Palo Alto Acquired Portkey. Here's What Portkey Can't Do.
The short version
Palo Alto Networks announced its intent to acquire Portkey in May 2026 — the clearest signal yet that AI gateways are critical infrastructure, not optional middleware. Portkey is excellent at routing (1,600+ models), observability, caching, and a guardrail marketplace. But it has real gaps: no native PII redaction, no vision/image scanning, no managed credits, and no zero-config protection. Those gaps are exactly what PANW is buying to fill with its security stack. For teams that need governance today, here's what that means.
The acquisition validates AI gateways as infrastructure
When a $120B cybersecurity company buys an AI gateway startup, it's not a talent acqui-hire. It's a statement: every enterprise AI workload will flow through a gateway layer, and the company that controls that layer controls the security posture of the entire AI stack.
Portkey built one of the best routing and observability layers in the market. Their unified API covers 1,600+ models across every major provider. The guardrail marketplace lets you plug in third-party checks. The caching and fallback logic is production-grade. For pure routing-and-observability, Portkey is hard to beat.
But PANW didn't buy Portkey because routing was their missing piece. They bought Portkey because it gives them the traffic plane — the point where every prompt and every response flows through — and PANW plans to bolt their own security controls on top. That tells you everything about what Portkey is missing natively.
What Portkey does well
Credit where it's due. Portkey earned this acquisition on real strengths:
- ✓Massive model coverage. 1,600+ models through a single OpenAI-compatible endpoint. Practically every provider you'd want to call is supported.
- ✓Observability. Detailed logging of every request, latency tracking, cost attribution, and prompt/completion inspection. This is table-stakes for production AI, and Portkey does it cleanly.
- ✓Caching. Semantic and exact-match caching that can meaningfully reduce costs for repetitive workloads.
- ✓Guardrail marketplace. A plug-in system for third-party guardrails — you can wire in Pangea, Acuvity, Prisma AIRS, and others. The architecture is extensible.
- ✓Fallbacks and retries. Automatic failover across providers with configurable retry logic. Good reliability engineering.
What Portkey can't do
Here's where the gaps show up. These aren't edge cases — they're the governance layer that every regulated team needs and that PANW is acquiring Portkey specifically to bolt on.
Gap 1 — No native PII redaction
Portkey does not have built-in PII detection or redaction. If a user pastes a Social Security number, credit card, or medical record into a prompt, it reaches the upstream model verbatim. Portkey's answer is its guardrail marketplace — you configure a third-party provider like Pangea, Acuvity, or Prisma AIRS to scan prompts before they're forwarded.
That works, but it's not the same as native DLP. You're managing a separate vendor contract, a separate configuration surface, separate latency, and separate failure modes. If the guardrail service goes down, your prompts flow through unscanned unless you've built custom fallback logic.
Gap 2 — No vision / image OCR scanning
Multimodal models accept images as input. Users upload screenshots, photos of documents, and scanned forms — all of which can contain PII, HIPAA-covered data, or proprietary information. Portkey has no OCR layer to extract and scan text from images before forwarding them to the model. If your users send images, those images pass through without any content inspection.
Gap 3 — No managed credits / wallet mode
Portkey is BYOK-only — bring your own keys. You provision and manage API keys directly with each provider. There's no unified credit balance, no per-project wallet with spending caps, and no way to enforce budget limits at the gateway level. If you're running multiple projects or teams through the same gateway, you can't allocate and cap spend per project without building that layer yourself.
Gap 4 — No zero-config protection
Portkey's guardrail system requires explicit configuration per project. You have to select which guardrails to enable, configure each one, and wire them into your gateway config. There's no default-on protection — a new project with no guardrail configuration has zero security checks. This is an operational risk: one team forgets to set up guardrails on a new project, and sensitive data flows to the model unprotected.
Side-by-side: Portkey vs AI Security Gateway
| Capability | Portkey | AI Security Gateway |
|---|---|---|
| Multi-provider routing | Yes (1,600+ models) | Yes (600+) |
| OpenAI-compatible API | Yes | Yes |
| Observability / logging | Yes (excellent) | Yes (full audit trail) |
| Caching | Yes (semantic + exact) | Yes |
| Native PII redaction | No (third-party only) | Yes (28+ entity types) |
| Custom regex DLP patterns | No | Yes |
| Vision / image OCR scanning | No | Yes |
| Managed credits / wallet mode | No (BYOK only) | Yes (per-project wallets) |
| Per-project spending caps | No | Yes |
| Zero-config default protection | No (explicit setup required) | Yes (DLP on by default) |
| Prompt injection detection | Via marketplace | Yes (built-in) |
| Guardrail marketplace | Yes (extensible) | N/A (built-in) |
| Smart cost routing | Partial (load balancing) | Yes (cheapest qualified provider) |
| BYOK support | Yes (BYOK only) | Yes (BYOK + managed) |
| Policy versioning | No | Yes |
Portkey wins on raw model coverage and the extensibility of its guardrail marketplace. AI Security Gateway wins on built-in governance — the DLP, billing, and policy controls that ship natively without third-party wiring.
Routing is half the equation
The PANW acquisition crystallizes something the market has been figuring out for the past year: routing LLM traffic is only half the job. The other half is governing it — making sure sensitive data doesn't leak, budgets don't blow up, and every project has enforceable policies from day one.
Portkey built an exceptional routing plane. PANW is buying it to attach a governance plane on top. But that integration will take time — product roadmaps, enterprise sales cycles, Prisma Cloud integration work. In the meantime, teams that need governance today are left with two options: wire together Portkey + a third-party guardrail provider + a custom billing layer, or use a gateway that already combines all three.
The three pillars that matter:
🛡️
DLP
PII redaction, image OCR scanning, custom patterns, prompt injection blocking
💰
Billing
Managed credits, per-project wallets, spending caps, smart cost routing
📋
Multi-project governance
Per-project policies, audit trails, policy versioning, zero-config defaults
One proxy that does both
AI Security Gateway is the only OpenAI-compatible proxy that combines DLP, billing, and multi-project governance in a single stateless proxy. No guardrail marketplace to configure, no third-party DLP vendor to contract with, no custom billing layer to build.
- ✓Native PII redaction with 28+ entity types and custom regex patterns — no third-party service required.
- ✓Vision / image OCR scanning — extracts text from uploaded images and scans it for PII before the image reaches the model.
- ✓Managed credits with per-project wallets — allocate budget per team or project, enforce hard caps, and prevent runaway agent loops from draining your account.
- ✓Zero-config protection — DLP is on by default. Every project gets baseline protection without any guardrail setup. You tighten policies from there, not start from zero.
- ✓600+ models across 9+ providers with smart cost routing that auto-selects the cheapest qualified provider.
Frequently asked questions
Is Palo Alto Networks actually acquiring Portkey?
Yes. Palo Alto Networks announced its intent to acquire Portkey in May 2026. The deal signals that AI gateways are now considered critical enterprise security infrastructure, not optional middleware.
Does Portkey have PII redaction?
Portkey does not have native PII redaction. It offers a guardrail marketplace where you can configure third-party providers like Pangea, Acuvity, or Prisma AIRS to scan prompts. This requires separate vendor contracts, configuration, and introduces additional failure modes compared to built-in DLP.
What is an alternative to Portkey with built-in DLP?
AI Security Gateway is an OpenAI-compatible proxy with native PII redaction (28+ entity types), vision/image OCR scanning, managed credits with per-project wallets, and zero-config default protection. It combines DLP, billing, and multi-project governance in a single proxy without requiring third-party guardrail integrations.
Does Portkey support managed credits or wallet mode?
No. Portkey is BYOK-only (bring your own keys). You manage API keys and billing directly with each provider. There's no unified credit balance, no per-project wallet with spending caps, and no gateway-level budget enforcement.
Why did Palo Alto Networks buy Portkey instead of building an AI gateway?
Portkey gives PANW the traffic plane — the proxy layer where every prompt and response flows through. Building this from scratch would take years. By acquiring Portkey's routing, observability, and caching infrastructure, PANW can focus on attaching its security stack (Prisma Cloud, Cortex XSIAM) on top of an already production-grade gateway.
Need governance now, not after the PANW integration ships?
AI Security Gateway gives you DLP + billing + multi-project governance in a single OpenAI-compatible proxy. Native PII redaction, vision scanning, per-project wallets, and zero-config defaults — no third-party guardrails required. Free tier includes 1 million AISG Credits.
Want to self-host this?
AI Security Gateway is open source. Deploy the core AI security proxy on your own infrastructure — PII redaction, prompt injection blocking, and secret detection included. No account required.
Related Articles
Join the Community