AI Security Posture Management

Security for every AI API call

Fire Mission sits between your apps and your AI providers — scanning every request, enforcing policy, and building an audit trail. Four tiers, published prices, no "contact sales" gotcha.

Monthly Annual 2 months free
🔑

Fire Mission charges for the security layer — not for AI inference. You pay OpenAI, Anthropic, Google, Groq, and other providers directly at their published rates. Your token costs never pass through our billing. Fire Mission adds zero markup on inference.

Observe

$0

free forever, no credit card

Detect and log AI security events — 1,000 gateway calls/month, no credit card required

  • Up to 1,000 AI gateway calls/month (hard cap)
  • 2 BYOK provider keys (OpenAI, Anthropic, Gemini, Groq, Together AI)
  • AI security scanning on every call — PII detection, prompt injection, model verification
  • Detect-and-log mode: violations flagged and logged, not blocked
  • 7-day audit log retention
Start free

Control

$29 /seat/mo

billed monthly

Active AI DLP blocking with 90-day audit retention — unlimited gateway calls

  • Unlimited AI gateway calls/month
  • Active AI DLP blocking — violations stopped in-flight, not just logged
  • 4 BYOK provider keys (OpenAI, Anthropic, Gemini, Groq, Together AI, and more)
  • Mandatory security scanning: PII, prompt injection, model substitution detection
  • 90-day audit log retention
Get Control
Most popular

Protect

$99 /seat/mo

3-seat minimum

Full AI security stack with audit export, custom policies, exec dashboard, and SIEM integration

  • Unlimited AI gateway calls/month
  • Active AI DLP blocking + custom policy enforcement
  • 8 BYOK provider keys — all approved providers
  • 1-year audit log retention with CSV/NDJSON export
  • Executive AI Risk Dashboard + SIEM webhook (Splunk, Elastic, Datadog)
Get Protect

Command

$299 /seat/mo

10-seat minimum

Enterprise-grade AI security with SCIM, on-prem deployment, unlimited retention, and SLA

  • Everything in Protect, plus:
  • SCIM 2.0 user provisioning (Okta, Azure AD, Google Workspace)
  • On-premises / air-gapped deployment option
  • Unlimited audit log retention
  • Uptime SLA + dedicated security engineer
Get Command

Full security feature comparison

Every row is enforced in the gateway — not a checkbox on a marketing page.

Included Not available on this tier ⚠️ Detect & log only (Observe tier)
Feature
Observe
Free
Control
$29/seat
Protect
$99/seat
Command
$299/seat
🛡️Gateway Security
BYOK proxy (bring your own AI provider key)
Mandatory security scan on every call
Prompt injection & jailbreak blocking
API key leakage detection
LLM model substitution detection
Monthly gateway call cap 1,000 callsUnlimitedUnlimitedUnlimited
BYOK provider keys included 2 keys4 keys8 keysUnlimited
🔒AI Data Protection
AI DLP enforcement mode ⚠️ Detect & log✅ Active block✅ Active block✅ Active block
Custom security policies
📋Compliance & Audit
Audit log retention 7 days90 days365 daysUnlimited
Audit log export (CSV / NDJSON)
SIEM webhook push
Executive AI Risk Dashboard
🏢Enterprise Identity
SCIM 2.0 user provisioning
Deployment & SLA
On-premises / air-gapped deployment
Uptime SLA + priority incident response
Support EmailEmailPriorityPriority + dedicated engineer

⚠️ Observe tier detect-and-log mode: PII violations are flagged and written to audit logs but the request continues to the AI provider. Prompt injection and API key leakage are hard-blocked on all tiers — these are active attacks, not data classification events.

🔐

Zero prompt storage

Fire Mission logs token counts, cost, latency, and security verdicts — never raw prompt or completion bytes. Two-plane isolation: metadata only on the control plane.

🌐

US-only provider policy

Geopolitical supply chain enforcement built in. All approved AI providers must serve from US-based infrastructure. Foreign-jurisdiction providers are blocked at the gateway.

📜

Compliance posture

SOC 2 Type I in progress · NIST 800-53 aligned · HIPAA-ready architecture · FedRAMP-aligned (Moderate readiness on roadmap) · PCI DSS SAQ-A (Shift4 iframe checkout)

Start on Observe — upgrade when ready

Observe is free forever. See every AI call scanned in real time, build an audit trail, and move to active blocking when your team is ready.

Defense, federal, or DoW deployment? See Fire Mission Defense Edition →

All prices are USD and exclude applicable taxes. Per-seat pricing applies to named users. Seat minimums (Protect: 3, Command: 10) are enforced at checkout.

Compliance claims: "SOC 2 Type I in progress" (not yet certified) · "HIPAA-ready" (not HIPAA compliant) · "FedRAMP-aligned" (not FedRAMP authorized) · "NIST 800-53 aligned" (not certified).