LLM Gateway, Proxy, Router, and Control Plane: Where Each Responsibility Begins and Ends
A responsibility matrix for separating HTTP forwarding, model selection, policy, configuration, audit, and operations in an LLM access stack.
Read the articleEnterprise AI Gateway & Control Plane
Connect private and public AI models behind one governed workspace and one OpenAI-compatible API. Tensor Cortex decides which models each user, application, and data class can use before optimizing for cost or speed.
simulation Incoming
Policy gate
Deployments
req_tc_8d4a → corp-glm-primary selected · private · 31 ms req_tc_9e12 → openai-enterprise selected · approved-cloud · 48 ms req_tc_77c1 → safe error returned public fallback blocked · prompt stayed private 01 / Platform
Tensor Cortex turns identity, application context, data sensitivity, model capabilities, health, and budget into one explainable route decision. Security filters the candidate set first. Optimization only happens inside that set.
Workspace
Employees use company-published profiles such as Automatic, Private, Fast, Coding, or Finance. Tensor Cortex applies company policy in the background and shows a clear security classification on every response.
Gateway
Applications connect to logical profiles, not physical model IDs. Move the
code or automatic profile to a different deployment without
shipping application changes.
from openai import OpenAI
client = OpenAI(
base_url="https://ai.company.com/v1",
api_key="tc_live_..."
)
response = client.chat.completions.create(
model="automatic",
messages=[{
"role": "user",
"content": "Summarize this incident."
}]
) Control
Publish policy without changing application code. Test a user, team, profile, and data class before release, then inspect every selected and rejected deployment through the route decision record.
WHEN
THEN
SIMULATION
02 / Security invariant
Fallback is evaluated against the same policy-approved deployment set. Once a stream starts, Tensor Cortex never silently continues the answer from another provider.
Review the security architectureBuilt for governed use
03 / Deployment
Each customer receives a dedicated, single-tenant Tensor Cortex deployment. Provider credentials, route metadata, and optional conversation history stay inside that environment.
Policybeforeoptimization
Cost and latency only rank models already allowed by policy.Profilesbeforeproviders
Users and applications see stable capabilities, not model churn.Metadatabeforecontent
Audit is useful without collecting every prompt and response.Explanationbeforeautomation
Every route records what was selected, rejected, and why.04 / FAQ
Technical and deployment questions teams ask before standardizing AI access.
Tensor Cortex is an enterprise AI access and control plane. It gives employees one governed AI workspace, applications one OpenAI-compatible gateway, and IT and security teams one place to manage model access, routing policy, safe fallback, audit, usage, and budgets.
A basic LLM gateway proxies requests or selects a provider. Tensor Cortex evaluates who is making the request, which application it belongs to, the data class involved, and the active company policy before it considers cost or latency. The same policy system governs both the employee workspace and developer API.
Yes. Tensor Cortex connects private OpenAI-compatible endpoints, models in a customer VPC or on-prem environment, enterprise cloud endpoints, and approved public providers. Logical profiles such as Automatic, Private, Fast, or Coding hide physical model changes from users and applications.
Fallback stays inside the policy-approved trust boundary. If a confidential request is private-only and no compliant private deployment is available, Tensor Cortex returns a safe error and records the route decision. It does not silently send the prompt to a public provider.
Tensor Cortex exposes an OpenAI-compatible chat completions endpoint with streaming and logical model aliases. Existing applications can normally connect by changing the base URL and API key while keeping a stable model name such as automatic or code.
The first production model is single-tenant. Tensor Cortex can run in your Kubernetes environment, cloud account, VPC, or on-prem network. A dedicated managed instance is also available. Docker Compose supports focused pilots.
Audit is metadata-only by default. Prompt and response content is not written to audit logs unless an organization explicitly enables encrypted content retention. Workspace conversation history can also be disabled by policy.
Tensor Cortex is the control layer, not an inference engine or GPU scheduler. It connects to model endpoints you already operate or procure. Private model deployment and managed inference can be delivered separately from the core platform.
Tensor Cortex Insights
Evidence-led technical guides that define decision boundaries, cite current primary sources, and include original frameworks or testable artifacts.
View all InsightsA responsibility matrix for separating HTTP forwarding, model selection, policy, configuration, audit, and operations in an LLM access stack.
Read the article05 / Pilot
Tell us about your environment and we will scope a focused pilot: your identity provider, one public provider, one private endpoint, and your data policies — inside your trust boundary.
Prefer email? hello@tensorcortex.com
req_tc_0000 Thanks — your request is recorded and we reply within two business days. Prefer to add something now? Write to hello@tensorcortex.com.