Meilynx logo

Meilynx

← All posts

Introducing Meilynx

Why I'm building Meilynx, what it is today, what's coming, and how regulated teams can join the design partner program.

Cassio MeloCassio MeloCo-Founder3 min readGovernance

I started Meilynx because the teams I kept hearing from family and friends in various industries — banks, hedge funds, healthcare platforms — all said a version of the same thing: "we want to use LLMs in production, but we can't get sign-off." Security couldn't write the controls. Finance couldn't see the spend. The tools they tried solved one problem or the other, never both, and almost never for regulated environments.

So that's what Meilynx does: governance and cost observability for AI workloads, built for the auditors a CISO actually has to sit across from.

What it is

Meilynx sits between your applications and your LLM providers and enforces policy inline — model allowlists, cost caps, content rules, and an audit trail an examiner can read. You change one environment variable in your application; nothing else changes.

Most AI governance tools focus on the security layer or the cost layer. Meilynx does both, in one place, with the audit trail an examiner expects.

A piece of policy is just a file. Here's what allowlisting models and capping per-request spend looks like:

# governance.yaml
validators:
  - name: model-allowlist
    apply_to: request
    models:
      - claude-opus-4-7
      - claude-sonnet-4-6
      - gpt-5-mini
  - name: cost-cap
    apply_to: request
    max_usd_per_request: 2.50
    period_caps:
      daily_usd: 250.00

Compliant. Auditable. Under control.

What's coming

A few things on the near roadmap:

  • Expanded compliance pack coverage. Preset bundles ship today for SR 11-7, NYDFS 500, FINRA 24-09, and SOC 2 Type II. HIPAA, EU AI Act, ISO 42001, and NIST AI RMF are configurable now and getting curated bundles next.
  • Broader deployment options. Managed and Self-Hosted are live. Bring Your Storage, where audit data lands in your own infrastructure while we operate the proxy, comes online next.
  • Deeper FinOps correlation. Beyond per-request cost caps, we're working on tying spend to outcomes — which workflows are economically viable, which aren't, and how that shifts as models reprice or change capability.

Design partner program

The design partner program is open. We're working closely with a small number of teams in financial services, healthcare, and other regulated industries running production AI workloads — CISOs, FinOps leads, and the platform teams who carry the weight of getting AI into production safely.

Partners get early access, direct input on the roadmap, and pilot pricing.

If that's you, write to partners@meilynx.com.

FAQ

Frequently asked

Where does Meilynx run?

In every deployment mode, Meilynx runs in per-customer isolated infrastructure — your data is never mixed with another customer's. Managed: we operate the proxy in a per-customer environment, ~1 day to deploy. Bring Your Storage (BYOS): audit data lands in your storage; we operate the proxy. Self-Hosted: you operate the proxy in your environment, 1–2 weeks to deploy.

Is the proxy open source?

The proxy is going Apache 2.0 at SOC 2 GA — before our first paying customer. Design partners get source access today under mutual NDA.

What is the SOC 2 status?

SOC 2 Type I audit is engaged with Prescient Assurance; fieldwork is scheduled and the report is targeted for early July 2026. Type II observation begins immediately after. Initial scope covers the Security and Confidentiality Trust Service Criteria across our Managed and Self-Hosted deployment modes.