ARX
Home
Solutions
Contact
Sign InConnect with the team
ARX

The control plane for enterprise AI.

330 E Liberty, Lower Level
Ann Arbor, MI 48104
(302) 450-5664
Cloudflare Startup Program
Lambda Cloud Startup Program
NVIDIA Inception Program Member
Ann Arbor SPARK
Connect with the team

Product

  • Overview
  • Gateway
  • Agent Exchange
  • Control Plane
  • Pricing
  • Security

Company

  • About
  • Team
  • Blog
  • Intelligence
  • Contact
  • Support

Legal

  • Terms
  • Privacy
  • Cookies
  • EULA
  • Acceptable Use
  • DPA
  • Do Not Sell
  • Accessibility

© 2026 ARX QM Holdings, Inc. All rights reserved.

·Patent Pending
All systems operational
·The AI Gateway for Multi-Agent Enterprise.Observe, orient, decide, act, on one runtime.Per-call attribution. Cost-quality routing. Audit by execution.Audit evidence as a byproduct of the runtime executing.One gateway. Every model. Every agent.

Layer 3 · Always on

The audit binder
writes itself.

Policy-as-code on every request. Event-sourced log on every event. The same telemetry that runs the gateway produces the evidence the regulator asks for. Identity, permissions, observability, and human approval are not a separate workflow.

Contact salesSee the architecture

What the Control Plane does

Six components, always on.

Identity

OIDC SSO, SCIM, MFA, CAC/PIV.

Permissions

Policy-as-code. Tenant isolation.

Policy

Evaluated before the request lands.

Observability

OpenTelemetry across every surface.

Audit

Append-only, hash-chained, signed.

Human-in-loop

Approval gates the regulator requires.

How it works

Three mechanisms, one ledger.

Policy-as-code

Every request is evaluated against deterministic, version-controlled policy. Authorization decisions are auditable, reproducible, and re-verifiable without rerunning the model.

Event-sourced log

CloudEvents v1.0 with twenty-one event types. Append-only, hash-chained, Ed25519-signed. The audit trail is the runtime, not a parallel reconstruction.

Control mapping

EU AI Act Articles 9, 12, 13, 14, 15. FS AI RMF (230 controls across Govern, Map, Measure, Manage). SR 11-7, NYDFS Part 500, FFIEC, CMMC L2, NIST 800-53. One event log, every regulator served.

Mapped to the regulator

Same event log. Every framework the regulator already binds you to.

The audit chain a federal program needs is the audit chain a bank already requires. Build it once. Sell it across.

Financial Services

SR 11-7, NYDFS Part 500, FFIEC, EU AI Act

Defense

CMMC L2, FIPS 140-3, NIST 800-53, DoDD 3000.09

Healthcare

HIPAA, 42 CFR Part 2

Government

FedRAMP, OMB M-24-10, FOIA

Critical Infrastructure

NERC CIP, TSA

Legal

Attorney-client privilege

Manufacturing

CMMC (DIB), OT/IT

Tell us which regulator you answer to.

We come with the control mapping for your framework. You come with the auditor’s outstanding list and the timeline.

Contact salesSee the full architecture

Layer 3.
Always on.