How It Works
Your internal AI tools. Governed in an afternoon.
Verra is a proxy. Your app points at Verra instead of OpenAI or Anthropic directly. Nothing else changes: not your code, not your model, not your prompts. Every call gets scanned, logged, and policy-enforced before it reaches the model.
Step 1: Setup
Just one URL change.
Change the base URL in your existing OpenAI or Anthropic client to point at Verra, and add one header with your Verra key. That's it. Verra auto-registers your app on its first call, with no manual setup required.
Before
base_url = "https://api.openai.com/v1" api_key = "sk-..."
After
base_url = "https://api.helloverra.com/api/proxy"
api_key = "sk-..."
headers = { "x-verra-key": "va-..." }Works with OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, and Google Vertex.
Step 2: Every Call
Your app makes a call.
The moment your app sends a request, Verra intercepts it before it ever reaches the model. Three things happen in under 100ms.
Identify
Which app is calling, and what policy applies?
Verra looks up your app by its API key and loads your org-wide governance policy. If you've set per-app overrides (different rules for your customer-facing chatbot vs. your internal document tool), those are layered on top.
Scan
Is the content safe to send?
Four detectors run in parallel: prompt injection, jailbreak, data exfiltration, and policy violation. PII and secrets are flagged regardless. The whole scan adds around 70ms, with detectors running concurrently rather than sequentially.
Route
Block, flag, mask, or forward?
Clean requests are forwarded to the model. Requests with PII have sensitive content masked before forwarding. Flagged requests are logged with findings and routed to a private model if configured. High-risk requests are blocked before anything reaches the API, and the app receives a 400 with a reason code.
Step 3: The Decision
Every call resolves to one of four outcomes.
Based on the pipeline result, every request ends in one of these states.
No findings. The request is forwarded to the model and the agent gets a normal response. A receipt is written in the background.
Findings detected but below the block threshold. The request is forwarded (optionally to a private model target if configured), and the receipt is annotated with findings and risk signals so security teams can review it in the dashboard.
PII or secrets detected. Verra replaces sensitive values in the request with masked tokens before forwarding to the model. The model never sees the raw data. A receipt records which types were masked (email, SSN, phone, etc.).
The request is stopped and nothing reaches the model. The agent receives a 400 with a reason code. Two things can trigger a block:
Automatic block
Risk score exceeds the org's block threshold. No human involved. Common causes: SSN in payload, prompt injection with high confidence, forbidden tool for this agent type.
Pending approval
Policy requires justification for this risk level. The agent returns a 202 with an approval_id. A reviewer approves or rejects in the dashboard. Approvals expire after one hour.
Step 4: The Receipt
Every call leaves a receipt, with no raw text stored.
Regardless of verdict, Verra writes a receipt asynchronously after every call. Raw prompt text is never stored, only a hash, byte length, and metadata. You get full auditability without PII ever persisting in Verra's database.
After the call
Different teams, different views.
Verra is built so developers and security teams can work from the same data without stepping on each other.
Developers
See which agents are registered and their call stats
Debug blocked requests with reason codes and trace IDs
Review agent lineage
Configure model targets and environment per agent
Security teams
Set org-wide policy: block/warn thresholds, PII rules, custom LLM-judge rules
Review flagged and pending-approval receipts
Monitor shadow AI
Export audit logs for compliance
See it running on your apps.
15-minute demo. We'll map Verra to your compliance requirements and walk through real receipts and detection output.