Stop sensitive data from leaking into LLM prompts.
PII redaction Β· Secret detection Β· Prompt injection blocking Β· Self-hosted via Docker.
Get Started Β· Docs Β· OSS vs Cloud Β· Managed Cloud
βββββββββββββββββββββββββββββββ
β AISG Gateway β
ββββββββββββ β β ββββββββββββββββ
β β POST β 1. Auth (API key) β β β
β Your App ββββββββββββΈβ 2. Resolve provider/model ββββββββββββΈβ LLM Provider β
β β β 3. DLP scan (Presidio) β β (Groq/OpenAI)β
β βββββββββββββ 4. Block or redact βββββββββββββ β
ββββββββββββ response β 5. Forward to upstream β response ββββββββββββββββ
β 6. Return with metadata β
β β
β ββββββββββββ β
β β Presidio β β
β β (PII/NER)β β
β ββββββββββββ β
βββββββββββββββββββββββββββββββ
AISG is an OpenAI-compatible proxy that acts as an AI firewall. It sits between your app and LLM providers, scanning every request for PII, secrets, and prompt injection attacks before anything reaches the model.
- PII Redaction β emails, phone numbers, credit cards, SSNs, names, locations, IP addresses
- Secret Detection β API keys, AWS credentials, GitHub tokens, private keys, Slack webhooks
- Prompt Injection Blocking β detects jailbreak and instruction override attempts
- Multi-Provider Routing β OpenAI-compatible API, BYOK, swap providers in config
- Fail-Closed Security β if the safety layer is down, requests are blocked, never forwarded unscanned
- Zero Cloud Dependencies β runs entirely on your machine via Docker
git clone https://github.com/aisecuritygateway/aisecuritygateway.git
cd aisecuritygateway
cp .env.example .env # add your provider key
docker compose up --build # gateway + presidiocurl http://localhost:8000/v1/chat/completions \
-H "Authorization: Bearer change-me-to-a-real-secret" \
-H "Content-Type: application/json" \
-d '{
"model": "llama-3.3-70b-versatile",
"messages": [{"role": "user", "content": "My email is alice@acme.com and SSN is 123-45-6789"}]
}'The gateway redacts the email and SSN before forwarding. The response includes aisg_metadata.pii_detected: true.
| PII (Presidio built-ins) | Developer Secrets (custom) | Prompt Injection |
|---|---|---|
EMAIL_ADDRESS |
API_KEY (OpenAI, Anthropic, GCP) |
Ignore previous instructions |
PHONE_NUMBER |
AWS_ACCESS_KEY |
Disregard your rules |
CREDIT_CARD |
PRIVATE_KEY (RSA, EC, etc.) |
System prompt extraction |
US_SSN |
GITHUB_TOKEN (PAT, OAuth) |
DAN / jailbreak attempts |
PERSON, LOCATION |
SLACK_WEBHOOK |
Developer mode exploits |
IP_ADDRESS |
13 entity types out of the box β the managed cloud extends this to 28+ with OCR image scanning.
- Fail-closed by default β if Presidio is unreachable, requests are blocked, never forwarded unscanned
- Auth by default β API key authentication enabled out of the box
- No telemetry β zero external calls, no analytics, no phone-home
- Secret scrubbing β structured logs automatically mask API keys and tokens
- Rate limiting β token bucket per API key (default 10 req/sec)
This repo gives you the core AI security proxy. The managed AI Security Gateway Cloud adds everything you need to run it across teams at scale.
| OSS (this repo) | Cloud | |
|---|---|---|
| PII detection & redaction (text) | 13 entity types | 28+ entity types |
| OCR image scanning | β | Yes |
| Secret leak prevention | 5 recognizers | Extended (incl. AWS Secret Key, crypto, MAC) |
| Prompt injection blocking | 5 core patterns | Extended pattern library |
| Routing | Header-based (x-provider) |
Smart Router + real-time pricing |
| Failover | β | Automatic intelligent chains |
| Cost optimization | β | Automatic (cheapest per request) |
| Budget enforcement | β | Per-project caps + alerts + analytics |
| Self-hosted | Yes | Managed |
| Multi-project management | β | Yes |
| Project-level DLP policies | β | Yes |
| Dashboards, leak reports & analytics | β | Yes |
| Real-time model pricing registry | β | Yes |
| Managed provider keys (no BYOK required) | β | Yes |
| SLA & support | Community | Yes |
Skip the setup? The managed version at aisecuritygateway.ai gives you everything here plus dashboards, multi-project policies, and 8 providers β no Docker required.
β Star the repo Β· Learn more Β· Try the managed cloud
Security Β· License (Apache 2.0) Β· LinkedIn Β· X / Twitter Β· YouTube
Built by Datum Fuse LLC β making AI safe by default.