AI & MCP
In depth: Speakeasy vs TrueFoundry
Nolan Sullivan
- 12 min read
NOTE
This comparison of Speakeasy and TrueFoundry reflects the state of both products as of June 2026. This is a fast-moving category and both companies ship quickly, so some specifics will age. We also won’t pretend to be neutral: we build Speakeasy, and we think the architecture we’ve chosen is the right one for enterprise AI governance. But we’ll show our work, link to primary sources for every claim we make about TrueFoundry, and be honest about where TrueFoundry is strong. If you think we need to update this post, let us know.
Speakeasy and TrueFoundry both sit on the path between AI and enterprise systems, but they were built to solve different problems.
- TrueFoundry is a gateway company. Its flagship is an AI gateway that routes application traffic across more than 250 LLMs, with an MCP gateway and a newly launched Agent Gateway extending the same routing infrastructure.
- Speakeasy is a security and governance company. It builds the AI control plane: an MCP gateway, real-time threat detection, policy enforcement, audit logging, and adoption analytics for securing and governing AI usage across an entire organization.
How is Speakeasy different?
1. Speakeasy is built for security and governance; TrueFoundry is built for routing
What each product treats as the core job reveals its priorities:
- TrueFoundry’s core job is moving model traffic reliably: load balancing, automatic failover, rate limiting, semantic caching, and cost controls, with vendor-stated sub-3ms internal latency . Security and governance features attach to that pipe.
- Speakeasy’s core job is securing and governing AI usage: every interaction inspected for threats and data leaks in real time, every tool scoped to a policy, every action attributed to an identity and written to an audit trail. Connectivity exists to serve that.
The difference shows up in the defaults. On TrueFoundry, audit logs and advanced governance are gated to the custom-priced Enterprise tier, per its pricing page . On Speakeasy, the audit trail is the product.
Meanwhile, Speakeasy does not ship a traditional LLM gateway today. If the immediate problem is routing application traffic across model providers with failover and caching, TrueFoundry solves that problem and Speakeasy does not yet.
2. Speakeasy governs people and agents; TrueFoundry routes application traffic
Who each product serves is different:
- TrueFoundry sells to platform and ML engineering teams. Its heritage is a Kubernetes-native ML deployment platform, and its gateways govern the traffic of applications those teams build and run.
- Speakeasy governs organization-wide AI usage: employees using Claude, ChatGPT, Cursor, and Copilot, plus the agents and assistants built on top of company data, all under one identity, policy, and audit model.
Broadly, TrueFoundry answers “is our application’s model traffic fast, cheap, and reliable?” Speakeasy answers “is our company’s AI usage secure, governed, and measurable?“
3. Speakeasy’s MCP gateway is the core product; TrueFoundry’s is an extension
Both companies ship an MCP gateway, but they occupy different positions in each portfolio:
- Speakeasy’s MCP gateway is the center of the platform, built on years of API tooling: governed, token-efficient MCP servers generated directly from your APIs, curated toolsets, and a 50+ server catalog.
- TrueFoundry’s MCP gateway shipped in 2025 as an extension of its LLM gateway. The OAuth model is deep, but tool generation is a mechanical conversion bolted onto routing infrastructure.
The rest of this post compares features as they stand today, which is where the differences get concrete.
Evaluating platform capabilities
We evaluate each platform against the core functions of an AI control plane: connect, secure, control, observe.
Connect: an MCP gateway built as the product vs an MCP extension of an LLM gateway
Both platforms ship an MCP gateway, and the basics are covered on both sides. Speakeasy provides per-team registries with a catalog of 50+ pre-approved servers and SSO identity flowing through to every connection. TrueFoundry’s registry organizes public and self-hosted servers into groups with per-group access, ships a smaller prebuilt set (just Slack, Confluence, Sentry, Datadog), and handles OAuth, storing and refreshing tokens per user across seven outbound auth methods.
Speakeasy goes deeper everywhere else. It generates governed, token-efficient MCP servers from the API contract your teams already maintain, the place the most valuable internal data actually lives, and dynamic toolsets mean an agent loads only the tools a task needs. TrueFoundry’s converter is more limited. It produces one tool per endpoint from an API definition, a mapping its own engineering blog calls lossy, and its Virtual MCP Servers curate static tool subsets by hand. Speakeasy also reaches the clients employees already use (Claude Code, Claude Desktop, Cursor, ChatGPT) through plugins and a device agent, where TrueFoundry expects each agent to be pointed at its gateway endpoint.
On the model layer the advantage reverses. TrueFoundry’s gateway connects applications to more than 250 LLMs across OpenAI, Anthropic, Google, AWS Bedrock, Azure, and self-hosted models. Speakeasy does not offer model routing today.
Connect
Both gateways handle the basics: registry, existing servers, and managed OAuth, where TrueFoundry’s auth matrix runs deep. Speakeasy goes deeper everywhere else: a larger catalog, curated server generation from your APIs, dynamic toolsets, and reach into the clients employees use. Model routing is a capability Speakeasy doesn’t offer today.
Secure: native enforcement vs orchestrated third-party guardrails
Speakeasy inspects and enforces natively across the whole path: every prompt, response, and tool call in real time, with PII, credentials, and API keys blocked before they leave the perimeter and incidents routed to Slack, PagerDuty, or your SIEM. Detection, blocking, and the audit trail are one system, so a block is correlated with the prompt that caused it, the identity behind it, and the API behavior underneath.
TrueFoundry takes an orchestration approach. Its guardrails framework ships nine built-in checks (largely wrapping Azure services for content moderation, PII detection, and prompt-injection defense) and integrates 15 external guardrail vendors, applied per request via header or org-wide config. That flexibility comes at a cost: the burden of selecting, configuring, and paying for the detection stack shifts to the buyer, and the quality of enforcement depends on which third parties are wired in. We found no equivalent of session-trajectory analysis, shadow MCP detection, or tool-definition pinning in its documentation.
Secure
TrueFoundry’s guardrails framework is a flexible integration layer, a reasonable fit if you already have a guardrail vendor you trust. Speakeasy ships detection and enforcement as one native system, with coverage (trajectory analysis, shadow MCP, tool poisoning) that TrueFoundry’s docs don’t address.
Control: governance workflows vs gateway policy
Speakeasy enforces role-based permissions at the server, toolset, and individual tool level, with access that automatically follows existing roles from your IdP, credentials managed centrally, and human-in-the-loop approval workflows for high-risk or irreversible actions. The same policy plane covers MCP, agents, and assistants.
TrueFoundry’s access model goes deep at the gateway layer: RBAC and ABAC down to the individual tool, Cedar and OPA policy support , personal access tokens, virtual accounts, and secret-store credential vaulting. Two gaps matter for a security and governance buyer. Human approval shows up in its MCP documentation as a guardrail hook rather than a documented approval workflow with a reviewer surface. And audit logs, the evidence layer any policy program depends on, are an Enterprise-tier feature per the pricing page .
Control
TrueFoundry’s gateway policy engine is mature, and its quota and budget controls reflect its routing heritage. The governance gaps are the approval workflow and the tier-gating of audit logs.
Observe: organizational visibility vs traffic metrics
TrueFoundry’s observability is what you’d expect from a good gateway: request and response logging with metadata tagging, token, latency, and error dashboards, OpenTelemetry traces, and cost attribution by user, team, and environment. For the traffic that flows through its gateways, it is a solid operational view.
Speakeasy’s observability is aimed at a different question: not “how is the traffic performing?” but “how is the organization using AI?” Analytics span employees, agents, and assistants, with human-versus-agent task views, cost-by-model breakdowns, and security signals. Audit logs can be queried directly, analyzed via AI chat, or exported to your SIEM, and the trail correlates the prompt, the identity, the tool call, and the API behavior underneath in one place. On TrueFoundry, the equivalent audit evidence requires the Enterprise tier.
Observe
TrueFoundry measures its gateways; Speakeasy measures the organization. If leadership’s question is whether the AI mandate is working, team-level adoption analytics matter as much as traffic dashboards.
Architecture and delivery: usage-layer deployment vs Kubernetes-native infrastructure
Speakeasy supports three deployment modes: a cloud control plane and gateway, a device agent for managed machines, and plugins embedded directly in the AI clients and agents teams already use. That reach matters for governance, because much of an organization’s AI usage (an employee’s Claude Desktop, a developer’s Cursor) never routes through a server-side gateway.
TrueFoundry’s deployment story reflects its infrastructure heritage: SaaS, hybrid with a customer-hosted data plane, or fully self-hosted in your VPC, on-prem, and even air-gapped, all Kubernetes-native. What it does not have is any presence on the device or in the client. If AI usage doesn’t route through its gateway, TrueFoundry doesn’t see it.
Architecture and delivery
TrueFoundry’s self-hosting depth, including air-gapped deployment, matters for regulated infrastructure teams. Speakeasy’s edge is coverage of the AI usage that never touches a server-side gateway.
Enterprise readiness and track record
Both companies hold SOC 2 Type 2 and HIPAA, per TrueFoundry’s compliance announcement , and both claim GDPR coverage. Speakeasy adds ISO 27001 certification, which TrueFoundry does not list. Both integrate with enterprise identity providers: SSO with Okta, Entra, and Auth0.
Enterprise readiness and track record
Compliance is close to even apart from ISO 27001. The track-record difference isn’t age, it’s domain: TrueFoundry is proven at routing and serving, while its governance surface is the newest part of its portfolio.
When to choose Speakeasy vs TrueFoundry
Choose Speakeasy if security and governance are the job: you want native security enforcement (PII blocking, prompt-injection detection, shadow MCP detection, tool-poisoning defense) rather than assembling third-party guardrails, you need one identity, policy, and audit model across employees, agents, assistants, and MCP, turning your internal API surface into curated, token-efficient tools is central to your AI program, or ISO 27001 and an ungated audit trail are requirements.
Choose TrueFoundry if your immediate problem is model traffic: routing application requests across many LLM providers with failover, caching, and cost controls, especially if you also run self-hosted models on Kubernetes and want serving, fine-tuning, and the gateway from one vendor. Its air-gapped self-hosting and Cedar/OPA policy support fit regulated platform teams.
Recommendations by team type
Best fit by team
The bottom line
TrueFoundry is a capable AI gateway company. At the model layer it is strong: multi-provider routing, failover, quota and budget controls, deep self-hosting, and a guardrails framework that integrates much of the AI security ecosystem. Its MCP gateway and Agent Gateway extend that infrastructure toward governance, with OAuth handling as the most developed part.
Speakeasy is a security and governance company. The control plane secures and governs every AI surface (employees, agents, assistants, MCP servers, and the APIs underneath) with native threat detection and enforcement instead of orchestrated third-party guardrails, approval workflows instead of policy hooks, an audit trail that isn’t gated to a pricing tier, and connectors manufactured from your API contracts rather than mechanically converted.
The deciding question is which job you’re hiring for. If it’s moving model traffic, TrueFoundry is built for that, and Speakeasy doesn’t ship an LLM gateway today. If it’s securing and governing how your organization uses AI, the depth lives on the other side, and that’s the AI control plane we’ve built. Score both against the evaluation checklist and the difference in posture shows up line by line.
TrueFoundry is an AI gateway company: its flagship product routes application traffic across more than 250 LLMs, with an MCP gateway and Agent Gateway extending that routing infrastructure. Speakeasy is an AI control plane built for security and governance: native threat detection, identity, policy enforcement, audit logging, and adoption analytics across every AI surface in an organization, including the employees and AI clients that never route through a server-side gateway.
TrueFoundry describes its combined LLM, MCP, and Agent Gateways as a unified control plane, but its architecture is a set of gateways: governance applies to the traffic routed through them. An AI control plane additionally covers the usage layer (device agents, in-client plugins, organization-wide identity, and adoption measurement) that gateway-only architectures can’t see. The distinction is explored in AI gateway vs MCP gateway vs AI control plane.
Yes. TrueFoundry’s MCP gateway shipped in 2025 and includes a server registry, a deep OAuth model, tool-level RBAC, and virtual MCP servers for curating tool subsets. The differences are depth and defaults: Speakeasy generates curated, token-efficient servers from your APIs with dynamic toolsets, ships native threat detection including shadow MCP and tool-poisoning defense, and includes audit logging on every tier, where TrueFoundry gates audit logs to its Enterprise plan.
Not a traditional one today. Speakeasy governs model usage through agent hooks and in-client plugins, inspecting prompts and responses and tracking cost by model, but it does not route application traffic across model providers with failover and caching. If multi-provider model routing is the immediate requirement, that is TrueFoundry’s core strength.
Yes, via a gateway-side converter that generates tools from an API definition at registration time. TrueFoundry’s own engineering blog notes the mapping is lossy for pagination, webhooks, streaming, and binary uploads. Speakeasy’s approach is curation rather than conversion: governed servers generated from the API contract, kept token-efficient with dynamic toolsets so agents load only the tools a task needs.
TrueFoundry holds SOC 2 Type 2 and HIPAA per its compliance announcement , and claims GDPR coverage on its product pages. It does not list ISO 27001. Speakeasy meets SOC 2 Type 2, HIPAA, and GDPR and adds ISO 27001 certification.
When the problem is model traffic rather than AI security and governance. TrueFoundry’s multi-provider routing, failover, semantic caching, and quota controls are mature, its Kubernetes-native stack adds model serving and fine-tuning, and its fully self-hosted and air-gapped deployment options suit regulated platform teams. Teams already running self-hosted models on Kubernetes get the most from it.
Questions about this comparison, or think we’ve got something wrong? Talk to our team.