Blog

Introducing Tallin: the runtime control plane for AI

Tallin is the runtime control plane for AI use by humans, apps, and agents: every AI actor gets an owner, a model scope, a budget, a policy, an audit trail, and an off switch. Here is why we built it, and how to become a design partner.

June 8, 20265 min readSteve LaBella, Founder, Tallin

Tallin is the runtime control plane for AI use by humans, apps, and agents: route AI through it and the people accountable get one inline place to attribute every model call, scope it to approved models, cap its spend, hold it to policy, and cut off a misbehaving actor's Tallin-mediated model access, with an audit trail to back all of it.

The problem we kept seeing

Every company is adopting AI faster than it can govern it. Coding agents, copilots, chatbots, and in-house apps are spreading across teams — and now autonomous agents are arriving that spend money and take actions unattended. Gartner projects more than 150,000 agents per Fortune 500 company by 2028, while only 13% of organizations feel adequately governed to handle them. The people accountable for the company, security, finance, and legal, are left without the basics they have for every other system: who is using which models, what it costs, whether it meets policy, and what to do when something looks wrong.

The usual answers do not hold. A written AI policy is paperwork if nothing enforces it. A spreadsheet of vendor bills is stale the day it is made. Blocking AI outright just pushes it onto personal accounts you cannot see at all. The teams getting this right are not the ones with the strictest rules. They are the ones with a control point.

What Tallin is

Tallin is the runtime control plane for AI. It sits inline as a governing gateway between your AI actors — the humans, apps, and agents using AI — and the providers they call, so every request is authenticated, attributed to an owner, checked against budget and policy, screened for anomalies, and written to a durable audit trail.

That gives the people accountable for AI one place to work from:

Attribution: every model call owned by an actor — human, app, or agent — by team, app, and provider, in a single ledger.

Cost control: real spend, per-actor and per-team budget caps enforced at request time, designed to cap runaway agent spend before the bill arrives, plus a savings analysis with its assumptions and confidence attached.

Governance: approved model scope, policy enforcement, rate limits, anomaly detection, and a kill switch to disable a misbehaving actor's Tallin-mediated model access — at the point of use, not after the fact.

Compliance: an audit trail and evidence you can map to frameworks like the NIST AI RMF, the EU AI Act, and ISO 42001.

Think of it the way security teams think about an identity provider or a CASB: a single inline control point, but for every AI actor.

Governance you can prove

The thing we care most about is being honest about coverage. A lot of AI governance tooling implies it sees everything. It does not, and pretending otherwise is how trust gets lost in the first review.

Tallin governs the AI traffic routed through it, and it labels every actor plainly: Observed, Inferred, Enforced, or Not Covered. Not Covered means exactly that — direct provider calls made outside Tallin, and the tool and MCP execution side effects an agent triggers, are not things Tallin governs, and we say so. When we report savings, it comes from our savings analysis with its confidence and assumptions attached, not a headline figure we cannot defend. When we show coverage, we show the gaps too.

That is the standard we hold ourselves to: control you can prove, and an audit trail you would be comfortable handing to an auditor.

We are looking for a few design partners

We are already working with a small group of design partners, and we are opening a few more spots.

This is for you if you are a CISO, CFO, head of platform, VP of engineering, or GRC leader who can feel AI and agents spreading across your company faster than you can account for it — whether the worry is runaway agent spend or the board, an auditor, or a regulator asking the question for you.

Design partners get hands-on work with us, direct influence over the roadmap, and early access as we build. In return we ask for real usage and honest feedback.

If that is you, reach out at gettallin.com. We would like to build this with you.

Key takeaways

  • AI is being adopted faster than it can be governed, and autonomous agents that spend and act unattended are arriving — the basics (who owns it, what it costs, whether it meets policy) are missing for most companies.
  • Tallin is the runtime control plane for AI: route the humans, apps, and agents using AI through it, and each one becomes owned, scoped to approved models, held to a budget and a policy, recorded in an audit trail, and shut off from its Tallin-mediated model access the moment it misbehaves.
  • Think identity provider or CASB, but for every AI actor — the humans, apps, and agents using AI through Tallin.
  • Control only earns trust if it is honest about coverage. Tallin labels every actor Observed, Inferred, Enforced, or Not Covered — and Not Covered includes the provider calls and tool side effects that happen outside Tallin.
  • We are taking on a few more design partners: security, finance, and platform leaders getting ahead of AI and agent sprawl.

Keep reading

Want to stop estimating and start measuring?

Tallin gives you the same observable, attributable, defensible ledger this article describes — with the honest coverage taxonomy baked in.