Compare
Intended Gateway vs the alternatives.
Honest comparison of the tool-call-governance and AI-ops products that share the base-URL-swap integration shape. We're calling the differentiators clearly: where we win, where they win, where the categories simply don't overlap.
Cells are kept current as competitor capabilities ship. If you spot an inaccuracy, email facts@intended.so and we'll correct it. Source links and product version snapshots are tracked in our public comparison sources doc.
| Feature | Intended | Cloudflare AI Gateway | Lakera | Portkey | Wiz Runtime |
|---|---|---|---|---|---|
Base-URL-swap integration | Yes | Yes | Yes | Yes | eBPF (host-level) |
Authority decision per tool call (allow / deny / escalate) | Yes | No | Yes (prompt level) | Limited | No |
Human-in-the-loop escalation queue | Built in | No | Via webhook | No | No |
Cryptographic Authority Token issued on approval Lets the action's downstream verifier prove the authority chain without re-checking with the gateway. | Yes (RS256 + JWKS) | No | No | No | No |
Hash-chained immutable audit | Yes | Logs only | Logs only | Logs only | Logs only |
Physical-AI / robotics support Includes a Python verifier that runs on the robot to gate actuation on a fresh authority token before motors move. | Yes (NVIDIA NIM + ROS2 token verifier) | No | No | No | No |
AWS Bedrock binary event-stream support | Yes | Partial | No | Partial | No |
Self-hostable (your VPC, your image) | Yes (Apache-2.0 source) | No | Enterprise tier | Enterprise tier | Yes (agent install) |
Customer keeps the model API key | Always | Always | Always | Configurable | N/A (host-level) |
Primary trust anchor | Tenant key + JWKS public keys | Cloudflare account | Lakera account | Portkey account | Wiz agent identity |
Provider coverage at GA | Anthropic, OpenAI, NIM, Bedrock-Anthropic, Vertex-Gemini | Anthropic, OpenAI, Bedrock, Vertex, others | Anthropic, OpenAI, Bedrock | Anthropic, OpenAI, 100+ | Host-level (any binary) |
Where the others win
We're honest about what we don't do.
Cloudflare AI Gateway
If your need is hit-rate caching, anonymized analytics, and rate limiting across 100+ providers — Cloudflare ships those today, free at edge scale. We don't compete on caching. Our wedge is decision-per-tool-call with audit chain + human escalation, which Cloudflare doesn't offer.
Lakera Guard
Lakera is the leader in prompt-injection and content moderation classifiers. If your threat model is “a user is trying to jailbreak my chatbot,” Lakera's classifiers are trained on more attack data than anyone else. Our differentiation is downstream — what to do once the model wants to take a tool action.
Portkey
Portkey is the AI-ops Swiss Army knife — observability, prompt versioning, retries, fallback, fan-out. If you need that breadth, you pick Portkey. If you need a hard authority decision per tool call with cryptographic evidence, you pick us. They can coexist.
Wiz Runtime
Wiz operates at the host eBPF layer — they see syscalls, not LLM tool calls. Their runtime category is cloud-native security broadly. Different category; we're complementary, not substitutes.
When to pick Intended
- When agent tool calls take real-world actions — payments, emails, deploys, robot actuation — and you need to prove the action was authorized, not just hope.
- When your buyer's security team will demand a hash-chained audit trail and a cryptographic authority token they can verify offline.
- When you're running NVIDIA-stack physical AI (NIM, NeoClaw, Isaac Sim, ROS2) and you need a verifier that gates actuation on a fresh authority token, not just a cloud-side approval that never reaches the robot.