Pricing

Simple, Transparent Pricing

No hidden fees. No surprise bills. Three plans — pick the one that fits. All include the full AI governance layer with 30+ PII types, prompt injection blocking, and spend enforcement.

We sit between your app and every LLM provider to enforce policy before data leaves your system.

No credit card to startCancel anytime600+ models

Not sure which plan to pick?

Choose Managed Credits if…

  • • You're just getting started with AI
  • • You don't have accounts with AI providers
  • • Smart Router auto-picks the cheapest provider
  • • You're building a prototype or side project

Choose Starter BYOK if…

  • • You have your own API keys
  • • You want 0% Hub markup on calls
  • • You need up to 3 production projects
  • • You want full governance at the lowest price

Choose Pro BYOK if…

  • • You need more than 3 projects
  • • You run multiple teams or products
  • • You want priority support

Choose Enterprise / Hybrid if…

  • • Prompts must stay in your VPC
  • • You're in healthcare, finance, or government
  • • You need SAML SSO, RBAC, or SIEM integration
  • • You need the MCP Gateway running inside your own VPC
  • • You require an SLA guarantee

Included on every plan — no exceptions

Full AI Firewall (30+ PII types) · Prompt injection blocking · Agent loop detection & auto-kill · Hard budget caps per project · EU AI Act audit logs · Webhook alerts · 600+ models · 1M free credits

Quickstart

Managed Credits

$0/mo + usage

Best for prototypes & teams who want zero provider setup

  • 1M free credits — no credit card
  • We provide AI access (no provider signups)
  • Smart Router picks cheapest provider
  • 600+ models across all providers
  • 3 projects
  • Image generation (FLUX, DALL-E, SD)
Get 1,000,000 Free Credits
Best Value
The Starter

Starter BYOK

$9/mo

Best for solo devs & small projects

  • Everything in Managed, plus:
  • Bring your own API keys — 0% markup
  • All premium models across providers
  • AES-256 encrypted key storage
  • Hybrid Mode: BYOK + Credits fallback
  • 3 projects
Start for $9/mo
Power User
The Architect

Pro BYOK

$29/mo

Best for teams & production apps

  • Unlimited projects
  • Everything in Starter, plus:
  • Priority support
Subscribe to Pro
Hybrid VPC
Enterprise

Enterprise

Custom

For regulated industries & data sovereignty

  • Everything in Pro, plus:
  • Hybrid VPC — proxy runs in your network
  • Prompts never leave your infrastructure
  • SAML SSO — Okta, Azure AD, Google Workspace
  • RBAC — 4-tier roles, 17 granular permissions
  • SIEM connectors — Splunk, Datadog, Sentinel
  • MCP Gateway in your VPC — agent tool-plane security (beta)
  • Dedicated support & SLA
  • Custom deployment & onboarding
  • Air-gapped deployment options
Request Hybrid VPC Access

We'll set up a 30-minute demo with your team

Hybrid Mode — Best of Both (Starter & Pro)

Pro subscribers can use their own keys for some providers and fall back to AISG Credits for the rest. If you have an OpenAI key but not a Gemini key, GPT requests use your key (0% markup) while Gemini requests route through Managed Mode. The Hub resolves keys automatically — no configuration needed.

Included on every plan — no exceptions

Full AI Firewall (30+ PII types) · Prompt injection blocking · Custom DLP policies & regex · Audit logs · 600+ models · Switch or upgrade anytime

Model pricing is based on our internal cost-optimization engine. While we aim to provide competitive rates across our provider network, final pricing is subject to provider availability and real-time market fluctuations. Routing is best-effort and does not guarantee the absolute lowest cost on every request. All Managed Mode usage includes a service fee (25% open-weight / 30% closed models) for security and infrastructure management. See Section 25 of our Terms.

Key Security

How we protect your API keys

We take key custody seriously. Here’s exactly what happens when you add a provider key to AI Security Gateway.

Encrypted at Rest

AES-256-GCM authenticated encryption. Keys are never stored in plaintext — not in our database, not in logs, not anywhere.

Never Logged

Keys are decrypted in-memory only for the duration of a single API call. They never appear in logs, traces, or analytics.

Instant Deletion

Delete your project and your keys are gone immediately. No retention period, no backups, no recovery — by design.

Verify in Source

Our encryption logic is open source. Inspect exactly how keys are handled — no black boxes.

What’s Included

Full firewall on every plan. Zero compromises.

Every core security feature is available on all plans. The difference is how you pay for model access and which governance features you need.

FeatureManagedStarterProEnterprise
30+ PII entity detection
Prompt injection & jailbreak blocking
OCR image scanning
Custom DLP Policies & regex rules
Budget enforcement — hard spending caps per project
Recursive agent loop detection & auto-kill
Webhook security alerts (HMAC-signed)
EU AI Act compliance logs (hash-chained, tamper-evident)
Real-time dashboard & analytics
OpenAI SDK compatible
Image generation (FLUX, DALL-E, SD)
Smart Cost Router
Multi-provider failover
Projects33UnlimitedUnlimited
Bring Your Own API Keys
0% Hub markup
All premium models across providers
AES-256 key encryption at rest
Hybrid Mode (mix BYOK + Credits)
Priority support
SAML SSO — Okta, Azure AD, Google Workspace
RBAC — 4-tier roles, 17 granular permissions
SIEM connectors — Splunk, Datadog, Sentinel
MCP Gateway (cloud) — agent tool-call securityBetaBetaBetaBeta
MCP Gateway — runs inside your VPC (beta)
Hybrid VPC — proxy in your network
Dedicated support & SLA

MCP Gateway is in private beta. The cloud gateway can be enabled on any plan by request — email enterprise@aisecuritygateway.ai. In-VPC deployment ships with the Enterprise / Hybrid VPC plan.

Open Source

Prefer to self-host?

AISG is open source. Deploy the core AI security proxy on your own infrastructure — no account required. When you need dashboards, multi-project management, or team features, the cloud version is here.

FAQ

Common Questions

No. We only log metadata (like "1 email address was blocked") — we never store the actual content of your messages or the AI’s responses. Your data passes through our security layer and is forwarded to the AI provider. Nothing is saved on our servers.

If your app uses the OpenAI SDK (the most popular AI library), you only need to change two lines: the API key and the base URL. Everything else — your models, your prompts, your response handling — stays exactly the same.

BYOK stands for "Bring Your Own Key." It means you already have an account (and API key) with a provider like OpenAI, Google Gemini, xAI, Groq, or Together.ai. On the Pro plan, you save those keys in AISG, and we use them to make AI calls on your behalf — so you pay the provider directly at their regular price with zero markup. BYOK also unlocks premium models like GPT-4o and Gemini Pro.

That’s perfectly fine! The "Managed Credits" plan is designed exactly for this. Add credits to your AISG wallet (10M Credits / $10 minimum), and we handle everything — we use our own provider accounts to process your requests.

No. Every request is protected from your very first API call. AISG applies a "Maximum Protection" default policy that scans for all 30 entity types (emails, credit cards, SSNs, API keys, prompt injection attacks, and more) and redacts any matches before the AI model sees them.

The security check adds less than 50 milliseconds for text — that’s faster than a blink. For images, it takes about 0.5–1 second depending on image size. Every response includes timing headers so you can verify this yourself.

Yes. Pro subscriptions are managed through Stripe — cancel with one click anytime. Wallet balances never expire, so any prepaid credits stay in your account.

More questions? Read the docs or email support@aisecuritygateway.ai

Ready to govern your AI calls?

Start free with 1M credits, go Starter for $9/mo, or talk to us about Hybrid VPC for your enterprise.

Or self-host for free →