Product / AI Actors

Govern every AI actor: human, app, or agent.

An AI actor is anything that uses AI through Tallin: a person, an application, or an autonomous agent. Route that AI through Tallin and each one becomes a named identity you can scope to specific models, hold to a budget, bind to a policy, trace in an audit trail, and disable on demand. That turns agents into governed infrastructure instead of invisible spend.

What every actor gets

Six controls on every human, app, and agent.

Identity & ownership
Every actor, whether a person, an application, or an agent, is a first-class identity with a name, an owner, a business purpose, and an environment. No anonymous AI.
Per-actor budget
A monthly budget with alerts before the threshold and an automatic cutoff after it, so a looping agent stops before the invoice does the talking.
Model & provider access
An approved provider and model-tier scope per actor. Requests outside it are blocked at the gateway, or logged in shadow mode while you tune.
Kill switch
Disable an actor's Tallin-mediated model access in one click. The next request, on any of its keys, is rejected.
Shadow mode
Run a new agent in shadow first: Tallin records what it would have blocked, so you turn on enforcement with evidence, not guesswork.
Audit & review
Every request, cost, and policy decision is on the record per actor, and the AI Agent Review report turns it into a committee-ready artifact.

One agent, governed

Set it once. Enforced on every routed request.

Owner, scope, budget, and policy are defined when the agent is created, enforced in the live request path, and rolled up into one committee-ready line in the AI Agent Review.

Actor record

Representative example

deploy-agent-04 · agentENFORCED
Owner
Priya Nair · VP Support
Approved models
Claude Sonnet 4.5 · GPT-5 mini
Monthly budget
$2,000 · automatic cutoff at 100%
Policy
Customer PII prohibited by policy (content enforcement on the roadmap) · rate-limited
Kill switch
Armed
Capture
Metadata-only (configurable to full-content)

Honest coverage

Control what routes through Tallin. Prove what doesn't.

Tallin governs the AI traffic routed through it: model access, spend, and policy. It is explicit about what it does not control.

Enforced: per-actor model scope, budget cutoff, rate limit, and kill switch, in the live request path.
Not covered: direct provider calls made outside Tallin, and tool / MCP execution side effects. These are reported as gaps, never silenced.
Hosted gives the strongest immediate control; a VPC deployment keeps traffic and content in your environment. Talk to us about VPC.

Product / Actor controls · Runtime control

The controls every actor needs, before agents arrive at scale.

Gartner projects 150,000+ AI agents per Fortune 500 by 2028, yet only 13% of teams feel adequately governed. Agents spend and act unattended, so each one needs an owner and a leash you set in advance.

Assign every actor a named owner and an approved model scope, so unapproved models are blocked at the gateway.
Set a budget alert and an automatic cutoff, so spend stops before an overnight loop becomes an invoice.
Disable a misbehaving actor's Tallin-mediated model access with a one-click kill switch.
Run a new agent in shadow mode to see what it would have violated before you enforce, then turn on capping when you're ready.

What changes for you

No actor spends or acts without an owner and a limit.

Owner + scope
Every AI actor, whether a human, an app, or an agent, carries a named owner, an approved model scope, and a budget, so every dollar and action traces back to someone.
Cutoff + kill switch
An automatic budget cutoff and a kill switch turn runaway agent spend from an after-the-fact surprise into a control you set in advance and trigger in one click.
Owner-routed alerts
Alerts route to the right owner when an actor approaches its budget, requests an unapproved model, or trips a policy, giving admins a queue they can actually work.

Control queue

A live list of the controls on each actor.

Tallin keeps every control next to the actor it governs: budget cutoffs, approved model scope, required owners, kill switches, and the agents still running in shadow mode before enforcement.

Actor controls · 12 active · 3 need owner
Budget cutoff
Agent workloads · Enforced
Approved model scope
Per-actor gateway keys · Enforced
Owner required
Unowned actors · Active
Shadow mode
New agent rollout · Simulating

Control, on the record

Governance you can watch fire.

Every alert, cutoff, and block on gateway-routed traffic lands as an append-only entry, attributed to the actor that triggered it.

Enforcement log

Representative example

  • 09:41:12deploy-agent-04 · budget 92% reachedOwner alertedENFORCED
  • 10:07:53deploy-agent-04 · budget 100% reachedRouting paused (automatic cutoff)ENFORCED
  • 10:24:06support-triage-agent · model out of approved scopeRequest blocked at gatewayENFORCED
  • 11:15:38invoice-drafter-app · kill switch triggered by ownerModel access disabledENFORCED

Explore

The pieces that make it work.

Gateway: hosted or VPC

The in-path control point. Hosted for the strongest control, or in your own VPC for data residency.

Spend ledger

Every AI dollar attributed to the actor that spent it.

Coverage labels

Observed, inferred, enforced, or not covered, on every provider and actor.

Put an owner, a budget, and an off switch on every AI actor.

Create your first agent, give it a scope and a budget, and watch the controls hold in the live request path before you expand.