Walma

AI Hub. The gateway between your developers and the AI models.

Get control over cost, security and policy for Claude Code, Codex and every AI tool your teams already use.

Your developers are already using AI. The real question is not whether, but how much you are paying for it, where the data ends up, and who is chatting with the models in the middle of the night. AI Hub is the gateway that sits between the developer's tools and the AI provider. All traffic passes through your environment, with budgets, policy, sandboxing and audit logs that you control yourselves.

Some clients & partners

SKBVictoriahemOne MoreInseraJunglemapAlice LabsPublic PartnerOMIFAWS PartnerMicrosoft

Your developers are buying AI subscriptions you cannot see.

Shadow AI on the engineering side, faster than you can inventory it.

See how AI Hub solves it

Scattered subscriptions, no central picture

Claude, OpenAI, Cursor, Codex. Every team has its own cards, its own invoice and its own guess about where it lands at the end of the month.

Data leaves your environment with no policy

Source code, customer lists, configuration files. Without a gateway in front there is no control over what gets sent on to the model.

No answer when the CFO asks

What do the AI tools cost in total? Who spends the most? What is the Q4 forecast? Without central collection the answers are guesses.

A proxy in front of the AI models. You own the flow.

Live in a week, no change required to your developers' habits.

AI Hub is a managed gateway built on Azure APIM and Azure Foundry. Your developers point their tools at your endpoint. Everything else looks the same. Behind the scenes you get a dashboard showing exact cost, model mix, who uses what, which requests were blocked and which traffic passed through. Tier-based policy syncs automatically to APIM, so when you change a budget or a policy it takes effect immediately.

AI Hub dashboard with cost, model mix and security signals
What you get

Control on two levels. Economics and security.

AI Hub is built for the CIO who needs an answer to the cost question and for the security team that needs proof the policy actually holds.

Cost control in real time

Cost control in real time

  • Spend MTD, monthly forecast and daily burn rate
  • Budgets per team and per individual with warning thresholds
  • Model mix and forecast per model
  • Cache hit rate and savings effects over time
Security and policy that actually blocks

Security and policy that actually blocks

  • Sandbox per repo, blocked data sources and deps.dev scanning
  • Audit log on every request with model, context and response
  • Sandbox compliance: share of traffic inside sandbox, signals for deviations
  • Security incidents logged and reviewable after the fact
Tier-based access via SCIM

Tier-based access via SCIM

  • Map your IdP groups (Entra ID, Okta) to tiers
  • One API key per tool and tier, no manual distribution
  • Pro tier for seniors, lite tier for juniors, custom for specific teams
  • Synced automatically to APIM whenever tier or policy changes
Analytics and reports you can present

Analytics and reports you can present

  • Top users and top teams by spend, model and tool
  • Activity log of policy events, budgets, sessions and throttling
  • Network map of where the traffic goes geographically
  • Export for invoicing and cost center reconciliation
Architecture

Built for isolation, scale and traceability

One environment per customer, no shared data, full control over where the traffic ends up.

Per-environment isolation

Each customer gets their own APIM, their own Foundry instance, their own Event Hub and their own tables in Supabase. No data is shared between customers.

Telemetry that does not slow you down

APIM emits one raw event per request via log-to-eventhub. Analysis and rollups run asynchronously in workers, so the gateway latency stays untouched.

Policy enforced at the gateway

Tier policies live on the API key, not on the developer. When a developer moves to a new tier, policy takes effect on the very next request.

Why AI Hub

Compliance-ready from day one

AI Hub is built with the EU AI Act, GDPR and your security policy in mind. Nothing bolted on.

Audit log on every request

Who, what, when, which model, which tokens, which policy was applied. Searchable for months, exportable for internal audit.

Sandbox compliance you can measure

Share of traffic inside sandbox, number of flagged events outside office hours, number of blocked repos. Proves the policy is alive, not just that it exists.

Deps.dev security scanning

Workers scan the packages developers reference and flag known vulnerabilities. An extra security line before code reaches production.

GDPR and AI Act from the ground up

Data lives in your environment, you control retention, you control access. Traceability is a design principle, not an afterthought.

AI Hub security dashboard
Implementation

From zero to production in four weeks

Standard package. For enterprises with specific requirements we adjust the timeline.

1

Provision

We provision APIM, Foundry and Event Hub in your Azure tenant. A Supabase instance with the gateway schema is set up.

Week 1
2

SCIM connection

We connect your IdP (Entra ID, Okta or similar) to the tier system. Groups are mapped to tiers and API keys are generated.

Week 2
3

Pilot team

The first team gets its AI Hub endpoint. We monitor together for a week and tune policies, budgets and warning thresholds.

Week 3
4

Full production

The remaining teams roll out. Dashboards go live for the CIO and security. The managed service agreement begins.

Week 4

Deep dives

Three ways into AI Hub depending on what drives you

Same platform, three different entry points. Pick the one that matches the question on your desk right now.

AI Cost Management. Get the answer to what your AI tools actually cost.

Real-time data on spend, forecasts per model, budgets per team. All in one place, synced from APIM automatically.

AI that meets GDPR, the EU AI Act and NIS2.

Traceability, data sovereignty and incident handling built in. Compliance you can actually show your auditor, your DPA and your security lead.

Safe AI coding for organisations.

Your developers use Claude Code and Cursor every day. AI Hub makes sure source code, secrets and customer data stay where they belong.

Frequently asked questions about AI Hub

Anything that can point to a custom endpoint. In practice: Claude Code, OpenAI Codex, Cursor, Continue, Aider and any agent framework that lets you set ANTHROPIC_BASE_URL or its equivalent. We have also tested it with custom internal agents.

It does not. Your developers set an environment variable pointing at your AI Hub endpoint. Everything else works exactly as before. Latency stays in the low millisecond range.

APIM runs with SLA guarantees inside your Azure subscription. During a larger outage you can choose between blocking traffic until the service is back up, or allowing direct connections without logging. The default for security-critical customers is fail-closed.

In your own Supabase instance, in your Azure region. We have no access to the data. Retention is configured by you, default 24 months.

Yes. Tier policies at the APIM layer handle rate limiting, model restrictions and blocked prompts. An org-wide hard cap triggers automatic suspend if it is exceeded.

Fixed monthly fee per organisation plus a small markup on model usage. You do not pay more for your models than you do directly with Anthropic or OpenAI. You get control, security and visibility on top. We give you concrete pricing after a first conversation.

AI Hub is built specifically for AI developer tools, with tier policy, SCIM integration, audit log and deps.dev scanning. Building the equivalent yourself typically takes a team three to six months. We have done it already.