFoundry provides the secure network foundation Rhapsody needs to support private, policy-based access across distributed healthcare environments, including applications, APIs, workloads, and emerging AI-enabled workflows. That security layer complements our integration platform by helping customers modernize while protecting mission-critical data exchange.”

Kevin Day, CTO, Rhapsody

Get started

Secure Your AI Infrastructure Today

Schedule a Meeting

* Source: internal survey data, 2025

NetFoundry | Secure by Design
Products
Solutions
Industries
Secure by Role
Why NetFoundry