Frequently Asked Questions

An AI Control System includes mechanisms, frameworks, and processes designed to monitor, regulate, and constrain artificial intelligence (AI) systems to ensure they operate within predefined boundaries and do not cause unintended or harmful consequences. These systems include both technical methods (e.g., algorithms, guardrails) and governance practices (e.g., policies, audits) to align AI behavior with human objectives and safety requirements.

ThirdLaw tackles risks associated with LLMs, such as compliance violations, data security gaps, operational unpredictability, and lack of control over how models are used.

ThirdLaw combines observability, governance, and security for LLMs in one platform. It stands out by: Offering real-time enforcement of AI safety rules (vs. static compliance checks). Bridging observability with actionable governance for enterprise IT workflows (integrating with tools like Splunk and Datadog). Providing no-code guardrails that combine semantic analysis and pattern detection.

Use ThirdLaw to monitor, govern, and enforce compliance on LLM usage in real-time, protecting your organization from risks like misuse, data leaks, and unsafe outputs.

ThirdLaw offers four core services: Collect: Captures LLM activity logs, providing full visibility. Evaluate: Analyzes LLM inputs and outputs for compliance, safety, and performance. Intervene: Enforces real-time controls to block risky behavior. Investigate: Reconstructs full LLM exchanges and sessions to enable root cause analysis, audit trails, and incident response.

ThirdLaw is a platform for ensuring AI safety and security by providing last-mile governance, observability, and control for Large Language Models (LLMs) in enterprise applications.

Once installed in your VPC, you can get started with ThirdLaw in under 5 minutes. First, choose your collection point. There are a wide number of options available including ThirdLaw SDKs, Plug-ins for existing gateways, ThirdLaw APIs for ingestion and OTEL-based Collectors. Next, login to the ThirdLaw Console to Create a New Scope: Select an existing Law or create a new one to apply within this Scope Test Laws in the Trial Environment: Set the status of your Scope to Active. By following these steps, you can set up ThirdLaw in your LLM application within minutes, ensuring robust governance and control over your AI outputs.

Not at this time. ThirdLaw is designed to be deployed in customer managed VPCs within AWS.

ThirdLaw support AWS S3 and Azure Blob Storage

ThirdLaw processes a wide range of data types: Textual Data: Plain text and structured documents (e.g., chatbot logs, user queries). Images: AI-generated images or content moderation tasks (e.g., screenshots). Audio: Speech-to-text transcription (e.g., call recordings). Video: Video transcription and summarization (e.g., live-stream monitoring). Code: Programming scripts and files used for development or analysis. Numerical Data: Structured numbers used for calculations, predictions, or analysis.

Yes, ThirdLaw Collect can function independently, allowing you to gather and monitor LLM interactions without necessarily employing the Evaluate or Intervene modules.

ThirdLaw is deployed within your VPC, provisioned and run as a service. This allows customers to maintain and protect your data within your environment while enabling the properties of a service. Some might call this configuration "Bring Your Own Cloud" or "Customer Managed Infrastructure".

ThirdLaw uses lightweight monitoring agents that capture and process data in configurable ways, including asynchronously, ensuring configurable latency while providing actionable insights or interventions.

ThirdLaw provides a detailed log of all LLM interactions, capturing inputs, outputs, and context. You can use the platform's intuitive interface to search, filter, and review these interactions for compliance, performance, and risk analysis, ensuring full auditability. ThirdLaw records all edits and activities performed by ThirdLaw administrators as well.

Yes, ThirdLaw complements traditional observability tools by focusing on LLM-specific risks, offering integrations to export insights and alerts for broader system monitoring.

ThirdLaw enforces real-time interventions, such as blocking unsafe outputs or alerting on policy breaches, rather than relying solely on post-event analysis.

ThirdLaw integrates with Splunk Enterprise, Splunk Enterprise Security (SIEM), and Splunk SOAR. ThirdLaw's Roadmap includes similar work with other market leaders in the XDR and Observability markets.

OpenAI and Azure OpenAI, Anthropic, Mistral AI, Google Generative AI (Gemini), AWS Bedrock, Google Vertex AI

ThirdLaw has support for Python and TypeScript SDKs with additional programming languages on the roadmap.

ThirdLaw currently support a variety of versions of Kong API Gateway, Envoy, LiteLLM, and NGINX

ThirdLaw supports multi-modal LLMs by applying tailored guardrails and monitoring logic for each modality, ensuring consistent risk mitigation across text, images, and code.

No, ThirdLaw operates as a layer on top of your existing LLMs, enabling guardrails and monitoring without retraining or modifying the underlying models.

ThirdLaw offers dashboards and reports with metrics like input-output patterns, alert condition reports, and trend analyses for performance and safety.

ThirdLaw allows deep customization, including bespoke rules, semantic similarity thresholds, and integration with enterprise-specific compliance workflows.

An Evaluation is a self-contained logic module that answers a specific analytical question (e.g., “Is this hate speech?”) using a designated Analytic Engine (e.g., regex, semantic similarity, LLM-based classification). Evaluations may also be referred to as “evaluators” or “detections.” Each Evaluation consists of:

• Configuration: Parameters that define execution settings.
• Logic: The analytical method used to process input data.‍
• Evaluation Finding: The result of an Evaluation, which could be a binary decision (e.g., “Yes/No”), a confidence score, or another structured output.

An Inspection represents the application of your defined Evaluations (monitors, guardrails or policies) to your data. It is calculated by multiplying the number of Tokens processed by the number of active Evaluations applied during that interaction. (Tokens x Evaluations = Inspections) This approach ensures pricing scales transparently based on both the complexity of your monitoring needs (number of Evalutions) and the volume of data (number of Tokens). Inspection Formula: (Tokens Processed ÷ 1,000) × Active Evaluations = Number of Inspections.

ThirdLaw is sold as an annual subscription, with a specific number of monthly Inspections included. Pricing scales based on usage: Inspection occurs when your data (measured in Tokens) is processed by one or more active Evaluations (your defined rules or detectors). Details on how Inspections are calculated and how Evaluations and Tokens are counted can be found in the FAQ "ThirdLaw Pricing Calculations Overview."

"Responsible AI involves creating and deploying AI systems that uphold principles of beneficence, non-maleficence, autonomy, justice, and explicability, ensuring that AI operates for the good of society and avoids causing harm." Floridi, L., & Cowls, J. (2019). "A Unified Framework of Five Principles for AI in Society." Harvard Data Science Review

"AI safety addresses the need to design and deploy AI systems that function safely and reliably under all conditions, including scenarios where systems may encounter unexpected or adversarial inputs." Russell, S., & Norvig, P. (2020). Artificial Intelligence: A Modern Approach (4th Edition):