airlock vs open-source MCP gateways
Self-hosted open-source MCP gateways are vendor-neutral, free and extensible, if you have engineers to run them. airlock delivers the same governance as a managed, no-code service. This is the build-versus-buy call.
How they compare
Scored the same way as the full comparison, airlock's losing rows included. ✓ full · ~ partial · ✕ none · roadmap known but unshipped.
| Capability | airlock | Self-host / OSS |
|---|---|---|
| What it is | ||
| Coverage & portability | ||
| Govern people's AI tools, across vendorsGovern the AI clients people use day to day, across every vendor. | ✓Fronts Claude, ChatGPT and Cursor across every vendor, through one connector. | ✓Vendor-neutral; brokers any client and any server. |
| Run autonomous agentsHost and run agents executing on their own, with their own identity. | roadmapDoes not run agents yet; agent runtime hosting and identity are on the roadmap. Agent config is governed as objects (see below). | ~Runs agents via the gateway; identity varies by project. |
| Overlay, not a destinationSits in front of the tools you already use, instead of being its own app. | ✓Sits in front of the tools you already use. | ✓A gateway overlay in front of your tools. |
| Governance & security | ||
| Policy, approvals & kill switchSet rules, pause risky actions for approval, and disable instantly. | ✓Policy, HITL approvals and kill switch, all live. | ~Per-tool RBAC and revoke; approvals vary. |
| Skills & agents as governed objectsSkills and agent definitions as reusable, verified building blocks with version history. | ✓Skills and agent configs as versioned, signed, portable objects. | ~Catalog objects, but rarely versioned or portable. |
| Enforce your AI use policyTurn the written AI policy into enforced rules and a required sign-off. | ✓Versioned AI use policy; each person signs to continue, access pauses until they do, and flagged actions need approval. | ✕No policy management. |
| Credential vault / agent identityKeys stay server-side; each agent has a governed identity. | ~Vault is live; Entra SSO and SCIM are roadmap. | ✓Mature open-source vaults (HashiCorp Vault, OpenBao) and identity (Keycloak, SPIFFE) cover this, self-wired. |
| Audit log + SIEM exportEvery action recorded and streamable to your security tooling. | ✓Every call logged, SIEM-exportable. | ✓Per-call audit, exportable to open-source SIEM (Elastic, Wazuh, Graylog). |
| Runtime threat protectionDetect attacks, block injection, cover devices and feed the security team. | ~Scans tool calls and redacts PII; not full threat detection, device or security-team coverage. | ~Open-source guardrails (LLM Guard, NeMo Guardrails, Garak) block injection; no device or security-team coverage. |
| Shadow-AI discoveryFind unsanctioned AI tools people already use. | ✕Sees only what routes through airlock; cannot discover tools that bypass the connector. | ✕Governs registered servers; no active discovery. |
| Data-leakage / DLPStop sensitive data going into AI tools. | ~Redaction on tool I/O, not the conversation. | ✓Open-source PII/DLP (Microsoft Presidio, LLM Guard) filters tool I/O. |
| Fit & commercial | ||
| No-code / non-engineerSet up and run it without engineers. | ✓One connector; OpenAPI-to-MCP in 60s. | ✕Docker and Kubernetes; you run and maintain it. |
| Per-engagement isolationA separate, walled scope per client engagement. | roadmapA formal per-engagement project hierarchy is on the roadmap; not yet a productised per-client tenant. | ~Possible by running an instance per client, but DIY. |
| Reseller programBuyable and resellable through partners. | roadmapReseller program announced; still being built. | ?No standard reseller program. |
| Compliance (EU) | ||
| EU data residencyData stored and processed in the EU. | ✓EU-hosted · GDPR-aligned, built for the EU AI Act. | ✓Self-host anywhere, including the EU, but you run it. |
| EU AI Act tooling / evidenceEvidence and templates for EU AI Act compliance. | roadmapLive audit trail; packaged Evidence Pack is roadmap. | ✕No EU AI Act tooling out of the box. |
| Certifications (SOC 2 / ISO 27001)Third-party security certifications. | roadmapNone held yet; ISO 27001 and SOC 2 in progress, with a live Aikido security badge published. | ✕No certifications; it is your deployment to certify. |
Pick the one that fits
Choose airlock
airlock is the better fit if you:
- Want the same vendor-neutral control without the ops burden
- Have no engineering team, or would rather not spend it on plumbing
- Need audit, approvals and a kill switch out of the box
- Want EU hosting and a managed path to certifications
Choose open-source MCP gateways
A self-hosted open-source gateway is the better fit if you:
- Have an engineering team that wants full control and extensibility
- Want no licence cost and are happy to pay in hosting and ops
- Can run, secure, monitor and certify the deployment yourself
- Prefer to self-wire identity, vaults, DLP and SIEM
What each costs
Free, then €19 per user per month, with hosting, security and audit included.
The software is free; you pay in hosting, maintenance and engineering time.
Build versus buy
Open-source gateways and airlock play the same vendor-neutral broker role. The difference is who runs it. With open-source, deployment, maintenance, security, audit export and certifications are yours to build and own. airlock delivers the same governance as a managed service, so the cost moves off your engineers. Teams often prototype on open-source, then move to airlock when the ops and compliance burden outweighs the licence saving.
Common questions
Is an open-source or self-hosted MCP gateway good enough?
Where does open-source win?
Does airlock use open-source under the hood?
What does each cost?
How fast is airlock to set up versus self-hosting?
Is airlock EU-hosted?
Govern the AI tools your team already uses.
Link any tool once, reuse everywhere, audit forever. One layer over every MCP-compatible client, set up without engineers.