The AI gateway that can't cheat you.
A router sits between you and the model. It could swap in a cheaper model, read your prompts, or quietly rewrite them on the way through. SafeRouter is built so it can do none of the three — enforced by hardware and cryptography, and open for anyone to verify.
The exact model you paid for.
Every call is signed into a public log naming the model that actually answered. Re-hash your own response and prove we never quietly swapped in something cheaper or dialed the quality down.
Your context — even we can't read it.
Your prompts are processed inside a hardware enclave whose memory the CPU keeps encrypted. Not AWS, not our operators, not us: no one can see what you send.
No hand in your prompt.
What you send is what the model sees. No injected instructions, no silent rewrites, no steering. The enclave forwards your context untouched, and the signed log proves it stayed that way.
Guarantees, not promises. Here's how.
Every claim above is enforced by hardware and math, so you never have to take our word for it. Three mechanisms do the work.
A CPU-encrypted secure enclave
The gateway runs inside an AMD SEV-SNP enclave. The CPU encrypts its memory in hardware and measures the exact binary at boot, so the code touching your prompt is sealed off from AWS, from our operators, and from any host-level attacker.
SEV-SNP · VLEKProof you can check yourself
The enclave's measurement is signed all the way up to AMD's root key. Anyone can pull the live attestation report and re-verify that signature in their own browser. If the enclave were running modified code, the signature wouldn't match.
Independently verifiableA signed, tamper-evident log
Every call lands in an append-only hash chain with an Ed25519 receipt carrying the model, tokens, and a hash of the exchange. Editing one record breaks every record after it, and the signing key never leaves the enclave. Each response returns a call_id you can look up and re-verify byte-for-byte.
One key. Every major model.
Point one OpenAI-compatible endpoint at SafeRouter and reach the frontier labs and the strongest open models through the same confidential gateway. Text, image, and video all route through the enclave, so the guarantees above hold no matter which model answers.
// 9 model families · 70+ models · text, image & video · one OpenAI-compatible endpoint · live catalog on the models page
Every token, under your control.
An API key is a spending faucet and a data door. SafeRouter turns each one into a governed instrument: scoped, capped, metered, and revocable. Hand out a key per app, per teammate, or per environment, and keep a live account of exactly what each one did.
Many keys, one account
Mint a separate key for every app, teammate, or environment. Each carries its own name, plan tier, and history, so nothing shares a single blast radius.
Hard limits and budgets
Set a spend ceiling and a rate tier per key or per group. When a key hits its budget it stops, so a runaway job can't drain the account.
Usage and cost, per key
See spend broken down by key, group, and model, backed by the same signed call log. Every dollar traces to the exact request that spent it.
Kill switch and audit
Roll keys up into teams and orgs with role-based access, revoke any key the instant it leaks, and keep a tamper-evident record of every call it ever made.