What is the main difference between Portkey and AI Security Gateway?

Portkey is a multi-provider AI gateway focused on routing, observability, and a guardrail marketplace. AI Security Gateway is built security-first: PII redaction, Vision OCR scanning, prompt injection blocking, and hard budget enforcement are native to the core product — no third-party guardrail setup required.

Does Portkey redact PII from prompts before they reach the LLM provider?

Portkey does not natively redact PII. It offers a guardrail marketplace with integrations for third-party PII detection providers, which must be configured separately. AI Security Gateway has a native 28-entity PII engine that automatically redacts SSNs, credit cards, API keys, emails, and 22 more types from every request — zero configuration required.

Is AI Security Gateway cheaper than Portkey?

Yes. AI Security Gateway Pro is $29/month with BYOK at 0% markup. Portkey Pro is $49/month. AI Security Gateway also includes a free tier with 1M credits, and the Smart Router typically reduces LLM API costs by 40–60% by automatically selecting the cheapest provider per request.

Can I migrate from Portkey to AI Security Gateway without rewriting my code?

Yes. AI Security Gateway is OpenAI SDK compatible. Change your baseURL to https://api.aisecuritygateway.ai/v1 and replace your API key — that is the entire migration. No other code changes required.

Does AI Security Gateway support as many models as Portkey?

Portkey connects to 1,600+ models via a universal API. AI Security Gateway supports 300+ models across 9 enterprise-grade providers including OpenAI, Anthropic, Google, Meta, Mistral, and DeepSeek. If your use case requires a provider outside that list, Portkey may be the better fit. If you need native PII redaction and governance with the most widely-used providers, AI Security Gateway covers that with zero integration overhead.

Portkey Alternative with Native PII Firewall & Vision OCR

Portkey is a well-regarded AI gateway that provides multi-provider routing, observability, caching, and a robust guardrails ecosystem. For teams that need detailed request logging and flexible routing strategies, it delivers real value.

However, Portkey's approach to data security relies on third-party guardrail integrations for PII detection. You configure an external provider (Pangea, Acuvity, Prisma AIRS, or others), set up the guardrail chain, and manage the integration yourself. There is no native PII engine, no vision/image scanning, and no zero-config protection out of the box.

AI Security Gateway takes a different approach: PII redaction, prompt injection blocking, vision OCR scanning, and budget enforcement are built into the core product. Every request is protected from the first API call — no guardrail marketplace, no third-party setup, no additional billing.

Why This Matters

The difference between “security via integration” and “security by default” is the difference between a tool you have to assemble and one that works the moment you plug it in.

Integration-Based

Choose a guardrail provider. Configure the integration. Map entity types to their API. Test the chain. Monitor a separate dashboard. If the third-party service degrades, your protection degrades with it.

Native (Zero-Config)

Point your SDK at AISG. Every request is automatically scanned for 28 entity types, images are OCR-checked, injection patterns are blocked, and budget is enforced — from the first call, with no setup.

What Portkey Does Well

Portkey is a mature AI gateway with strong engineering behind it. It excels in several areas:

Broad model access and routing

Universal API supporting 1,600+ models across dozens of providers. Conditional routing, load balancing, automatic fallbacks, and retries are all configurable.

Deep observability

Full request/response logging with traces, analytics, cost breakdowns, and custom metadata. The observability layer is one of the most comprehensive in the market.

Guardrails ecosystem

A marketplace of guardrail providers (Pangea, Acuvity, Prisma AIRS, Zscaler, Bedrock Guardrails) that can be chained into request/response hooks for security, content moderation, and PII handling.

Caching and performance

Simple and semantic caching reduce redundant API calls. The gateway adds minimal latency overhead (20–40ms) and offers 99.99% uptime SLA.

Enterprise deployment flexibility

Fully open-source gateway with managed SaaS, hybrid, and air-gapped deployment options. SOC 2, ISO 27001, GDPR, and HIPAA certifications available.

Where the Governance Gap Appears

Portkey's strength is routing and observability. Its security layer, however, is assembled from external integrations — and that assembly has trade-offs:

critical

PII redaction requires a third-party provider

Portkey does not include a native PII detection engine. To scan for emails, SSNs, credit cards, or API keys, you must configure one of five external guardrail providers (each with their own pricing, API, and entity coverage). Without this setup, prompts are forwarded unscanned.

critical

No vision / image OCR scanning

Images sent via multi-modal APIs (GPT-4 Vision, Gemini) are passed through without inspection. A screenshot containing patient records, bank statements, or credentials is forwarded directly to the provider. None of the available guardrail integrations provide OCR-based image scanning.

high

No zero-config protection

A new Portkey project starts with no PII protection. You must explicitly create a guardrail, select a provider, configure entity types, and attach it to your config before any scanning occurs. Until that setup is complete, every request is forwarded as-is.

medium

No managed credits or wallet

Portkey is a BYOK-only gateway — you must bring your own provider API keys. There is no prepaid wallet, no managed mode for teams without provider accounts, and no way to get started without signing up with individual LLM providers first.

medium

Guardrail vendor fragmentation

Each guardrail provider has different entity coverage, different latency characteristics, and separate pricing. Portkey Pro PII covers 7 entity types; Pangea and Acuvity cover different sets. Evaluating and maintaining these integrations is an ongoing operational burden.

medium

Log-based pricing at scale

Portkey charges per recorded log ($49/mo for 100K, $9 per additional 100K). For high-volume production workloads, the observability cost adds up quickly on top of your LLM provider spend. At 1M requests/month, that's roughly $130/month just for logging.

The AI Security Gateway Approach: Security by Default

AI Security Gateway is built as a governance-first gateway. Security is not a plugin — it is the core product. Every request passes through the full pipeline automatically:

Request→PII Scan (28 types)→Vision OCR→Budget Check→Smart Route→Provider

Native 28-Entity PII Firewall

Pattern matching, checksum validation, and context heuristics detect SSNs, credit cards, API keys, emails, crypto addresses, and 22 more entity types. No third-party guardrail provider needed. Tune sensitivity with strict, balanced, or relaxed modes.

PII redaction deep dive →

Vision OCR Security

Base64-encoded images are extracted via OCR and scanned with the full 28-entity DLP engine. A screenshot containing PII is blocked before the provider sees it. Processed in RAM only — never stored to disk.

Vision security docs →

Pre-flight Budget Enforcement

Every Managed Mode request is cost-estimated before forwarding. If the wallet balance is insufficient, a 402 is returned with exact details. Output tokens are auto-capped by remaining balance — no surprise bills.

Budget enforcement deep dive →

Managed Credits + Smart Router

No provider accounts? No problem. Top up the AISG wallet and the Smart Router selects the cheapest available provider per request — typical savings of 40–60% vs single-provider pricing.

Billing & wallet docs →

Feature Comparison

Side-by-side governance and security capabilities. Green indicates full native support, amber indicates partial or integration-dependent support, red indicates the feature is not available.

Feature	Portkey	AI Security Gateway
Multi-provider routing	1,600+ models via universal API	300+ curated models across 9 enterprise-grade providers with governance SLAs
PII detection & redaction	Via third-party guardrail providers (5 options)	Native 28-entity engine — zero-config, no add-ons
Vision / image OCR scanning	Not available	Base64 OCR with full DLP enforcement
Prompt injection firewall	Via Prisma AIRS or partner guardrails	Native multi-layer detection + BLOCK
Zero-config protection	Requires guardrail setup per provider	All 28 entities active from first API call
Per-project DLP policies	Config-based guardrail chains	Custom per-entity rules with versioning and audit trail
Budget enforcement	USD/token limits on virtual keys (weekly reset)	Pre-flight hard stop, per-request token cap, 402 rejection
Managed wallet credits	Not available (BYOK only)	Prepaid wallet with Smart Router ($1 = 1M credits)
Smart cost routing	Latency/cost-based conditional routing	Real-time price indexing, auto-selects cheapest (~40–60% savings)
BYOK (zero markup)	Virtual keys (your keys, their platform)	AES-256-GCM encrypted, 0% markup on Pro plan
Observability & logging	Full request/response logs, traces, analytics	Metadata-only audit logs (prompts not stored), correlation IDs
Caching	Simple + semantic caching	Not available (stateless by design)
Custom regex patterns	Via regex guardrail with redaction	Enterprise IP Guard per project
Policy versioning	Config versioning	Immutable versions with full audit trail and restore
Platform dependency	Works anywhere (open-source gateway)	Platform-agnostic (any host, any language)
Pricing model	Free 10K logs/mo; Pro $49/mo; Enterprise custom	Free 1M credits; Pro $29/mo; BYOK at $0

Native Security vs Guardrail Marketplace

The fundamental architectural difference: where does the security logic live?

Marketplace approach(Portkey)

1. Create account on Portkey

2. Choose a guardrail provider (Pangea, Acuvity, Prisma AIRS...)

3. Create account on that provider & get their API key

4. Configure guardrail in Portkey → select entity types

5. Attach guardrail to your Portkey config

6. Test the chain end-to-end

Setup time: 30–60 minutes. Two vendors to manage.

Native approach(AI Security Gateway)

1. Create account on AISG

2. Get your API key

3. Set baseURL + apiKey in your SDK

4. Send your first request

All 28 entity types are active immediately. Zero setup.

Migrate from Portkey

If you are already using the OpenAI SDK through Portkey, switching to AISG requires changing the base URL and API key. Your existing code, models, and response handling stay the same:

Before — through Portkey

import OpenAI from "openai";

const client = new OpenAI({
  apiKey: "sk-xxxxx",
  baseURL: "https://api.portkey.ai/v1",
  defaultHeaders: {
    "x-portkey-api-key": "your-portkey-key",
    "x-portkey-virtual-key": "your-virtual-key",
  },
});

After — through AISG (PII + budget + OCR built in)

import OpenAI from "openai";

const client = new OpenAI({
  apiKey: "os_hub_your_key_here",
  baseURL: "https://api.aisecuritygateway.ai/v1",
});

// No guardrail config needed.
// 28-entity PII redaction, vision OCR, prompt injection
// blocking, and budget enforcement are active immediately.

No guardrail marketplace. No third-party provider setup. No additional headers. Your prompts are scanned, images are OCR-checked, and budget is enforced — from the first request.

When to Use Each

Portkey

Best for teams that prioritize observability and advanced routing:

•You need detailed request/response logging with full bodies
•Semantic caching is a priority for your workload
•You already use Prisma AIRS or another security platform and want to integrate it at the gateway
•You need fine-grained conditional routing and load balancing strategies
•Air-gapped deployment with zero external dependencies is required

AI Security Gateway

Built for teams that need governance and security without assembly:

•Applications handling customer PII (healthcare, finance, legal)
•Teams that want protection from the first API call — no setup
•Vision/multi-modal apps where images may contain sensitive data
•Startups without provider accounts (use Managed Credits)
•Teams that want BYOK governance at $0 cost (Pro plan)
•Budget-conscious teams that need pre-flight spend enforcement

Add Native Security to Your AI Stack

Create an account, get your API key, and every request is automatically scanned, redacted, and budget-checked — from your very first API call. No guardrail marketplace. No third-party dependencies.

Start for Free API Documentation Security & Trust Center