Security for every AI API call
Fire Mission sits between your apps and your AI providers — scanning every request, enforcing policy, and building an audit trail. Four tiers, published prices, no "contact sales" gotcha.
Fire Mission charges for the security layer — not for AI inference. You pay OpenAI, Anthropic, Google, Groq, and other providers directly at their published rates. Your token costs never pass through our billing. Fire Mission adds zero markup on inference.
Observe
free forever, no credit card
Detect and log AI security events — 1,000 gateway calls/month, no credit card required
- ✓ Up to 1,000 AI gateway calls/month (hard cap)
- ✓ 2 BYOK provider keys (OpenAI, Anthropic, Gemini, Groq, Together AI)
- ✓ AI security scanning on every call — PII detection, prompt injection, model verification
- ✓ Detect-and-log mode: violations flagged and logged, not blocked
- ✓ 7-day audit log retention
Control
billed monthly
Active AI DLP blocking with 90-day audit retention — unlimited gateway calls
- ✓ Unlimited AI gateway calls/month
- ✓ Active AI DLP blocking — violations stopped in-flight, not just logged
- ✓ 4 BYOK provider keys (OpenAI, Anthropic, Gemini, Groq, Together AI, and more)
- ✓ Mandatory security scanning: PII, prompt injection, model substitution detection
- ✓ 90-day audit log retention
Protect
3-seat minimum
Full AI security stack with audit export, custom policies, exec dashboard, and SIEM integration
- ✓ Unlimited AI gateway calls/month
- ✓ Active AI DLP blocking + custom policy enforcement
- ✓ 8 BYOK provider keys — all approved providers
- ✓ 1-year audit log retention with CSV/NDJSON export
- ✓ Executive AI Risk Dashboard + SIEM webhook (Splunk, Elastic, Datadog)
Command
10-seat minimum
Enterprise-grade AI security with SCIM, on-prem deployment, unlimited retention, and SLA
- ✓ Everything in Protect, plus:
- ✓ SCIM 2.0 user provisioning (Okta, Azure AD, Google Workspace)
- ✓ On-premises / air-gapped deployment option
- ✓ Unlimited audit log retention
- ✓ Uptime SLA + dedicated security engineer
Full security feature comparison
Every row is enforced in the gateway — not a checkbox on a marketing page.
| Feature | Observe Free | Control $29/seat | Protect $99/seat | Command $299/seat |
|---|---|---|---|---|
| 🛡️Gateway Security | ||||
| BYOK proxy (bring your own AI provider key) | ✅ | ✅ | ✅ | ✅ |
| Mandatory security scan on every call ⓘ | ✅ | ✅ | ✅ | ✅ |
| Prompt injection & jailbreak blocking | ✅ | ✅ | ✅ | ✅ |
| API key leakage detection | ✅ | ✅ | ✅ | ✅ |
| LLM model substitution detection ⓘ | ✅ | ✅ | ✅ | ✅ |
| Monthly gateway call cap | 1,000 calls | Unlimited | Unlimited | Unlimited |
| BYOK provider keys included | 2 keys | 4 keys | 8 keys | Unlimited |
| 🔒AI Data Protection | ||||
| AI DLP enforcement mode ⓘ | ⚠️ Detect & log | ✅ Active block | ✅ Active block | ✅ Active block |
| Custom security policies ⓘ | — | — | ✅ | ✅ |
| 📋Compliance & Audit | ||||
| Audit log retention | 7 days | 90 days | 365 days | Unlimited |
| Audit log export (CSV / NDJSON) | — | — | ✅ | ✅ |
| SIEM webhook push ⓘ | — | — | ✅ | ✅ |
| Executive AI Risk Dashboard ⓘ | — | — | ✅ | ✅ |
| 🏢Enterprise Identity | ||||
| SCIM 2.0 user provisioning ⓘ | — | — | — | ✅ |
| ⚡Deployment & SLA | ||||
| On-premises / air-gapped deployment | — | — | — | ✅ |
| Uptime SLA + priority incident response | — | — | — | ✅ |
| Support | Priority | Priority + dedicated engineer | ||
⚠️ Observe tier detect-and-log mode: PII violations are flagged and written to audit logs but the request continues to the AI provider. Prompt injection and API key leakage are hard-blocked on all tiers — these are active attacks, not data classification events.
Zero prompt storage
Fire Mission logs token counts, cost, latency, and security verdicts — never raw prompt or completion bytes. Two-plane isolation: metadata only on the control plane.
US-only provider policy
Geopolitical supply chain enforcement built in. All approved AI providers must serve from US-based infrastructure. Foreign-jurisdiction providers are blocked at the gateway.
Compliance posture
SOC 2 Type I in progress · NIST 800-53 aligned · HIPAA-ready architecture · FedRAMP-aligned (Moderate readiness on roadmap) · PCI DSS SAQ-A (Shift4 iframe checkout)
Start on Observe — upgrade when ready
Observe is free forever. See every AI call scanned in real time, build an audit trail, and move to active blocking when your team is ready.
Defense, federal, or DoW deployment? See Fire Mission Defense Edition →
All prices are USD and exclude applicable taxes. Per-seat pricing applies to named users. Seat minimums (Protect: 3, Command: 10) are enforced at checkout.
Compliance claims: "SOC 2 Type I in progress" (not yet certified) · "HIPAA-ready" (not HIPAA compliant) · "FedRAMP-aligned" (not FedRAMP authorized) · "NIST 800-53 aligned" (not certified).