AI Governance

Enterprise AI Governance with Bifrost Access Profiles

Enterprise AI Governance with Bifrost Access Profiles
Bifrost Access Profiles bring enterprise AI governance to large teams: reusable policies that auto-provision governed virtual keys with budgets and model limits.

Enterprise AI governance fails most often at the access layer: who can call which models, with what budget, and which tools they can reach. IBM's 2025 Cost of a Data Breach Report found that one in five organizations experienced a breach linked to shadow AI, and that 97% of organizations breached through AI tools lacked proper access controls. Bifrost, the open-source AI gateway built in Go by Maxim AI, closes that gap with Access Profiles: reusable policy templates that automatically provision governed virtual keys to every user at scale. This post explains how Access Profiles help enterprises govern and secure AI usage across large teams, from provider and model limits to budgets, rate limits, and tool access.

What Are Access Profiles in Bifrost

An Access Profile in Bifrost is a reusable policy template that defines what a user, team, or business unit is allowed to do once they are granted AI access. When a profile is assigned to an entity, directly or through a role, Bifrost creates a per-user copy of the policy and issues a virtual key automatically. The key carries the profile's provider list, model allowlist, budgets, rate limits, and MCP tool access.

This is the core of enterprise AI governance at scale: operators define policy once and apply it everywhere, instead of writing and distributing keys by hand. Users never receive raw provider credentials, and each user copy enforces its own isolated budget and rate-limit counters. A profile named "Engineering" can be authored a single time and applied to every engineer in the organization, with each individual tracked independently.

Why Enterprise AI Governance Breaks Down at Scale

Most AI governance problems are not policy-design problems. They are distribution problems. A platform team can write a sensible policy for which models a department may use and how much it may spend, but enforcing that policy across hundreds of engineers, analysts, and applications is where control erodes.

The data reflects this gap. The IBM report found that 63% of breached organizations lacked AI governance policies, and only 37% had approval or oversight mechanisms in place. Menlo Security's 2025 report on AI in the workplace recorded a 68% surge in shadow generative AI usage, with employees routing sensitive data through personal accounts that bypass enterprise controls entirely.

Three failure modes recur in large teams:

  • Manual key sprawl: Provider keys handed out individually drift out of policy the moment requirements change. There is no single place to update them.
  • Shared keys with no attribution: A team-wide key cannot enforce per-user budgets, so a single user can consume an entire department's quota and cost tracking becomes guesswork.
  • No automatic provisioning: New hires wait on manual key creation, and offboarded users keep working access far longer than they should.

Bifrost's governance model addresses each of these by treating access as policy that propagates, not as static credentials that are copied around.

How Access Profiles Govern AI Usage Across Large Teams

Access Profiles separate the policy from the people it applies to, using three layers: the template, the per-user copy, and the virtual key. The template is the policy authored once in the workspace. When a user becomes eligible, the Bifrost AI gateway clones the template into a per-user copy with fresh budget and rate-limit counters. It then issues a virtual key whose provider configs, budgets, rate limits, and MCP access are built from that copy.

Role-default auto-assignment

Access Profiles attach to roles, which is what makes them work at enterprise scale. When a profile is attached to a role and marked as the default for that role, two flows take effect. Existing members of the role can be provisioned at attach time, and any user who gains the role later is provisioned automatically the moment their role changes.

This integrates directly with user provisioning through OIDC and directory or group sync. When a new engineer is added to your identity provider and lands in the Engineer group, Bifrost issues their governed virtual key without an operator touching the system. Role changes only replace assignments that came from a role default, so profiles assigned directly to a user are preserved.

Managed virtual keys

Virtual keys issued by an Access Profile are tagged as profile-managed, which is the security mechanism that keeps governance intact. Direct edits to a managed key are blocked, except for cosmetic fields like name and description. To change what a managed key allows, an operator edits the template and propagates the change. A user with key-edit permission cannot weaken their own policy by editing the key directly, which removes a common path around centralized control.

Safe propagation

When policy changes, Access Profiles let operators push selected fields to every user copy in a single call. The propagate dialog allows choosing exactly which fields to update: provider configurations, budgets, rate limits, MCP tool groups, MCP servers, or tool overrides. Raising a monthly budget pushes only the new budget while preserving each user's accumulated month-to-date usage, so a policy edit does not silently reset everyone's spend counters. Tightening tool access can flow through without touching budgets at all.

What You Can Configure in an Access Profile

An Access Profile carries the full set of controls an enterprise needs to govern AI usage, all enforced at request time through the issued virtual key. Each profile can define:

  • Provider and model access: For each LLM provider, an allow-all toggle or an explicit model allowlist. An empty selection denies every model from that provider.
  • Global and per-provider budgets: Spend caps with reset durations of one hour, day, week, month, or year. Multiple budget lines can stack, combining a hard short-window cap with a softer long-window cap.
  • Token and request rate limits: Throttling on both tokens and requests, set globally or per provider, using the same duration pattern as budgets.
  • Calendar alignment: An option to reset budgets and rate limits at the start of each calendar period (midnight UTC, week start, month start) instead of rolling from creation time.
  • MCP tool access: Reference MCP tool groups, grant entire MCP servers, or override individual tools with include or exclude actions.
  • Tags and active state: Up to 50 free-form tags for grouping, plus an active flag to deactivate a profile without deleting it.

Because these controls map directly onto Bifrost's underlying budget and rate-limit primitives, a profile is not an abstraction layered on top of governance. It is governance, expressed as a template that scales.

Securing AI Access with RBAC, Data Scoping, and Audit Trails

Access Profiles define what users can do, and three adjacent capabilities in the Bifrost platform control who can manage those profiles and prove what happened. Together they form the security layer enterprises and regulated industries require.

Role-based access control defines the roles that profiles auto-attach to and the fine-grained permissions each role holds, so the right policy reaches the right people automatically. Data access control scopes which profiles each operator can even see, which matters when different business units must remain isolated from one another. Every change to a profile is recorded with a full snapshot history, and audit logs provide immutable trails suitable for SOC 2, GDPR, HIPAA, and ISO 27001 compliance.

For organizations worried about sensitive data reaching models, Bifrost also supports guardrails, including secrets detection that catches API keys and credentials in prompts and completions. The combination of access profiles, RBAC, data scoping, audit logging, and guardrails gives platform teams a way to enable AI broadly while keeping the enterprise governance surface under control.

How do Access Profiles handle offboarding?

Because keys are profile-managed and assignments follow roles, removing a user from a role through your identity provider revokes the role-default assignment and the access it granted. There is no orphaned raw key left active after a user leaves.

Can different teams have different model and budget rules?

Yes. Each profile is independent, so an Engineering profile can grant broad model access with a high budget while an Analytics profile permits a narrow model set with a tight monthly cap. Both enforce per-user counters.

Implementing Access Profiles for Your Team

Rolling out Access Profiles follows a consistent pattern regardless of team size. Bifrost exposes profile management through the web UI under Governance and Access Control.

  1. Author the profile: Define provider access, model allowlists, budgets, rate limits, and MCP tool access for a representative group such as Engineering.
  2. Attach it to a role: From the Roles page, attach the profile and mark it as the default for new users in that role.
  3. Backfill existing members: Toggle the option to apply the profile to everyone who already holds the role. Bifrost issues a governed virtual key for each member.
  4. Propagate changes as policy evolves: When budgets or tool access need adjustment, edit the template and propagate only the changed fields, preserving accumulated usage.

For teams deploying in regulated environments, air-gapped networks, or private cloud, Access Profiles are part of Bifrost Enterprise, which supports in-VPC and on-prem deployment alongside advanced governance features like OIDC single sign-on and team sync. The same model that governs a 50-person engineering org governs a Fortune 500 deployment without changing the underlying approach.

Getting Started with Bifrost

Enterprise AI governance does not have to mean manual key distribution and untracked spend. With Access Profiles, Bifrost turns access policy into reusable templates that auto-provision governed virtual keys, enforce per-user budgets and model limits, and keep control intact through managed keys, RBAC, and audit trails. It is the same centralized approach to securing AI usage across large teams that scales from a single team to a regulated enterprise, with further detail available across the Bifrost resources hub.

To see how Access Profiles and the broader governance model fit your environment, book a demo with the Bifrost team.

Read next