Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	The Board recognizes the critical importance of maintaining the trust and confidence of our employees, customers, shareholders and other stakeholders. Among other areas of responsibility, the Board has oversight responsibilities in relation to the Company’s risk management program, and cybersecurity represents an important component of the Company’s overall approach to enterprise risk management (“ERM”). The Company’s cybersecurity policies and practices are integrated into the Company’s ERM program and our risk goals are guided by internationally recognized standards and frameworks that help us to identify, assess, and manage risks relevant to our business. In general, the Company manages our cybersecurity risk using an evidence- and risk-based approach designed to reduce risks and thereby protect the Company’s mission, business, and stakeholders, rather than focusing upon meeting any specific technical specifications. Risk Management and Strategy The Company’s cybersecurity program is focused on the following key areas: •Governance: As discussed in more detail below, the Board’s oversight of cybersecurity risk management is supported by its Audit Committee, which interacts with the Company’s ERM function, the Company’s Senior Vice President and Chief Information Officer (“CIO”), the Global Head of IT Security, who reports directly to the CIO, and other relevant members of management. •Collaborative Approach: We have implemented a cross-functional approach to identifying, mitigating, and managing cybersecurity risks, threats, and incidents through a broad range of controls and supporting processes. •Technical Safeguards: We deploy various technical safeguards that are designed to protect the Company’s information systems and data from cybersecurity threats. •Incident Response and Recovery Planning: We have established, and maintain, an incident response plan that addresses the Company’s planned responses to a potential or actual cybersecurity incident. This plan is periodically reviewed, tested, and evaluated. The incident response plan also includes consideration of disclosure requirements and communication to appropriate parties within the Company. •Third-Party Risk Management: We take a risk-based approach to identifying the cybersecurity risks presented by third-party service providers, including by conducting a security assessment and an evaluation of AI usage of prospective vendors where warranted. •Education and Awareness: We provide training for our employees regarding cybersecurity threats as a means to build awareness and equip them with effective tools to identify and address cybersecurity threats, as well as to communicate the Company’s evolving information security policies and practices. We engage in the periodic assessment and testing of our cybersecurity policies and practices. These efforts include a range of activities focused on evaluating the effectiveness of our cybersecurity measures and planning. We engage third parties to perform assessments on various aspects of our cybersecurity measures, including information security maturity assessments, audits, and reviews of our information security control environment and operating effectiveness. The results of such assessments, audits, and reviews are reported to senior management and the Audit Committee, and we adjust our cybersecurity processes as necessary based on the information provided by these assessments, audits, and reviews.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	The Company’s cybersecurity policies and practices are integrated into the Company’s ERM program and our risk goals are guided by internationally recognized standards and frameworks that help us to identify, assess, and manage risks relevant to our business.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	true
Cybersecurity Risk Board of Directors Oversight [Text Block]	Through its Audit Committee, the Board oversees the Company’s ERM program, including risks arising from cybersecurity threats. The Audit Committee receives periodic presentations and reports on cybersecurity risks addressing recent developments, evolving standards, third-party and independent reviews, the threat environment, technological trends, and information security considerations arising with respect to the Company’s peers and third parties. The Audit Committee also receives information regarding cybersecurity incidents impacting the Company that are deemed more significant under the cybersecurity incident response plan, as well as ongoing updates regarding any such incidents until they have been addressed. The Audit Committee discusses the Company’s approach to cybersecurity risk management with GATX senior management, including the CIO and the Global Head of IT Security, who has responsibility for assessing and managing material risks from cybersecurity threats. A cybersecurity group within GATX’s IT department, led by the Global Head of IT Security, works collaboratively across the Company to administer a program designed to protect the Company’s information systems and information from cybersecurity threats and to execute processes in accordance with the Company’s incident response plan. To facilitate the Company’s cybersecurity risk management program, multidisciplinary teams are deployed to address cybersecurity threats and to respond to cybersecurity incidents. Through ongoing communications with these teams and the cybersecurity group, the Global Head of IT Security monitors the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents and reports such threats and incidents to the Audit Committee when appropriate. The CIO has over 26 years of experience in information technology, including over 19 years managing the cybersecurity function and resources. The Global Head of IT Security has over 16 years of experience in information technology and information security, including over 11 years of leadership roles within the information security domain, and holds multiple certifications in cybersecurity and risk management.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Through its Audit Committee, the Board oversees the Company’s ERM program, including risks arising from cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit Committee receives periodic presentations and reports on cybersecurity risks addressing recent developments, evolving standards, third-party and independent reviews, the threat environment, technological trends, and information security considerations arising with respect to the Company’s peers and third parties. The Audit Committee also receives information regarding cybersecurity incidents impacting the Company that are deemed more significant under the cybersecurity incident response plan, as well as ongoing updates regarding any such incidents until they have been addressed. The Audit Committee discusses the Company’s approach to cybersecurity risk management with GATX senior management, including the CIO and the Global Head of IT Security, who has responsibility for assessing and managing material risks from cybersecurity threats.
Cybersecurity Risk Role of Management [Text Block]	A cybersecurity group within GATX’s IT department, led by the Global Head of IT Security, works collaboratively across the Company to administer a program designed to protect the Company’s information systems and information from cybersecurity threats and to execute processes in accordance with the Company’s incident response plan. To facilitate the Company’s cybersecurity risk management program, multidisciplinary teams are deployed to address cybersecurity threats and to respond to cybersecurity incidents. Through ongoing communications with these teams and the cybersecurity group, the Global Head of IT Security monitors the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents and reports such threats and incidents to the Audit Committee when appropriate.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	A cybersecurity group within GATX’s IT department, led by the Global Head of IT Security, works collaboratively across the Company to administer a program designed to protect the Company’s information systems and information from cybersecurity threats and to execute processes in accordance with the Company’s incident response plan.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The CIO has over 26 years of experience in information technology, including over 19 years managing the cybersecurity function and resources. The Global Head of IT Security has over 16 years of experience in information technology and information security, including over 11 years of leadership roles within the information security domain, and holds multiple certifications in cybersecurity and risk management.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Audit Committee receives periodic presentations and reports on cybersecurity risks addressing recent developments, evolving standards, third-party and independent reviews, the threat environment, technological trends, and information security considerations arising with respect to the Company’s peers and third parties. The Audit Committee also receives information regarding cybersecurity incidents impacting the Company that are deemed more significant under the cybersecurity incident response plan, as well as ongoing updates regarding any such incidents until they have been addressed. The Audit Committee discusses the Company’s approach to cybersecurity risk management with GATX senior management, including the CIO and the Global Head of IT Security, who has responsibility for assessing and managing material risks from cybersecurity threats.A cybersecurity group within GATX’s IT department, led by the Global Head of IT Security, works collaboratively across the Company to administer a program designed to protect the Company’s information systems and information from cybersecurity threats and to execute processes in accordance with the Company’s incident response plan. To facilitate the Company’s cybersecurity risk management program, multidisciplinary teams are deployed to address cybersecurity threats and to respond to cybersecurity incidents. Through ongoing communications with these teams and the cybersecurity group, the Global Head of IT Security monitors the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents and reports such threats and incidents to the Audit Committee when appropriate.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The Board recognizes the critical importance of maintaining the trust and confidence of our employees, customers, shareholders and other stakeholders. Among other areas of responsibility, the Board has oversight responsibilities in relation to the Company’s risk management program, and cybersecurity represents an important component of the Company’s overall approach to enterprise risk management (“ERM”). The Company’s cybersecurity policies and practices are integrated into the Company’s ERM program and our risk goals are guided by internationally recognized standards and frameworks that help us to identify, assess, and manage risks relevant to our business. In general, the Company manages our cybersecurity risk using an evidence- and risk-based approach designed to reduce risks and thereby protect the Company’s mission, business, and stakeholders, rather than focusing upon meeting any specific technical specifications.

Risk Management and Strategy

The Company’s cybersecurity program is focused on the following key areas:

•Governance: As discussed in more detail below, the Board’s oversight of cybersecurity risk management is supported by its Audit Committee, which interacts with the Company’s ERM function, the Company’s Senior Vice President and Chief Information Officer (“CIO”), the Global Head of IT Security, who reports directly to the CIO, and other relevant members of management.

•Collaborative Approach: We have implemented a cross-functional approach to identifying, mitigating, and managing cybersecurity risks, threats, and incidents through a broad range of controls and supporting processes.

•Technical Safeguards: We deploy various technical safeguards that are designed to protect the Company’s information systems and data from cybersecurity threats.

•Incident Response and Recovery Planning: We have established, and maintain, an incident response plan that addresses the Company’s planned responses to a potential or actual cybersecurity incident. This plan is periodically reviewed, tested, and evaluated. The incident response plan also includes consideration of disclosure requirements and communication to appropriate parties within the Company.

•Third-Party Risk Management: We take a risk-based approach to identifying the cybersecurity risks presented by third-party service providers, including by conducting a security assessment and an evaluation of AI usage of prospective vendors where warranted.

•Education and Awareness: We provide training for our employees regarding cybersecurity threats as a means to build awareness and equip them with effective tools to identify and address cybersecurity threats, as well as to communicate the Company’s evolving information security policies and practices.

We engage in the periodic assessment and testing of our cybersecurity policies and practices. These efforts include a range of activities focused on evaluating the effectiveness of our cybersecurity measures and planning. We engage third parties to perform assessments on various aspects of our cybersecurity measures, including information security maturity assessments, audits, and reviews of our information security control environment and operating effectiveness. The results of such assessments, audits, and reviews are reported to senior management and the Audit Committee, and we adjust our cybersecurity processes as necessary based on the information provided by these assessments, audits, and reviews.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

The Company’s cybersecurity policies and practices are integrated into the Company’s ERM program and our risk goals are guided by internationally recognized standards and frameworks that help us to identify, assess, and manage risks relevant to our business.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Through its Audit Committee, the Board oversees the Company’s ERM program, including risks arising from cybersecurity threats. The Audit Committee receives periodic presentations and reports on cybersecurity risks addressing recent developments, evolving standards, third-party and independent reviews, the threat environment, technological trends, and information security considerations arising with respect to the Company’s peers and third parties. The Audit Committee also receives information regarding cybersecurity incidents impacting the Company that are deemed more significant under the cybersecurity incident response plan, as well as ongoing updates regarding any such incidents until they have been addressed. The Audit Committee discusses the Company’s approach to cybersecurity risk management with GATX senior management, including the CIO and the Global Head of IT Security, who has responsibility for assessing and managing material risks from cybersecurity threats.

A cybersecurity group within GATX’s IT department, led by the Global Head of IT Security, works collaboratively across the Company to administer a program designed to protect the Company’s information systems and information from cybersecurity threats and to execute processes in accordance with the Company’s incident response plan. To facilitate the Company’s cybersecurity risk management program, multidisciplinary teams are deployed to address cybersecurity threats and to respond to cybersecurity incidents. Through ongoing communications with these teams and the cybersecurity group, the Global Head of IT Security monitors the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents and reports such threats and incidents to the Audit Committee when appropriate. The CIO has over 26 years of experience in information technology, including over 19 years managing the cybersecurity function and resources. The Global Head of IT Security has over 16 years of experience in information technology and information security, including over 11 years of leadership roles within the information security domain, and holds multiple certifications in cybersecurity and risk management.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Through its Audit Committee, the Board oversees the Company’s ERM program, including risks arising from cybersecurity threats.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The CIO has over 26 years of experience in information technology, including over 19 years managing the cybersecurity function and resources. The Global Head of IT Security has over 16 years of experience in information technology and information security, including over 11 years of leadership roles within the information security domain, and holds multiple certifications in cybersecurity and risk management.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The Audit Committee receives periodic presentations and reports on cybersecurity risks addressing recent developments, evolving standards, third-party and independent reviews, the threat environment, technological trends, and information security considerations arising with respect to the Company’s peers and third parties. The Audit Committee also receives information regarding cybersecurity incidents impacting the Company that are deemed more significant under the cybersecurity incident response plan, as well as ongoing updates regarding any such incidents until they have been addressed. The Audit Committee discusses the Company’s approach to cybersecurity risk management with GATX senior management, including the CIO and the Global Head of IT Security, who has responsibility for assessing and managing material risks from cybersecurity threats.A cybersecurity group within GATX’s IT department, led by the Global Head of IT Security, works collaboratively across the Company to administer a program designed to protect the Company’s information systems and information from cybersecurity threats and to execute processes in accordance with the Company’s incident response plan. To facilitate the Company’s cybersecurity risk management program, multidisciplinary teams are deployed to address cybersecurity threats and to respond to cybersecurity incidents. Through ongoing communications with these teams and the cybersecurity group, the Global Head of IT Security monitors the prevention, detection, mitigation, and remediation of cybersecurity threats and incidents and reports such threats and incidents to the Audit Committee when appropriate.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true