AI Pilot Configuration
Audience: Platform engineers, AI governance owners Time: ~20 min Prerequisites:
- A registered bouncer in the target environment (Bouncer Deployment)
- At least one upstream AI provider credential (OpenAI key, Azure deployment, AWS role, etc.)
This guide walks through all tabs of the AI Pilot dashboard (both the core tabs and the enterprise tabs added in 2026-Q2) and the underlying AI Pilot manifests each tab produces.
TL;DR
- Open AI Pilot and select a bouncer on the Overview tab.
- In Routing & models, add one backend per provider, then a route that sends the model to it.
- In Guardrails & DLP, enable classifiers and DLP profiles that match your risk posture.
- (Enterprise) Configure Cost Optimization, Observability, Cache & Rate Limits, mTLS, Resilience, MCP Proxy, Upstream Auth, and Advanced Audit as needed.
- Save. The Control Plane compiles your inputs into AI Pilot manifests (9 CRD kinds) and pushes them to the selected bouncer.
- Validate in Analytics and Traffic log; verify
AI_TRAFFIC_LOGevents in the audit trail. - (Enterprise) Verify Token Ledger, Audit stream, and Decision Lineage on the
/pilotdashboard.
1. Overview tab
The Overview tab shows all bouncers in the current environment. Four summary cards give you:
- Bouncer count (connected / intercepting)
- Current environment (Sandbox or Production)
- AI Pilot status —
Managedwhen Control Plane has at least one bouncer under management - SIEM outbox (AI) — delivered / failed / pending counts for AI events, plus last delivery timestamp
Quick links open the audit trail pre-filtered to AI events, guardrails, or traffic, and to the SIEM settings page.
2. Analytics tab
Aggregated AI telemetry. All numbers come from audit events captured by the bouncer's AI Pilot filters — no separate metrics pipeline is required.
- Time series: Requests, Tokens (in/out), Estimated cost, TTFT
- Breakdowns: by Model, Provider, Guardrail category
- Selectable window: 1h, 24h, 7d, 30d
Troubleshooting: If charts are empty, confirm the bouncer is intercepting traffic and that
AI_TRAFFIC_LOGevents are being emitted (see the Traffic log tab).
3. Traffic log tab
A per-request log view. Each row is an AI_TRAFFIC_LOG audit event with rich AI context:
- Outcome and guardrail / DLP action
- Model, provider, tool name
- Tokens in/out, estimated cost
- Duration, TTFT, ITL
- Cache status (hit / miss / bypass)
Filter by bouncer, model, provider, outcome, and guardrail action; export filtered results to CSV.
4. Routing & models tab
This tab is the visual front-end for AI Pilot manifests. Your inputs are compiled into a multi-document YAML bundle and delivered to the bouncer.
Service backends
Each backend describes one upstream provider.
| Field | Purpose | Compiled into |
|---|---|---|
| Name / ID | Logical identity | AIServiceBackend.metadata.name |
| Provider type | openai, azure-openai, anthropic, bedrock, vertex, openai-compatible | AIServiceBackend.spec.schema |
| Endpoint | Absolute URL or provider-native base | Backend host |
| Model | Default model name to send upstream | Route-level model override |
| Credential ref | Name of the stored credential | BackendSecurityPolicy |
| Rate limit | Token budget per window | BackendTrafficPolicy |
Credentials are stored in the Control Plane's credential vault; only a reference is ever sent to the bouncer.
Route rules
Each rule is conditional on request attributes. All conditions in a rule use AND.
Condition types:
model— caller-supplied model name (supports exact match or prefix)header— any request headertool_name— MCP tool invocation namemetadata— decision metadata key
For each matched rule you provide:
- Primary backend (required)
- Fallback chain (ordered list used on 5xx, rate-limit, or circuit break)
- Rate limit descriptor reference
- Model mapping to rewrite the caller's model name to the provider's actual model ID
Rate limits
Rate limits are token-aware (not only request-count). Each descriptor names:
name— unique identifiertokens_per_minuteconcurrent_requestsbudget_usd_per_day(optional hard cap)scope—global,per_user, orper_api_key
Preview
A live YAML panel shows the exact multi-document bundle that will be pushed. Use it to review before saving.
Troubleshooting: If save returns a 400, the preview panel highlights the offending document. Most common cause: a referenced credential ref does not exist in the vault.
5. Guardrails & DLP tab
These controls run in the bouncer's external processor filter alongside AI Pilot. They are Control Core's value-add. Everything the ext_proc does is captured as audit events and streamed to SIEM.
Guardrails
- Classifier provider — Llama Guard (self-hosted), Azure AI Content Safety, OpenAI moderation, or custom
- Endpoint / model / timeout
- Apply to prompt / Apply to response toggles
- Category policies — for each category (e.g.
self-harm,violence,jailbreak), choose the action (block,redact,annotate,off) and threshold
DLP profiles
Each profile bundles detectors plus an action. Supported built-in detectors include:
credit_card, ssn, iban, us_bank_routing, email, phone, passport, ip_address, jwt, aws_access_key, aws_secret, gcp_service_account, pgp_private, ssh_private, api_key_generic.
You can also supply custom regex patterns and an allowlist of terms that should never trigger a match.
Prompt cache
- Enabled toggle
- TTL (seconds)
- Semantic match (optional; requires an embedding backend)
- Include system prompt — if off, two requests that differ only in their system prompt will share a cache entry
Troubleshooting: If a request that should be blocked is not, check the category threshold — scores below the threshold are treated as safe.
6. Enterprise tabs (2026-Q2)
The following tabs were added for multi-provider, multi-target AI governance. They appear on the Settings → AI Pilot page alongside the original tabs.
Cache & Rate Limits tab
Configure how the bouncer stores rate-limit counters and semantic cache entries.
| Field | Purpose |
|---|---|
| Topology | bundled (Redis + RLS sidecars alongside bouncer), external (your existing Redis/RLS), or disabled |
| Redis URL | Connection string for the Redis instance |
| Rate Limit Endpoint | gRPC endpoint for the envoyproxy/ratelimit service |
| Rate Limit Domain | Namespace for rate-limit descriptors (default: ai_pilot) |
| Failure Mode | allow (open) or deny (closed) when Redis/RLS is unreachable |
See Cache & Rate Limits for deployment instructions.
mTLS tab
Enforce mutual TLS between the bouncer and internal AI targets.
| Field | Purpose |
|---|---|
| Enabled | Master toggle |
| Trust Bundle Path | Path to the CA bundle on the bouncer filesystem or SPIRE SDS reference |
| Client Cert / Key | Bouncer's client certificate for mTLS handshake |
| Failure Mode | reject (drop connection) or passthrough (log warning, allow plaintext) |
See mTLS Enforcement.
Resilience tab
Circuit breakers, retries, hedging, and fallback chains.
| Section | Fields |
|---|---|
| Circuit Breaker | Trigger type (error_rate, cost_threshold, latency_p99), threshold, window, half-open probes |
| Retries | Max retries, retry budget (% of total), backoff, retryable status codes |
| Hedging | Delay before hedge, max parallel requests |
| Fallback Chain | Ordered list of backup backends when primary is circuit-broken |
See Resilience & Circuit Breaker.
MCP Proxy tab
Configure the bouncer as an intelligent proxy between MCP clients and MCP servers.
| Field | Purpose |
|---|---|
| Mode | passthrough (transparent), registry (routes by server ID), broker (full tool-level routing) |
| Registered Servers | List of MCP servers with ID, endpoint, allowed tools, and PBAC overlay |
| Tool Response Cache | Enable/disable, TTL. Requires Redis. |
See MCP Proxy Mode.
Upstream Auth tab
Manage credentials for connected AI/LLM providers at the bouncer, eliminating API keys in app code.
| Field | Purpose |
|---|---|
| Provider Entries | One entry per upstream (provider name, auth type, credentials) |
| Auth Types | oauth2, oidc, api_key, aws_sigv4, azure_ad |
| Token Refresh | Automatic rotation for OAuth2/OIDC; refresh interval configurable |
See Upstream Auth.
Advanced Audit tab
Deep audit trail configuration for compliance and forensics.
| Field | Purpose |
|---|---|
| Decision Lineage | Capture full policy evaluation chain per request |
| Prompt/Response Hashing | SHA-256 hash for forensic correlation without storing content |
| Sampling Rate | Percentage of requests to audit (1–100%) |
| Retention | Days to keep detailed audit events |
| SIEM Forwarding | Additional event types to forward (AI_TOKEN_USAGE, AI_MCP_TOOL_CALL, AI_DECISION_LINEAGE) |
See Advanced AI Audit.
Cost Optimization tab (redesigned)
The Cost tab now supports multi-target cost rules instead of a single global limit.
Each cost rule specifies:
| Field | Purpose |
|---|---|
| Target Type | model, mcp_server, provider, app, global |
| Provider | Which AI provider this rule applies to |
| Model / Server | Specific model or MCP server identifier |
| Application | Scope to a specific calling application |
| User Role | Scope to a specific user role |
| Max Tokens/Day | Daily token budget |
| Max USD/Day | Daily cost cap in USD |
| Fallback | What happens on breach: block, downgrade_model, alert_only |
See Cost Optimization (multi-provider).
Observability tab (redesigned)
The Observability tab now supports dimensional filtering. Apply any combination of:
- Time window (1h, 6h, 24h, 7d)
- Target type (llm, mcp, rag, agent, api)
- Provider, Model
- MCP server, AI agent, RAG service
- Application, User
- Decision outcome (allow, deny, rate_limited)
Audit & SIEM linkage
Every decision AI Pilot and ext_proc make lands in the audit log with one of these event types:
AI_TRAFFIC_LOG— a successful callAI_POLICY_VIOLATION— a guardrail or DLP blockAI_PII_REDACTION— content was redacted before reaching the model or the callerAI_TOKEN_USAGE— per-transaction token consumption and cost (2026-Q2)AI_MCP_TOOL_CALL— MCP tool invocation audit (2026-Q2)AI_DECISION_LINEAGE— full decision chain including policy path and obligations (2026-Q2)PILOT_*— configuration changes
Deep links in the Overview tab jump to the audit page with the right filter applied:
/audit?quickFilter=ai-pilot— everything AI-related/audit?quickFilter=ai-guardrails— guardrail and DLP events only/audit?quickFilter=ai-traffic— traffic log only
To export these to Splunk, Elastic, QRadar, Sentinel, or Grafana Loki, configure a SIEM target at Settings -> Audit logs. The dashboard's SIEM outbox (AI) card shows pending / delivered / failed counts and surfaces the most recent delivery error.
Bouncer Plugin Admin Endpoints (2026-Q2)
The bouncer's plugin admin server (default port 9998) exposes these endpoints for the Control Plane to query:
| Endpoint | Method | Purpose |
|---|---|---|
/pilot/config | GET/PUT | AI Pilot configuration (source of truth on bouncer) |
/pilot/observability | GET | AI telemetry time-series with dimensional filtering |
/pilot/recent-payloads | GET | Recent prompt/response previews |
/pilot/token-ledger | GET | Per-transaction token usage with dimensional filters |
/pilot/decision-lineage | GET | Recent decision-lineage events |
/pilot/audit-stream | GET | Live AI audit event stream |
/pilot/cache-probe | GET | Redis and RLS connectivity status |
These endpoints are consumed by the Control Plane's /pilot/bouncer/{pep_id}/* API routes and displayed on the /pilot dashboard.
Validation checklist
- Bouncer selected in the intended environment
- At least one backend saved successfully; preview YAML passes lint
- Guardrails category policies reviewed for false positives
- DLP profile tested with a synthetic prompt
-
AI_TRAFFIC_LOGevents visible in the traffic log - SIEM outbox card shows non-zero delivered after first traffic
- (Enterprise) Cache topology configured and probe returns healthy
- (Enterprise) Cost rules cover all active providers and models
- (Enterprise) Observability filters return expected dimensional data
- (Enterprise) Decision lineage events visible in Audit tab
Next steps
- AI Pilot Troubleshooting
- AI Pilot Enterprise Onboarding
- Observe & Audit — audit schema and export
- Controls Manager Guide — author controls that consume AI attributes