Open-source LLM proxy with PII redaction, prompt injection blocking, and secret detection. Deploy on your infrastructure with Docker Compose in 60 seconds. No account required. No telemetry.
git clone https://github.com/aisecuritygateway/aisecuritygateway.git
cd aisecuritygateway
cp .env.example .env # add your provider key
docker compose up -d # gateway + presidioThen send requests to http://localhost:8000/v1/chat/completions
What’s Included
The OSS release includes the core AI firewall. No feature flags, no watermarks, no time limits. Apache 2.0 — use it however you want.
PII detection & redaction — emails, SSNs, credit cards, phone numbers, names, locations, and IP addresses via Microsoft Presidio.
6 custom recognizers catch API keys, AWS credentials, GitHub tokens, private keys, and Slack webhooks before they reach any LLM.
5 core attack patterns detected — jailbreaks, instruction overrides, system prompt extraction, DAN, and developer mode exploits.
Multi-modal DLP scans base64-encoded images for PII hidden in screenshots, documents, and config files.
Drop-in replacement. Point your existing OpenAI SDK at AISG and every request gets scanned automatically. Zero code changes.
If the security layer is unreachable, requests are blocked — never forwarded unscanned. Security over availability.
Architecture
┌──────────────┐ ┌───────────────┐ ┌──────────────┐
│ Your App │────▶│ AISG Proxy │────▶│ LLM Provider│
│ (OpenAI SDK)│ │ :8000 │ │ (Groq, etc) │
└──────────────┘ └──────┬────────┘ └──────────────┘
│ DLP scan
┌──────▼────────┐
│ Presidio │
│ :5002 │
└───────────────┘The proxy intercepts every request, scans it through Presidio for PII/secrets/injection, then forwards clean requests to the upstream provider. Fail-closed: if Presidio is unreachable, requests are blocked.
OSS vs Cloud
The OSS gives you the core security proxy. When you need dashboards, multi-project management, smart routing, or team features — upgrade to Cloud.
| Feature | OSS | Cloud |
|---|---|---|
| PII detection & redaction | 13 entity types | 28+ entity types |
| Secret leak prevention | 6 recognizers | Extended (AWS Secret Key, crypto, MAC) |
| Prompt injection blocking | 5 core patterns | Extended pattern library |
| Multi-provider routing (BYOK) | 2 providers | 8+ providers |
| Deployment | Self-hosted | Managed cloud |
| Multi-project management | — | |
| Project-level DLP & budgets | — | |
| Dashboards & analytics | — | |
| Smart cost-optimization | — | |
| Auto failover chains | — | |
| SLA & support | Community |
Clone the repo, add your provider key, and run docker compose up. Your first secured request in under 60 seconds.