Why We Built Gate AI

For two years I've been watching AI tools improve more or less the way most people in software watched them. Curious, intermittent, often frustrated. Models in 2024 were impressive in demos and rough in practice. The same was mostly true for the first half of 2025. I kept watching, and so did the team.

Sometime in December 2025, the floor shifted. Andrej Karpathy observed it publicly around the same time I noticed it myself: LLM agent capabilities, especially in Claude and Codex, had crossed some kind of threshold of coherence. The shape of how I wrote software changed in a single week. Instead of typing implementation, I was writing intent and iterating between the model's drafts and my edits at a pace I had not previously thought possible. I started seeing the same shift in others on the team. People who were already strong engineers were quietly getting more productive, taking on broader scopes, owning more of the work end-to-end. Once you notice it, you cannot unsee it.

It became obvious to everyone watching closely that this technology was about to completely upend software, and not only software. Knowledge work itself is being reorganized at speed. Hiring freezes and reductions in the name of AI are now routine at the largest corporations. Individual builders are shipping prototypes in a week that used to require a team and a fundraise. The org chart is being rewritten. The economics of who can build what are being rewritten. Some people are hyperproductive at this moment, doing in a week what used to take a team a quarter. Others are collapsing under the weight of a job description that no longer matches the work in front of them. What emerges on the other side will look very different than what we walked into.

Through all of this, the Constellation team has been watching for the right place to plant a flag. We have spent years working on the kinds of problems few teams take on: decentralized networks, cryptography, adversarial systems, and applied data science at production scale. The right entry point in the AI moment was not obvious at first, but we wanted one where our existing strengths would add demonstrable value as the industry was being rewritten.

Yesterday we announced Constellation Gate AI and the benchmark results behind it. Gate AI is the flag we planted. This is the longer version: how the team got to this product, and where we are pointing the network next.

How the team got here

When you spend enough time thinking through the implications of a change this holistic, two things become obvious. The first is that the people who win the next decade are the ones who lean into the new tools and accept the risks that come with them, not the ones who pause to wait for the dust to settle.

The second is that the security and integrity layer underneath those tools is not where most of the industry is paying attention. The conversations right now are about AI governance, regulation, and compliance frameworks. Courts have started ordering audit logs of when and how AI was used in legal proceedings. All of that matters, but it sits at a layer above the technical reality. The actual surface where attacks land, the prompts, the tool calls, the data moving between agents and models, is still mostly an unmonitored boundary.

The team had already noticed both. We were heading toward AI before the AIAI acquisition closed. As we watched the moment unfold, we kept running into the same kind of problem in different forms: prompt-injection attacks against developer tools, credentials and secrets leaking into context windows, hijacked tool calls executing real commands, audit trails that nobody could verify. These were not abstract concerns. They were problems the people closest to the technology kept hitting and could not solve with what was on the market. The work was right there in front of us.

The gap we saw was this: every defensive product in AI security is built for enterprise procurement. CISOs, multi-month evaluations, six-figure annual contracts, professional services for integration. The product is real but it is not readily available to the millions of developers, small teams, and tinkerers running AI agents day to day. Those users had a choice. They could go full-scale into AI and accept the vulnerabilities, or they could stay cautious and watch the people moving faster pull ahead. Most chose the first option, because that is what the moment demanded. None of them had a real product to buy.

That gap is who we built Gate AI for. It is a consumer product for the developers, small teams, and individual contributors running AI day to day, with enterprise-grade protection built in. Maximally easy to set up, easy to use, easy to customize, and built so it does not get in the way of how people are already experimenting with new providers, new models, and new agent harnesses like OpenClaw and Hermes.

What Gate AI is

Gate AI is a drop-in security layer that sits between your AI agent and the model. We built it to deliver two things at once: enterprise-grade protection at developer pricing, and meaningful cost savings on every request through lossless compression and prompt caching. You point your existing tool at our endpoint and we screen every request and response in flight, before it reaches your model provider and again on the way back to your agent. We catch prompt-injection attempts, redact credentials and PII before they leak, and intercept hijacked tool calls before they execute. The same configuration works for any model or provider, so you can use Anthropic, OpenAI, Bedrock, Google, xAI, OpenRouter, and others without changing any code beyond the URL.

The product is shaped to fit the way developers and semi-technical users work with AI today. The first piece of that is Gate Connect, a small desktop app that configures your existing agent framework to route through Gate with a few clicks. If you are running Claude Code, OpenClaw, Hermes, or another coding agent, you install Gate Connect, pick the tools you want to route through Gate, and it handles the integration end-to-end. If you are tinkering at the edges with experimental harnesses and new model providers, Gate stays out of your way. You bring your own provider keys, or you use our pay-as-you-go option that bills your traffic across providers as a single line item. We deliberately did not build a walled garden. We built a layer.

Ryle Goehausen, our head of protocol, along with Marcus Sousa, veteran Constellation protocol developer, led the prompt-injection detection research and development. The problem they took on is harder than it looks. Existing detectors either miss too many real attacks or fire too often on legitimate user prompts, and either failure mode is fatal for a product like ours. The bar we needed to hit was high detection with low noise, at low cost, at low latency. None of the existing approaches got all four.

Their answer was a multi-layered cascade with escalation paths between layers, different model types specialized for different attack classes, often running in parallel. I will not give away the internals here, but the testing framework we built around it is part of why we trust the result. We evaluated against both public benchmarks and a private corpus assembled to catch the failure modes the public sets miss, with diagnostics for leakage, calibration, and generalization. The paper we published yesterday is the outcome of that work, and it shows the cascade meeting or exceeding the leading commercial offerings while running faster and costing less to operate.

The second value driver is cost. Gate compresses prompts losslessly and exploits provider-side prompt caching to cut token spend on most workloads by twenty percent or more, with cached prefixes coming back two to ten times cheaper. For users running serious agentic loops, this is not a rounding error. It pays for the product several times over.

Why Gate uses Digital Evidence

Today, AI security is fragmented across vendors and trust boundaries. Anthropic runs the model. A detection vendor like Lakera or Prompt Security inspects the request. An observability vendor like Helicone or Portkey logs the call. An audit trail, when one exists at all, lives on the customer's own infrastructure or inside the model provider's. Each of those pieces is a separate trust anchor. Each has to be trusted independently. There is no single boundary inside which you can ask: did this AI agent do what the operator says it did, or not.

Gate begins collapsing that picture with Digital Evidence, Constellation's tamper-evident proof layer launched in 2025. Detection happens at the gateway. The audit log lives on Digital Evidence itself, a decentralized substrate that lets anyone verify a record has not been modified since it was written, without needing to trust the operator who wrote it.

Every action on Gate, including requests, responses, redactions, flags, and configuration changes, is captured to an append-only event log. We anchor those logs to Digital Evidence through regular fingerprints containing a Sparse Merkle Tree root. Each root commits to the complete log state at that point in time, allowing individual entries to be verified later through inclusion proofs. The result is a record an auditor can cryptographically verify was not modified after the fact, without trusting Constellation as an institution. Anyone with the log and the on-chain fingerprint can confirm a record is what it was at the time it was written.

Digital Evidence has been used by regulated operators where verifiable records matter. Gate brings AI traffic into the same framework, with a fundamentally different traffic shape. AI coding agents and the people running them generate continuous, high-frequency streams of events: requests, responses, redactions, tool calls. Each one is anchored. Over time that traffic adds a new dimension to what the network is proving, and it adds substantial weight to Digital Evidence as a whole.

The economics line up the same way. More gateway requests means more anchored events, which means more activity flowing through the network and through the snapshot consensus that node operators secure. These are tokenomics specifics that deserve a separate post, but the high-level shape is clear. Gate is on track to be one of the network's largest sources of anchored activity, and the design of both Gate and Digital Evidence reflects that.

Where we're heading

The next move follows from the same logic. The trust boundary that Gate is collapsing for detection and audit can extend to inference itself. If the chain that anchors your log is also the chain that ran your model, the verification story tightens from "we anchored your log to our chain" to "the chain that ran your model also proved what it did." Every layer of trust inside one network, with one set of economic incentives, one set of audit primitives.

The research direction we are exploring uses the underutilized compute that already exists on Constellation Network nodes. Most of those nodes run on CPU server hardware without GPUs, which is a poor fit for large frontier models but a good fit for a specific class of useful workloads: speech-to-text, embedding models, OCR, smaller classifiers and routers. Models where the incremental cost on a node is near zero because the resources were already idle. We believe the same kinds of optimizations we landed on for the prompt-injection cascade apply to these systems as well, and that this is a real opportunity for the network rather than a thought experiment.

I want to be careful about how I frame this, because the work is still in research and development. We are not announcing a node-inference product today. There is no timeline I can quote. What I can say is that the architectural decisions we are making in Gate are designed to keep this path open, and the research continues. When the team has something concrete to show, we will.

Beyond inference itself, Gate opens up a broader space at the intersection of AI and blockchain. Node operators and metagraph operators participating as model providers. Novel model types developed inside the Constellation ecosystem for niche workloads that nobody else is incentivized to serve. Provenance and intelligence products built on top of the data streams flowing through the gateway. None of this requires a roadmap commitment from us today. The shape of the network is becoming a shape where these products are possible, and that is the more important thing.

The moment is here. AI is reorganizing knowledge work in front of our eyes, and the people who lean into the change with the right tools and the right safety net are the ones who will define what comes next. Evolve or die. But have fun while you are doing it.

Constellation Gate AI is in early access at constellationgate.ai. The full benchmark methodology and results are linked above. More coming.