Engineered to clear procurement
Every audit framework asks the same question: show me the log, prove it was not tampered with. IntentGate was built to make that conversation take minutes, not weeks.
The evidence is ready before the auditor asks
Most AI products get to "we like it" in a week and "procurement signed off" in a quarter. The bottleneck is evidence: the security review asks for an authoritative log of what the AI did and who saw it, the engineering team has to stitch one together from siloed systems, and three rounds of back-and-forth later the calendar is full.
IntentGate is built for the opposite shape. Every authorization decision the gateway makes is a structured, hash-chained, signed audit event the deployer already owns. The framework controls below map to specific gateway capabilities, so the answer to "show me the evidence for CC7.2" is one query, not a project plan.
Controls the auditor will ask about
Seven of the controls security reviewers cite most often, paired with the specific IntentGate capability that satisfies each one. Use this table as the spine of your security questionnaire response.
| Framework / control | What IntentGate gives you |
|---|---|
| SOC 2 CC6.3 — Logical access controls | JIT admin elevation replaces standing admin. Every privileged operation is linkable back to the operator, the approval, and the documented reason. "No operator held admin without approval" is a single audit query. |
| SOC 2 CC7.2 — System monitoring | Tamper-evident audit chain over every authorization decision. Per-tenant SHA-256 hash chain serialized with FOR UPDATE inside the insert transaction. One-click verification dashboard. |
| ISO 27001 A.9.2.5 — Review of user access | OIDC SSO + SCIM 2.0 push from your IdP. Off-boarding is automatic when the IdP marks the user inactive. Quarterly access reviews query the live console state. |
| ISO 27001 A.12.4.1 — Event logging | Every authorization decision, every admin action, every approval, every revocation lands in the persistent audit log with operator identity, policy reason, capability token id, tenant, and elevation id. |
| GDPR Article 30 — Records of processing | CSV / NDJSON export of the filtered audit set with tenant + time-window filters. Pair with a verification screenshot dated within the reporting period for the evidence pack. |
| AI Act Article 12 — Record-keeping | The audit log captures agent identity, tool, arguments, policy decision, reason, and timestamp. Schema is OCSF-lite, streams to your SIEM, exports as a portable artifact. |
| NIS2 / DORA — Operational resilience | Multi-replica gateway, fail-closed on revocation-store error, tenant-isolated chain heads, bounded buffers on audit fan-out so a slow SIEM never blocks authorization decisions. |
What the gateway does by default
Six properties the gateway ships with on day one, before any operator turns a knob. Every one is the answer to a procurement question that has come up at least once.
Cryptographic audit
Each event hashed into a per-tenant SHA-256 chain. FOR
UPDATE serializes concurrent emitters. Pre-feature rows
surface as skipped; verification doesn't fail over
legacy data.
Fail-closed
Revocation-store error blocks the call. Master key unset returns 503 on mint. The gateway refuses to authorize when it can't be sure the answer is correct.
Constant-time secrets
Admin tokens compared in constant time. Webhook signatures verified constant-time. No timing oracles on shared-secret comparisons.
AES-256-GCM at rest
Notification webhook URLs and TOTP secrets encrypted at rest with a customer-supplied key. Console reads on demand; consumers never touch ciphertext.
HMAC-signed webhooks
Gateway-to-console webhook traffic carries an
X-IntentGate-Signature: sha256=... header verified
constant-time on receive. Shared secret rotates without code
change.
Bounded buffers
Audit fan-out (SIEM, webhooks) runs through per-emitter bounded buffers and worker pools. A slow Splunk endpoint produces a dropped-count counter, never a backpressure failure on the hot path.
Need the one-pager for procurement?
Mapping of GDPR, AI Act, SOC 2, and ISO 27001 controls to IntentGate evidence, available on request. Useful as the attachment to the first security-review email so the reviewer arrives ahead of the conversation.
Request the compliance kitFor security researchers
Coordinated disclosure to security@intentgate.app. Embargo policy is 90 days from confirmed receipt, or earlier when a patch is available and customer-deployed. PGP fingerprint will be published alongside the docs site.
Email security@