Drop-in AI security proxy. Redacts PII, blocks prompt injection, enforces spend limits β before prompts reach any LLM.
OpenAI SDK compatible. Change your base URL. Two lines of code.
Get Started Β· Docs Β· OSS vs Cloud Β· Managed Cloud (1M free credits)
Every LLM application we audited had the same problem: sensitive data flowing directly from user prompts to third-party AI providers, unfiltered.
AI Security Gateway is the control layer that sits between your application and any LLM provider β scanning every request for PII, secrets, and prompt injection attacks before anything reaches the model.
ββββββββββββ βββββββββββββββββββββββββββββββ ββββββββββββββββ
β β POST β AISG Gateway β β β
β Your App ββββββββββββΈβ 1. Auth (API key) ββββββββββββΈβ LLM Provider β
β β β 2. DLP scan (Presidio) β β(OpenAI/Groq) β
β βββββββββββββ 3. Block or redact PII βββββββββββββ β
ββββββββββββ response β 4. Forward to upstream β response ββββββββββββββββ
β 5. Return with metadata β
βββββββββββββββββββββββββββββββ
- PII Redaction β 13 entity types out of the box: emails, phone numbers, credit cards, SSNs, names, locations, IP addresses, and more
- Secret Detection β API keys (OpenAI, Anthropic, Google, AWS), GitHub tokens, private keys, Slack webhooks
- Prompt Injection Blocking β jailbreaks, DAN variants, instruction overrides, system prompt extraction, developer mode exploits
- OpenAI SDK Compatible β drop-in replacement, change one line of code
- Multi-Provider Routing β BYOK, swap providers in config
- Fail-Closed Security β if the safety layer is down, requests are blocked, never forwarded unscanned
- Zero Cloud Dependencies β runs entirely on your infrastructure via Docker
- No Telemetry β zero external calls, no analytics, no phone-home
git clone https://github.com/aisecuritygateway/aisecuritygateway.git
cd aisecuritygateway
cp .env.example .env # add your provider key
docker compose up --build # gateway + presidiocurl http://localhost:8000/v1/chat/completions \
-H "Authorization: Bearer change-me-to-a-real-secret" \
-H "Content-Type: application/json" \
-d '{
"model": "llama-4-maverick",
"messages": [{"role": "user", "content": "My email is alice@acme.com and SSN is 123-45-6789"}]
}'The gateway redacts the email and SSN before forwarding. The response includes aisg_metadata.pii_detected: true.
| PII (Presidio built-ins) | Developer Secrets (custom) | Prompt Injection |
|---|---|---|
EMAIL_ADDRESS |
API_KEY (OpenAI, Anthropic, GCP) |
Ignore previous instructions |
PHONE_NUMBER |
AWS_ACCESS_KEY |
Disregard your rules |
CREDIT_CARD |
PRIVATE_KEY (RSA, EC, etc.) |
System prompt extraction |
US_SSN |
GITHUB_TOKEN (PAT, OAuth) |
DAN / jailbreak attempts |
PERSON, LOCATION |
SLACK_WEBHOOK |
Developer mode exploits |
IP_ADDRESS |
SYSTEM OVERRIDE impersonation |
13 entity types self-hosted β the managed cloud extends this to 30+ entity types with OCR image scanning, street addresses, crypto addresses, medical identifiers, and more.
- Fail-closed by default β if Presidio is unreachable, requests are blocked, never forwarded unscanned
- Auth by default β API key authentication enabled out of the box
- No telemetry β zero external calls, no analytics, no phone-home
- Secret scrubbing β structured logs automatically mask API keys and tokens
- Rate limiting β token bucket per API key (default 10 req/sec)
Designed for teams building GDPR, HIPAA, and SOC 2-compliant AI applications. Prompts are never stored.
This repo gives you the core AI security proxy. The managed AI Security Gateway Cloud adds everything you need to run it across teams at scale.
| OSS (this repo) | Cloud | |
|---|---|---|
| PII detection & redaction (text) | 13 entity types | 30+ entity types |
| OCR image scanning | β | Yes |
| Secret leak prevention | 5 recognizers | Extended (incl. Groq, AWS Secret Key, crypto, MAC) |
| Prompt injection blocking | 5 core patterns | Extended pattern library + SYSTEM OVERRIDE |
| Routing | Header-based (x-provider) |
Smart Router + real-time pricing |
| Failover | β | Automatic intelligent chains |
| Cost optimization | β | Automatic (cheapest per request) |
| Budget enforcement | β | Per-project caps + alerts + analytics |
| Model discovery API | β | GET /v1/models with 300+ models |
| Self-hosted | Yes | Managed |
| Multi-project management | β | Yes |
| Project-level DLP policies | β | Yes |
| Dashboards, leak reports & analytics | β | Yes |
| Real-time model pricing registry | β | Yes |
| Managed provider keys (no BYOK required) | β | Yes |
| SLA & support | Community | Yes |
Skip the setup? aisecuritygateway.ai β everything here plus dashboards, smart cost routing, and 8+ providers. 1M free credits, no credit card.
β Star the repo Β· Learn more Β· Try the managed cloud free
Security Β· License (Apache 2.0) Β· Crunchbase Β· LinkedIn Β· X / Twitter Β· YouTube
Built by Datum Fuse LLC β making AI safe by default.