AI governance · comparison · June 2026

How to govern the AI tools your team already uses

Buyers keep asking for the same thing: govern the Copilot, ChatGPT, Claude and Cursor their team already opens every day, without rolling out a sixth tool to do it. That leaves five real options. Here is how airlock, Microsoft Agent 365, ServiceNow, AI security tools and open-source compare, including the rows where airlock loses.

The short answer. Pick airlock for vendor-neutral governance over the AI clients your team already uses, set up without engineers, with EU data residency. Pick Microsoft Agent 365 if you already run Microsoft 365 and want to govern agents inside it. Pick ServiceNow AI Control Tower if you are a large company already on the Now Platform. Pick AI security tools (Cisco, Palo Alto, CrowdStrike) if your first concern is catching threats in AI traffic as they happen, for the security team. Pick a self-hosted open-source gateway if you have engineers who want full control and no licence cost.

The difference that matters: AI security tools watch AI traffic for threats as it happens; airlock decides which tools, skills and agents are allowed in the first place. Two different jobs, and they work side by side.

01 / The landscape

Where each one sits

The two things buyers weigh most: how many AI vendors it covers, and who has to run it. airlock is the only option in the top-right: every vendor, no engineering team.

No-code · no engineersNeeds an engineering teamSingle-vendorCross-vendorairlockMicrosoft Agent 365ServiceNowAI security toolsSelf-host / OSS

airlockMicrosoft Agent 365ServiceNowAI security toolsSelf-host / OSS

02 / Full comparison

Scored row by row

Every column is scored the same way, airlock's losing rows included. Markers: ✓ full · ~ partial · ✕ none · ? not public · roadmap known but unshipped.

Open any row for the reasoning per option.

Feature-by-feature comparison of airlock, Microsoft Agent 365, ServiceNow AI Control Tower, AI security tools (Cisco, Palo Alto, CrowdStrike) and self-hosted open-source MCP gateways, scored across coverage, governance, security, commercial fit and EU compliance.
Capability	airlock	Microsoft Agent 365	ServiceNow AI Control Tower	AI security tools	Self-host / OSS
What it is
positioning	Cross-vendor MCP & skill governance overlay	Agent governance inside Microsoft	Enterprise AI command center (Now Platform)	Catches threats in AI traffic (Cisco, Palo Alto, CrowdStrike)	Open-source MCP gateway you run yourself
Coverage & portability
Govern people's AI tools, across vendorsGovern the AI clients people use day to day, across every vendor.
	Fronts Claude, ChatGPT and Cursor across every vendor, through one connector.	Microsoft tools only; browser use of others is endpoint-block at best.	Discovers third-party AI broadly, but enforcement is strongest in its own lane.	Sees any vendor's AI traffic, but controls it by blocking threats, not by deciding which tools people may use.	Vendor-neutral; brokers any client and any server.
Run autonomous agentsHost and run agents executing on their own, with their own identity.
	Does not run agents yet; agent runtime hosting and identity are on the roadmap. Agent config is governed as objects (see below).	Built for agents, with Entra Agent ID.	Agent inventory plus a kill switch.	Guardrails and identity for live agents.	Runs agents via the gateway; identity varies by project.
Overlay, not a destinationSits in front of the tools you already use, instead of being its own app.
	Sits in front of the tools you already use.	A Microsoft platform you adopt.	An enterprise platform with lock-in.	Sits over your existing AI traffic.	A gateway overlay in front of your tools.
Governance & security
Policy, approvals & kill switchSet rules, pause risky actions for approval, and disable instantly.
	Policy, HITL approvals and kill switch, all live.	Kill switch yes; per-action approval unclear.	Policy plus a real-time kill switch (Veza).	Blocks and kills in the flow; thinner on human approvals.	Per-tool RBAC and revoke; approvals vary.
Skills & agents as governed objectsSkills and agent definitions as reusable, verified building blocks with version history.
	Skills and agent configs as versioned, signed, portable objects.	Blueprints, but no signing or version history.	Managed in-platform, not portable.	Scans skills and MCP for risk, not a governed catalog.	Catalog objects, but rarely versioned or portable.
Enforce your AI use policyTurn the written AI policy into enforced rules and a required sign-off.
	Versioned AI use policy; each person signs to continue, access pauses until they do, and flagged actions need approval.	Policy via Purview and Intune, but no AI-use sign-off gate.	GRC policy management, not a per-person AI-use sign-off.	Enforce security policy at run time, not a company AI-use policy.	No policy management.
Credential vault / agent identityKeys stay server-side; each agent has a governed identity.
	Vault is live; Entra SSO and SCIM are roadmap.	Entra Agent ID, first-class identity.	Veza access graph.	Strong agent identity and credential brokering.	Mature open-source vaults (HashiCorp Vault, OpenBao) and identity (Keycloak, SPIFFE) cover this, self-wired.
Audit log + SIEM exportEvery action recorded and streamable to your security tooling.
	Every call logged, SIEM-exportable.	Purview audit plus Sentinel.	Full audit through enterprise GRC.	Feeds the security team's tools directly.	Per-call audit, exportable to open-source SIEM (Elastic, Wazuh, Graylog).
Runtime threat protectionDetect attacks, block injection, cover devices and feed the security team.
	Scans tool calls and redacts PII; not full threat detection, device or security-team coverage.	Defender and Prompt Shields within Microsoft.	Some via its security tooling; not its core.	Their core strength: detection, injection blocking, device and security-team coverage.	Open-source guardrails (LLM Guard, NeMo Guardrails, Garak) block injection; no device or security-team coverage.
Shadow-AI discoveryFind unsanctioned AI tools people already use.
	Sees only what routes through airlock; cannot discover tools that bypass the connector.	Defender and Intune, preview, blind to browser tabs.	Many connectors; a core 2026 pillar.	Continuous shadow-AI discovery across devices and the network.	Governs registered servers; no active discovery.
Data-leakage / DLPStop sensitive data going into AI tools.
	Redaction on tool I/O, not the conversation.	Purview DLP; blocks paste into ChatGPT.	Protects within its own flows.	Strong built-in data-loss controls and content checks.	Open-source PII/DLP (Microsoft Presidio, LLM Guard) filters tool I/O.
Fit & commercial
No-code / non-engineerSet up and run it without engineers.
	One connector; OpenAPI-to-MCP in 60s.	Needs you to already run Microsoft 365, plus IT admins.	Needs platform configuration.	Security platforms run by the security team.	Docker and Kubernetes; you run and maintain it.
Per-engagement isolationA separate, walled scope per client engagement.
	A formal per-engagement project hierarchy is on the roadmap; not yet a productised per-client tenant.	Scopes within one tenant.	Scopes within one tenant.	Built for one company's own setup.	Possible by running an instance per client, but DIY.
Reseller programBuyable and resellable through partners.
	Reseller program announced; still being built.	Sold through Microsoft partners (CSP).	Large partner ecosystem.	Sold through established security resellers.	No standard reseller program.
PricingHeadline list price.	Free · €19/user · Ent.	$15/user + E5/BizPrem	Custom, usage-based	Enterprise, quote-based	Free + hosting/ops
	Free, then €19/user-mo, transparent.	$15/user-mo on top of a license prerequisite.	Custom quote, opaque usage metering.	Enterprise quote-based; five-to-six figures.	Software free; you pay in hosting and engineering time.
Best-fit segmentWho it is built for.	EU mid-market & consultancies	Microsoft enterprise	Large enterprise	Enterprise security teams	Engineer-led teams
	EU mid-market firms and consultancies without an engineering team.	Companies all-in on Microsoft.	Large Now-Platform enterprise.	Enterprise security teams.	Technical teams comfortable self-hosting.
Compliance (EU)
EU data residencyData stored and processed in the EU.
	EU-hosted · GDPR-aligned, built for the EU AI Act.	EU Data Boundary.	Regional routing; own hosting less documented.	EU regions, but US-headquartered; varies by deployment.	Self-host anywhere, including the EU, but you run it.
EU AI Act tooling / evidenceEvidence and templates for EU AI Act compliance.
	Live audit trail; packaged Evidence Pack is roadmap.	A Purview Compliance Manager template; partial, not full Act tooling.	Out-of-box EU AI Act content packs.	Framework alignment, not Act-specific tooling.	No EU AI Act tooling out of the box.
Certifications (SOC 2 / ISO 27001)Third-party security certifications.
	None held yet; ISO 27001 and SOC 2 in progress, with a live Aikido security badge published.	Full Microsoft certification set.	Enterprise certifications held.	Established enterprise certifications.	No certifications; it is your deployment to certify.

full partial / scoped none not publicroadmap known, unshipped

03 / Best for

Five options, five buyers

No single winner. Each fits a different team. Here is the one each is built for.

airlock

EU mid-market companies and consultancies (50–500) using several AI tools, with no engineering team, that need EU data residency and a setup that takes minutes, with per-client isolation on the roadmap.

Microsoft Agent 365

Companies all-in on Microsoft with IT staff who want agent identity, Purview data-loss controls and certifications inside the Microsoft tools they already run.

ServiceNow AI Control Tower

Large companies already on the Now Platform that want one place to watch everything, and can absorb custom, usage-based pricing.

AI security tools

Enterprise security teams whose first concern is catching threats, stopping data leaks and covering devices for AI traffic.

Self-host / OSS

Engineering-led teams wanting full control, extensibility and no licence cost, that can run, secure and certify it themselves.

04 / FAQ

The questions buyers ask

Which option is best for an EU mid-market company without engineers?

airlock, in most cases. It is vendor-neutral, EU-hosted and no-code, with per-engagement isolation on the roadmap. Microsoft Agent 365 assumes you already run Microsoft 365 and have IT staff; ServiceNow assumes the Now Platform; AI security tools are run by the security team; open-source assumes engineers to run and maintain it.

Aren't the AI security tools (Cisco, Palo Alto, CrowdStrike) already doing this?

They solve a different problem. Cisco AI Defense, Palo Alto Prisma AIRS and CrowdStrike Falcon AIDR watch AI traffic for threats as it happens: prompt injection, data leaks, device coverage, security-team workflows, where they are strong and airlock does not compete. airlock decides which tools, skills and agents are allowed in the first place. Two different jobs; they work side by side rather than replace one another.

Does Microsoft Agent 365 govern Claude or ChatGPT?

Mostly no. It governs Microsoft agents and anything with an Entra Agent ID. A person using Claude or ChatGPT in the browser is a blind spot it can block at the endpoint but not natively govern. airlock fronts those clients directly.

What about Langdock? Is it an alternative to airlock?

Not really a like-for-like. Langdock is a destination workspace employees switch into, an EU "AI platform for employees", rather than a layer over the tools they already use. If you are weighing Langdock, you are really choosing "adopt one new approved tool" versus "govern the mix of AI tools you already have." airlock does the latter.

What about Dust?

Same shape as Langdock: Dust is an agent platform you build inside, not a governance layer over your existing AI clients. It is the closest EU positioning peer, but it is a destination, not a cross-vendor governance overlay.

Is an open-source / self-hosted MCP gateway good enough?

It can be, if you have engineers. Open-source gateways are vendor-neutral, free and fully extensible, and self-hosting keeps data in the EU. The cost moves into your team: deployment (often Docker/Kubernetes), maintenance, security, audit export and certifications are all yours to build and own. airlock delivers the same governance as a managed, no-code service.

What does each cost?

airlock: Free / €19 per user-mo / Enterprise. Microsoft Agent 365: $15 per user-mo on top of a Business Premium or E5 prerequisite. ServiceNow: custom and usage-based. AI security tools: enterprise quote-based. Open-source: the software is free; you pay in hosting and engineering time.

Move fast on AI without throwing governance overboard.

Link any tool once, reuse everywhere, audit forever. One URL fronts every MCP-compatible client. Set policy once, server-side.

Start free →Book a demo

EU-hosted · GDPR-aligned

Built for the EU AI Act