I’ve been building a similar enforcement layer, but focused first on customer-facing AI systems where mistakes create contractual or financial obligations rather than just infra damage.
One thing that surprised me in practice: teams don’t just need a state machine and allow/deny. They need the gateway to explain why an action was blocked, what policy path fired, and what approval chain would be required to proceed.
Otherwise ops teams can’t debug policy coverage when something goes wrong.
Curious whether you’re seeing demand more from infra teams or from CX / RevOps / compliance orgs right now.