Pilot program
30 days. Written criteria.
No ambiguity.
You know what you’re evaluating and what success looks like before day one: the criteria are agreed in writing.
Who this is for
Organizations already losing sensitive data into AI tools.
If you lead security, IT, compliance, legal, or privacy, this is the conversation.
The structure
How the pilot works
Every pilot follows the same structure, and the criteria drive every conversation. We only run pilots that can produce a clear keep-or-kill answer.
-
Discovery conversation
A 30-minute call: which AI tools are in use, how traffic flows, what data is at risk, and what you need to prove to auditors or leadership.
-
Kickoff and written criteria
Agreed in writing before day one: the connector path, the traffic in scope, and the measurable outcomes that define success. No “let’s see how it goes.”
-
30 days on real traffic
Enforcement and audit logging live on the traffic you route. Your admin sees decisions and records from day one; we stay available throughout.
-
Evaluation and decision
We evaluate against the kickoff criteria. Met: we move to a subscription on your procurement’s timeline. Not met: we tell you why.
Prerequisites
What needs to be true before we start
-
Staff are already putting sensitive data into AI tools
Your people are already using AI tools, with or without IT’s knowledge. A pilot measures real traffic, so it works best once that use is happening. Planning ahead of it? Start with the discovery call anyway; we’ll scope what a pilot would prove.
-
You’ll have a straight 30-minute conversation first
We cover the tools in use, the traffic, the data at risk, and what you’d need to see to decide. If a pilot doesn’t make sense right now, we say so on the call.
-
One person who can configure a connection
The gateway path changes one API base URL; the proxy path is a network-level setting. Nothing is installed on employee machines. We never ask for those changes by email or phone alone; confirm any such request in your admin console first.
-
Stakeholder agreement before day one
IT, security, and the affected departments agree on which traffic routes and what success means, with someone who has the authority to act on the result.
Evaluation structure
Typical success criteria
Criteria are specific to your organization and agreed at kickoff. Common examples:
-
Policy trigger volume
Number of warn, redact, block, or escalate events per week on routed traffic. Establishes a baseline your security and compliance program can act on and report against.
-
Audit log accessibility
Admin can retrieve a timestamped, structured record for any given day within the pilot window on demand. No hunting. No manual reconstruction. The record exists or it doesn't.
-
Coverage target
A defined percentage of target AI traffic successfully routed through Mandate by the end of the pilot. Agreed at kickoff based on your connector path and deployment constraints.
-
Risk event reduction
Measurable decrease in high-risk-content events (e.g., PII in prompts) compared to pre-pilot baseline where data is available. Demonstrates measurable governance impact on the routed traffic.
If the numbers don't support moving forward, we'll say so as plainly as if they do.
What happens next
After the pilot
The evaluation is a structured check against the criteria you agreed at kickoff. Those criteria are the only thing that matters.
Criteria met
We move to a paid subscription on a timeline that fits your security review and procurement. The structure is agreed during the pilot.
Criteria not met
We'll tell you why and what would need to change. We don't push you to convert when the pilot hasn't delivered results.