The Runtime Control Layer for AI
Write AI policy in plain language, enforce it at runtime, and get full-session context for investigation.
How ThirdLaw Works
Capture each AI session, evaluate it against policy, intervene in-line, then investigate end to end with session timelines.
Turn AI Policy Into Laws
Laws are enforceable policies you can scope, validate, and apply to real AI interactions.
Scope
Target where Laws apply. Trigger by app, route, role, user group, model, or tool.
Author
Describe the policy in words. ThirdLaw translates it into runtime logic.
Validate
Test on examples, then run monitor-only on real traffic to measure hit rate, latency, and cost.
Publish
Roll out with control. Version the Law, assign an owner, and deploy with scoped rollout.
Enforce
Enforce in real time; block, redact, reroute, or escalate. Emit a violation with investigation context.
Collect AI Interactions from Prompts to Actions
- Capture prompts, outputs, tool calls, and agent actions.
- Collect at gateways Envoy, Kong, NGINX to support inline controls.
- Use SDKs (Python, TypeScript) to add identity and policy context
- Collect via OpenTelemetry OTEL using automated or manual instrumentation.
- Ingest via API from real-time event pipelines.
Evaluate AI Behavior Against Enterprise Policy
- Evaluate prompts, outputs, and actions against enterprise policy.
- Detect policy violations and anomalous patterns
across sessions and agent chains. - Use semantic, classifier, LLM, and rules-based checks to balance latency and accuracy.
Intervene at Runtime When Behavior Violates Policy
- Block, redact, reroute, or escalate when policy is violated.
- Apply fine-grained policies by role, app, environment, model, and tool.
- Designed to enforce consistently across systems while fitting existing workflows.
Investigate Incidents with Session Timelines
- Search across events, transactions, and sessions with rich filters.
- Investigate incidents with session replay, search, and tool-call forensics.
- Route findings and context to SIEM/SOAR/ITSM for response workflows.
- Support compliance workflows with policy evaluation and enforcement evidence.
Integrate Where AI Runs
Choose the integration points that fit your stack, from gateways to agent frameworks.
In Agent Runtimes
Capture events from agent frameworks. Supports: LangChain, LlamaIndex, CrewAI, OpenAI Agents SDK, Google ADK.
At API Gateways
Enforce policy inline at the edge. Supports: Envoy, Kong, NGINX, LiteLLM.
Via SDK
Attach identity and policy context in app code. SDKs: Python, TypeScript, Go.
From OpenTelemetry
Ingest LLM and agent exchanges via OTEL. OTEL: Auto or manual instrumentation.
Run ThirdLaw in Your Environment
Choose managed single-tenant, run in your AWS VPC, or deploy to your Kubernetes cluster.
Managed Single-Tenant SaaS
Dedicated instance in an isolated AWS account and VPC, operated by ThirdLaw.
Customer VPC AWS
Run ThirdLaw in your VPC to keep data and enforcement close to your apps and gateways
Self-Managed Kubernetes
Deploy via Helm to your cluster (on-prem or private cloud).
From Policy to Runtime Control
Designed for Security and IT; a production control layer that enforces AI policy at runtime and routes violations to existing SecOps workflows.
Full AI Interaction Record
Capture prompts, outputs, tool calls, and agent actions into organized sessions.
Selectable Evaluation Engines
Choose pattern matching, similarity, classifiers, or reasoning-based evaluation per policy.
Scoped Runtime Actions
Block, redact, reroute, or escalate based on policy findings.
SecOps Workflow Routing
Forward violations and context to SIEM/SOAR/ITSM