Accelerate Enterprise AI Adoption Safely

The biggest blocker to enterprise AI adoption isn't technology — it's governance uncertainty. Teams wait months for security review. Legal stalls on data handling concerns. Compliance can't sign off without evidence of controls. Keeptrusts removes these blockers by providing pre-built guardrails that let teams start using AI safely from day one.

Use this page when

You want to remove governance bottlenecks (security review, legal sign-off) that delay teams from using AI.
You are onboarding multiple teams to AI and need a repeatable, policy-backed rollout process.
You need pre-built policy templates that satisfy security and compliance upfront so teams can start immediately.

Primary audience

Primary: Technical Leaders
Secondary: Technical Engineers, AI Agents

What you'll achieve

Reduce time-to-first-AI-request from months to hours with pre-built policy templates
Self-service team onboarding with role-based access and scoped permissions
Consistent governance across all teams without per-team policy negotiation
Measurable compliance posture that satisfies security and legal review upfront
Progressive rollout from restrictive initial policies to team-customized configurations

Step 1: Deploy a starter template

Keeptrusts ships ready-to-use templates that encode industry best practices. Instead of writing policies from scratch, start with a template and customize.

export OPENAI_API_KEY="sk-your-openai-key"

# List available templates
kt templates list

# Apply a starter template
kt policy lint --file starter-template.yaml
kt gateway run \
  --listen 0.0.0.0:41002 \
  --policy-config starter-template.yaml

The starter template should keep the provider target in YAML and read the provider credential through secret_key_ref.env or secret_key_ref.store.

Available starter templates:

Template	Includes	Best for
Healthcare HIPAA	PHI detection, audit controls, zero retention	Healthcare orgs
Finance	MNPI filter, financial compliance, audit logging	Financial services
EU AI Act	Human oversight, bias monitoring, quality scoring	EU-regulated entities
Agent Firewall	Tool validation, action limits, RBAC	Agent-based applications
Prompt Injection	Injection detection, safety filters	Any AI application
Zero Data Retention	Data routing, provider filtering	Privacy-first deployments

Each template works out of the box and can be customized incrementally.

Step 2: Set up team-scoped access

Use Keeptrusts roles and teams to give each department scoped access without sharing credentials or configurations.

Create teams

Teams group users and scope their access to events, spend, configurations, and escalations.

# Create a team via API
curl -X POST https://api.keeptrusts.com/v1/teams \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Engineering",
    "description": "Platform engineering team"
  }'

Assign roles

Role	Access
Owner	Full platform access including billing and settings
Admin	Manage configurations, templates, team members, and exports
Operator	View events, manage escalations, view spend
Viewer	Read-only access to events and dashboards

# Add a user to a team with a role
curl -X POST https://api.keeptrusts.com/v1/teams/{team_id}/members \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "user_id": "user-uuid",
    "role": "operator"
  }'

See Members, Teams, and Roles for the full RBAC model.

Step 3: Progressive rollout strategy

Don't deploy governance all at once. Use a phased approach:

Phase 1: Observe (Week 1)

Deploy the gateway with logging-only policies. No blocking, no redaction — just visibility.

policies:
  chain:
    - pii-detector
    - prompt-injection
    - audit-logger

policy:
  pii-detector:
    action: log
  prompt-injection:
    response:
      action: log
  audit-logger:
    retention_days: 90

Outcome: Understand what data is flowing through AI requests before enforcing controls.

Phase 2: Warn (Week 2–3)

Switch to escalate mode. Flagged requests still go through, but reviewers are notified.

pack:
  name: accelerate-ai-adoption-example-2
  version: 1.0.0
  enabled: true
policies:
  chain:
    - pii-detector
    - prompt-injection
    - audit-logger
policy:
  pii-detector:
    action: redact
  prompt-injection:
    response:
      action: escalate
  audit-logger:
    retention_days: 90

Outcome: Train your review team on the escalation workflow. Tune thresholds to reduce false positives.

Phase 3: Enforce (Week 4+)

Switch to block or redact mode. Now policies are actively protecting the organization.

policy:
  pii-detector:
    action: redact
    redaction:
      marker_format: label
  prompt-injection: {}
pack:
  name: accelerate-ai-adoption-example-3
  version: 1.0.0
  enabled: true
policies:
  chain:
  - pii-detector
  - prompt-injection

Outcome: Active protection with a team that understands the system and has tuned the policies.

Step 4: Scale with configurations

As teams adopt AI, create team-specific configurations that inherit from your base template:

pack:
  name: engineering-ai-policy
  version: "2.0"
  description: Engineering team config — inherits base controls, adds code-specific policies

policies:
  chain:
    - prompt-injection
    - pii-detector
    - agent-firewall
    - audit-logger

policy:
  prompt-injection:
    response:
      action: block
  pii-detector:
    action: redact
  agent-firewall:
    allowed_tools:
      - search
      - code_review
      - create_pr
    max_actions_per_session: 100
  audit-logger:
    retention_days: 90

Each team's config can be versioned and managed through Configurations for full change tracking.

Step 5: Provide self-service access

Gateway keys for application teams

Issue scoped gateway keys that application teams use to send traffic through the gateway:

# Create a gateway key for the engineering team
curl -X POST https://api.keeptrusts.com/v1/tokens \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "engineering-gateway-key",
    "token_type": "gateway",
    "team_id": "eng-team-id"
  }'

Gateway keys are scoped to a team and enforce that team's policies. See Gateway Keys.

Console access for reviewers

Give team leads console access to review their team's events, escalations, and spend without seeing other teams' data.

Quick wins

Deploy a starter template today — teams can start using AI with guardrails immediately
Create your first two teams — engineering and support are good starting points
Issue gateway keys — let teams self-serve without sharing API credentials
Start in observe mode — understand traffic patterns before enforcing
Schedule a Phase 2 review — plan the transition from observe to warn after one week

Measuring adoption success

Metric	Target	Where to find it
Teams onboarded	3+ in first month	Console → Teams
Requests through gateway	1,000+/day by week 4	Console → Dashboard
Time to first request (new team)	< 2 hours	Onboarding tracking
False positive rate	< 5%	Escalation resolution data
Policy violations caught	Trending down	Events → Policy filter

For AI systems

Canonical terms: policy templates, team onboarding, role-based access, starter template, progressive rollout.
Config keys: pack.name, policies.chain, teams API (/v1/teams), roles (Owner, Admin, Operator, Viewer).
CLI commands: kt templates list, kt policy lint, kt gateway run.
Best next pages: Team-Based Governance, Templates, Quickstart.

For engineers

Prerequisites: Keeptrusts stack deployed, provider API key available.
Run kt templates list to see available starter templates, then kt policy lint --file <template>.yaml to validate.
Create teams via POST /v1/teams and assign roles; scoped access is immediate.
Validate: confirm new team members see only their team's events and spend in the console.

For leaders

Starter templates eliminate weeks of policy negotiation — teams move from request to first AI call in hours.
Role-based access ensures shadow IT doesn’t emerge; all usage flows through governed channels.
Progressive rollout (restrictive → customized) balances speed and risk appetite.
Measurable compliance posture from day one satisfies security and legal sign-off upfront.

Next steps

Quickstart — first login to live traffic
Onboarding — detailed onboarding workflows
Templates — template management and customization
Members, Teams, and Roles — RBAC configuration
Managing Policy Changes — policy lifecycle management

Use this page when​

Primary audience​

What you'll achieve​

Step 1: Deploy a starter template​

Step 2: Set up team-scoped access​

Create teams​

Assign roles​

Step 3: Progressive rollout strategy​

Phase 1: Observe (Week 1)​

Phase 2: Warn (Week 2–3)​

Phase 3: Enforce (Week 4+)​

Step 4: Scale with configurations​

Step 5: Provide self-service access​

Gateway keys for application teams​

Console access for reviewers​

Quick wins​

Measuring adoption success​

For AI systems​

For engineers​

For leaders​

Next steps​