Lockdown.
Emergency kill switch for AI access. One click freezes all AI traffic org-wide. Circuit breakers auto-trigger on anomaly detection. The big red button you hope you never need — and need to know works the first time you reach for it.
What lockdown does
- Freezes all gateway traffic at the workspace, team, or org scope
- Returns a clear, configurable message to clients (default:
451 service halted by org policy) - Continues collecting evidence on attempted requests so you can investigate after
- Disables outbound dispatch but keeps the policy and audit planes alive
Circuit breakers
Lockdown can trigger automatically on anomaly:
- Spend velocity — "spend rate exceeds 5x baseline for 5 minutes"
- PII rate — "more than 1,000 unique credit-card patterns redacted in the last hour"
- Provider 5xx storm — "more than 30% of requests failing for 10 minutes"
- Custom — any policy condition you can express in CEL
Auto-trigger is disabled by default; admins opt in per-rule. Every trigger is logged with the metric trail that fired it.
Who can pull the trigger
- Admins with the
lockdown.invokescope - The org's CISO or SRE on-call (assignable)
- Auto-trigger via configured circuit breakers
Every invocation records the actor, the timestamp, the scope, and a signed receipt. The lockdown event is part of the evidence chain.
Recovery
Recovery is a deliberate, scoped re-enable. Pick which workspaces / teams / models / users to bring back online, in what order. Audit log captures every step.
Drill mode
Test lockdown without affecting users. Drill mode simulates the lockdown decision tree, logs what would have happened, and produces a drill report. Run quarterly; you want to know the path works before you need it.
Adjacent reading
- Inspector — live view of attempted requests during lockdown
- Security posture — tamper-resistance of the lockdown audit trail
- Acceptable use — what triggers our trust-and-safety lockdown