Access control plane for AI vendors

Control who - and what -
can use your AI vendors.

Temporary, scoped access to OpenAI, Anthropic, and every AI vendor - for your engineers, contractors, and AI agents. Vendor-side enforcement, one-click revoke, and a full audit trail. Without ever handing out raw provider keys.

Book a 15-min walkthrough → View source ↗
Request → approve → scoped access → TTL → revoke → audit.
Works under your ITSM / IdP· Humans and non-human agents· Self-hosted, keys stay in your vault

Raw keys for everyone is not a plan.

Companies already use OpenAI and Anthropic. But giving every engineer, contractor, service, and agent a raw provider key - and hoping someone remembers to revoke it - is a security and compliance liability.

🗝️

Raw keys leak and never die

A key handed to a contractor outlives the engagement. No expiry, no scope, no idea who still holds it.

Onboarding is manual and endless

Create the workspace, assign the role, repeat - for 1,000 people and every role change. Your ITSM opens a ticket; a human still clicks through the vendor console by hand.

🤖

Agents have no IAM at all

CI jobs, eval pipelines, and coding agents need vendor access too - but identity tooling is built for humans, not bots.

The full access lifecycle - for one human or one agent.

Not a proxy. Not another dashboard. OPORD creates, scopes, expires, and removes real access at the vendor.

01 · REQUEST

Request access

A person or agent asks for a vendor, scope, and duration - via OPORD or your ITSM ticket.

02 · APPROVE

Approve / reject

Owner approves with one click. Policies and budgets are checked before anything is granted.

03 · PROVISION

Provision scoped

OPORD provisions real access - project, model + tool allow-list, spend cap - keys stay in your vault.

04 · EXPIRE

TTL + revoke

Access auto-expires on its TTL, or you revoke instantly. Vendor-side, not just in a list.

05 · AUDIT

Full audit

Every request, grant, block, and revoke is recorded with actor and time. Export for compliance.

See it working.

The same screens your platform and security teams live in - humans and agents side by side.

opord · AI access
Approval inbox · pending
jane@contractor.com
Claude API · 7-day engagement
pending
eval-pipeline@ci.internal agent
OpenAI · scoped to gpt-4o
pending
data-platform team
Claude Code · expires in 58d
active
support-bot@svc.internal agent
Scoped key · $50 cap · 7d
active
ex-contractor@acme.io
Claude API · access pulled
revoked
Spend guardrails · this month
OpenAI$1,712 / $2,000 · 86%
⚠ warning threshold - gateway will block at the hard limit
Anthropic$419 / $1,000 · 42%
Global$2,137 / $5,000 · 43%
Audit trail
12:52approved · support-bot scoped key minted (7d, $50)
12:49blocked · policy: contractors → OpenAI denied
11:30revoked · ex-contractor → Claude API
09:14expired · reaper pulled 2 stale grants

Live screens from a running OPORD instance with seeded demo data. Swap in your own screenshots, or ask for a live walkthrough.

Not a proxy. Not a replacement for your ITSM.

Most adjacent tools watch and filter traffic. OPORD manages the actual access - and slots in under the stack you already run.

What this is not

  • A model gateway / LLM proxy you route all traffic through
  • An observability or DLP dashboard
  • A replacement for ServiceNow, Okta, or SailPoint
  • A broad “AI governance platform”

What it is

  • The AI-vendor execution layer: it does the OpenAI/Anthropic last mile your ITSM can’t
  • Imports your user list, triggered by your existing approval
  • Real scoped provisioning: project · model · tool · spend cap · TTL · revoke
  • IAM for non-human agents - where identity tooling is weakest

One control plane. Every AI vendor.

Govern the providers your teams already pay for - with more landing every month. No raw keys, wherever the access lives.

Live

OpenAI · ChatGPT

Scoped keys, project + model allow-lists, spend caps, and a metered gateway.

Anthropic
Live

Anthropic · Claude

Workspace seats, Claude Code entitlements, org-admin grants, and a full audit trail.

Google Gemini
In testing

Google Gemini

AI Studio + Vertex AI access governance. In active testing - design partners first.

Perplexity
In testing

Perplexity

Governed Sonar search-augmented access through the OPORD gateway. In active testing.

GitHub Copilot
In testing

GitHub Copilot

Real seat assign / revoke plus billing & usage governance for Business / Enterprise. In active testing.

More soon

Your stack, governed

LiteLLM virtual keys, MockAI for demos - and the vendor you ask for next.

“In testing” vendors are built and in active QA - first access goes to design partners. Want one prioritized? Tell us ↗

Built for the teams who feel the pain.

Platform teams

Stop hand-provisioning vendor access for every team and every role change.

Security engineering

No raw keys in the wild. Instant revoke. An audit trail that survives an interview.

AI enablement

Let teams self-serve scoped access - with budgets and policy as the guardrails.

Anyone running agents

Give CI jobs, evals, and coding agents capped, expiring, revocable vendor access.

Early access

Control who can use which AI vendor -
with temporary scoped access and instant revoke.

We’re onboarding a handful of design-partner teams. If you provision AI-vendor access by hand today, we’d like 15 minutes.

Prefer email? admin@opord.dev · Source on GitHub ↗