Start from the problem, not the product
Senthex is an AI firewall and verifiable audit trailin front of your LLMs and agents. Most buyers don't arrive searching for a “LLM firewall” — they arrive with a problem to solve. Here are the five we hear most, each answered with what actually ships today and what is the v1.1.7 pilot.
Compliance / DPO
Prove what your AI did with customer data
A metadata-first audit trail, with a SHA-256 hash chain + RFC 3161 timestamp + offline verifier in the v1.1.7 pilot — tamper-evident, not tamper-proof.
Read the answer →Security / incident response
Reconstruct an AI decision after an incident
Rebuild the timeline of what your AI did across providers from a per-call record, and export it to your SIEM.
Read the answer →Application / platform engineering
Detect prompt injection in your LLM stack
26 best-effort input/output shields per call — verdict, score and rule version — before any token leaves your jurisdiction. OWASP LLM01.
Read the answer →Agent / platform engineering
Secure AI agents and MCP tools
Detect injection before the agent acts. In the ATLAS experiment, an enforcing firewall triggered the fraudulent transfer in 0 of 17 runs.
Read the answer →CISO / procurement
Keep your AI logs in the EU and under your control
EU-hosted on Hetzner (Germany), or self-host the proxy on-prem, in your own cloud, or a tested Azure deployment. From €5,000/year.
Read the answer →Frequently asked questions
What is Senthex?
Senthex is an AI firewall — a reverse proxy you reach by changing one base_url — plus a verifiable audit trail, placed in front of your LLMs and agents. It detects prompt injection, redacts PII, and records what your AI did. It is EU-hosted and self-hostable.
Is Senthex a firewall or an audit tool?
Both. It runs 26 best-effort input/output shields on every call (the firewall) and keeps a metadata-first record of each call (the audit trail). In the v1.1.7 pilot, that record is chained with SHA-256 and anchored to an RFC 3161 timestamp so it can be verified offline.
What is shipping today versus the pilot?
Shipping: the proxy, the shields, metadata logging, EU hosting and self-host. Pilot (v1.1.7): the verifiable, tamper-evident chain — SHA-256 + RFC 3161 timestamp + offline verifier. We label this clearly everywhere so nothing surprises you in a technical review.
Which EU AI Act articles does Senthex help with?
Record-keeping maps to Articles 12 and 19 (generate and retain logs, at least six months). The shields are a technical control that maps to Article 15(5) cybersecurity. No single vendor makes you compliant with Article 15 — that is a system-level duty.
How do I start?
Change your base_url to Senthex and add an X-Senthex-Key header — your existing SDK and API key are unchanged. The Free plan is 1,000 requests/month with no credit card. Detection is best-effort, not exhaustive (OWASP ranks prompt injection LLM01).