Stop sensitive data from leaking into LLM prompts. Drop-in OpenAI SDK compatible.
PII redaction Β· Secret detection Β· Prompt injection blocking Β· Self-hosted via Docker Β· Apache 2.0
Get Started Β· Docs Β· OSS vs Cloud Β· Managed Cloud (1M free credits)
βββββββββββββββββββββββββββββββ
β AISG Gateway β
ββββββββββββ β β ββββββββββββββββ
β β POST β 1. Auth (API key) β β β
β Your App ββββββββββββΈβ 2. Resolve provider/model ββββββββββββΈβ LLM Provider β
β β β 3. DLP scan (Presidio) β β (Groq/OpenAI)β
β βββββββββββββ 4. Block or redact βββββββββββββ β
ββββββββββββ response β 5. Forward to upstream β response ββββββββββββββββ
β 6. Return with metadata β
β β
β ββββββββββββ β
β β Presidio β β
β β (PII/NER)β β
β ββββββββββββ β
βββββββββββββββββββββββββββββββ
AISG is an OpenAI-compatible proxy that acts as an AI firewall. It sits between your app and LLM providers, scanning every request for PII, secrets, and prompt injection attacks before anything reaches the model.
- PII Redaction β emails, phone numbers, credit cards, SSNs, names, locations, IP addresses
- Secret Detection β API keys, AWS credentials, GitHub tokens, private keys, Slack webhooks
- Prompt Injection Blocking β detects jailbreak and instruction override attempts
- OpenAI SDK Compatible β drop-in replacement, change one line of code
- Multi-Provider Routing β BYOK, swap providers in config
- Fail-Closed Security β if the safety layer is down, requests are blocked, never forwarded unscanned
- Zero Cloud Dependencies β runs entirely on your machine via Docker
- No Telemetry β zero external calls, no analytics, no phone-home
git clone https://github.com/aisecuritygateway/aisecuritygateway.git
cd aisecuritygateway
cp .env.example .env # add your provider key
docker compose up --build # gateway + presidiocurl http://localhost:8000/v1/chat/completions \
-H "Authorization: Bearer change-me-to-a-real-secret" \
-H "Content-Type: application/json" \
-d '{
"model": "llama-3.3-70b-versatile",
"messages": [{"role": "user", "content": "My email is alice@acme.com and SSN is 123-45-6789"}]
}'The gateway redacts the email and SSN before forwarding. The response includes aisg_metadata.pii_detected: true.
| PII (Presidio built-ins) | Developer Secrets (custom) | Prompt Injection |
|---|---|---|
EMAIL_ADDRESS |
API_KEY (OpenAI, Anthropic, GCP) |
Ignore previous instructions |
PHONE_NUMBER |
AWS_ACCESS_KEY |
Disregard your rules |
CREDIT_CARD |
PRIVATE_KEY (RSA, EC, etc.) |
System prompt extraction |
US_SSN |
GITHUB_TOKEN (PAT, OAuth) |
DAN / jailbreak attempts |
PERSON, LOCATION |
SLACK_WEBHOOK |
Developer mode exploits |
IP_ADDRESS |
13 entity types out of the box β the managed cloud extends this to 28+ with OCR image scanning.
- Fail-closed by default β if Presidio is unreachable, requests are blocked, never forwarded unscanned
- Auth by default β API key authentication enabled out of the box
- No telemetry β zero external calls, no analytics, no phone-home
- Secret scrubbing β structured logs automatically mask API keys and tokens
- Rate limiting β token bucket per API key (default 10 req/sec)
This repo gives you the core AI security proxy. The managed AI Security Gateway Cloud adds everything you need to run it across teams at scale.
| OSS (this repo) | Cloud | |
|---|---|---|
| PII detection & redaction (text) | 13 entity types | 28+ entity types |
| OCR image scanning | β | Yes |
| Secret leak prevention | 5 recognizers | Extended (incl. AWS Secret Key, crypto, MAC) |
| Prompt injection blocking | 5 core patterns | Extended pattern library |
| Routing | Header-based (x-provider) |
Smart Router + real-time pricing |
| Failover | β | Automatic intelligent chains |
| Cost optimization | β | Automatic (cheapest per request) |
| Budget enforcement | β | Per-project caps + alerts + analytics |
| Self-hosted | Yes | Managed |
| Multi-project management | β | Yes |
| Project-level DLP policies | β | Yes |
| Dashboards, leak reports & analytics | β | Yes |
| Real-time model pricing registry | β | Yes |
| Managed provider keys (no BYOK required) | β | Yes |
| SLA & support | Community | Yes |
Skip the setup? aisecuritygateway.ai β everything here plus dashboards, smart cost routing, and 8+ providers. 1M free credits, no credit card.
β Star the repo Β· Learn more Β· Try the managed cloud free
Security Β· License (Apache 2.0) Β· LinkedIn Β· X / Twitter Β· YouTube
Built by Datum Fuse LLC β making AI safe by default.