Verify It Yourself
We’re a security product. Don’t take our word for it — check the evidence.
Apache 2.0. Fork it, audit it, self-host it.
Public uptime & latency. Updated every 30s.
security@aisecuritygateway.ai
Responsible disclosure welcome.
External scan grades: ImmuniWeb A · SecurityHeaders A — independently verifiable by anyone.
01
Architectural Security
Our infrastructure follows a "Defense-in-Depth" strategy — multiple independent security layers, each assuming the others may fail.
Stateless, Isolated Processing
Our compute environment is stateless — each request is processed independently with no shared state between requests. Prompt data exists only in volatile memory for the duration of a single request and is discarded immediately after. There is no session persistence, disk storage, or cross-request data leakage.
AWS VPC — Private Network Architecture
Our backend services run inside an AWS Virtual Private Cloud (VPC) with isolated private subnets — no service has a public IP or direct internet exposure. All external traffic is routed through an edge security layer with Web Application Firewall (WAF) rules, rate limiting, and bot protection before reaching any backend service within the VPC.
Zero-Persistence Processing
Prompts and AI responses are processed entirely in volatile memory (RAM) and are never written to disk or object storage. Once inference is complete, the data is purged from memory. There is no log, database, or file that contains your prompt content.
Edge Protection & DDoS Mitigation
All traffic is routed through a global edge network with automatic DDoS mitigation, IP-based rate limiting (per-IP throttling), managed rulesets for SQL injection, cross-site scripting (XSS), and known exploit signatures.
02
Data Handling & Privacy
We believe you shouldn't have to trust us with your data — our architecture makes it unnecessary.
Metadata-Only Logging
We log the "Who, When, and How Much" — never the "What." Our databases store token counts, latency metrics, and violation types (e.g., "PII detected"), but we never store the content of your prompts or completions. EU AI Act compliance records contain only SHA-256 fingerprints (one-way hashes) of inputs/outputs — not the content itself.
Encryption Everywhere
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Internal service-to-service communication is also encrypted. There are no plaintext data paths.
No-Training Guarantee
We do not use your data to train any models. We partner only with AI providers who offer contractual data privacy guarantees for API users — your prompts are never used for model improvement by any party in the chain.
Automated Log Scrubbing
All application logs pass through a real-time scrubbing layer that detects and redacts API keys, bearer tokens, and credential patterns before they reach any log storage or monitoring system.
03
Identity & Key Management
We protect your credentials with the same rigor as a financial institution protects account numbers.
BYOK Key Encryption
Your "Bring Your Own Key" (BYOK) provider credentials are encrypted using AES-256 authenticated encryption before storage. The encryption key is stored separately in a hardware-backed key management service — even a database breach cannot expose your keys.
Hardware-Backed Secret Management
All system-level secrets — encryption keys, internal tokens, provider credentials — are stored in a dedicated, hardware-backed secrets management service with automatic rotation support. Secrets are never stored in code, config files, or environment variable logs.
One-Way API Key Hashing
Your API keys are stored as irreversible cryptographic hashes with a server-side pepper. Even in the event of a complete database breach, raw API keys cannot be recovered or reused. Keys are shown once at creation and never again.
Session-Based Playground Security
Internal playground credentials never leave the server. The browser sends only your prompt — the API key is resolved server-side using your authenticated session and verified via a cryptographic handshake between our frontend and backend services.
04
The AI Firewall
Every prompt passes through our governance engine before reaching any LLM provider.
Multimodal OCR Scanning
We are one of the few platforms that provides OCR-based scanning for images, preventing PII leaks hidden in screenshots, config files, or document uploads.
28+ Entity Recognition
Our engine scans for PII, secrets, and credentials across 28+ categories — including names, SSNs, credit cards, email addresses, IP addresses, API keys, and cloud credentials.
Custom IP Guard
Enterprises can define custom detection patterns (regex rules) to protect internal project names, code names, intellectual property, and proprietary terminology from being sent to any LLM provider.
Prompt Injection Defense
We proactively detect and block known prompt injection patterns — including jailbreak attempts, instruction override payloads, and role-escape sequences — before they reach the model.
Fail-Closed Architecture
If the AI Firewall is unavailable or returns an error, the request is immediately terminated. We never forward un-scanned data to any LLM provider. Security takes priority over availability.
05
Responsible Disclosure
We take security seriously and welcome the help of the security community.
Continuous Security Scanning
We perform automated vulnerability scanning of all container images and dependencies on every build, with critical findings blocking deployment.
Security Contact
If you believe you have found a security vulnerability in our platform, please contact us at security@aisecuritygateway.ai. We aim to acknowledge reports within 24 hours and prioritize fixes based on severity.
Critical
24–48 hours
High
5 business days
Medium / Low
Next release
Vulnerability Scope
In Scope
- API endpoints (
api.aisecuritygateway.ai) - Authentication & token handling
- DLP / PII redaction bypass
- BYOK key exposure or decryption flaws
- Authorization & privilege escalation
- Data leakage in logs or responses
Out of Scope
- — Rate limiting or DoS / DDoS attacks
- — Social engineering or phishing
- — Missing security headers on marketing pages
- — Third-party service vulnerabilities
- — Reports from automated scanners without proof of impact
06
Technology Architecture
What we built, what we use, and why. Full transparency for enterprise due diligence.
We deliberately build on auditable, open-source foundations where appropriate — and build proprietary systems where differentiated engineering creates real value. Every security platform uses open-source components (Cloudflare uses BoringSSL, Palo Alto uses Snort signatures, CrowdStrike uses YARA rules). What matters is what you build on top of them.
OSOpen-Source Foundation
We use Microsoft Presidio as the base NLP/regex entity recognition engine for standard PII types (names, emails, phone numbers). This is intentional: Presidio is auditable, well-tested, and trusted by enterprises. It provides the same role that OpenSSL provides to web servers — a proven cryptographic primitive, not the product itself.
- •Microsoft Presidio — base NLP entity recognition
- •SpaCy — NLP language model for contextual analysis
- •LiteLLM — provider API format translation layer
- •FastAPI / Uvicorn — HTTP framework and ASGI server
IPProprietary Systems (Our IP)
Everything above the base entity recognition — the governance, orchestration, and enforcement layers — is proprietary. This is where the differentiated engineering lives.
- •Policy Evaluation Engine — per-project versioned DLP policies with sensitivity tiers, custom entity selection, and enforcement logic
- •Custom Detection Signatures — 15+ extended recognizers beyond Presidio defaults (API keys for OpenAI/Anthropic/Google/Groq/AWS, prompt injection patterns, IP-Guard rules)
- •Vision OCR DLP — in-memory image text extraction and PII scanning for screenshots and documents before vision models process them
- •Smart Router & Model Registry — real-time cost-optimized routing across 300+ models from 8+ providers with automatic failover and circuit breaking
- •Budget Enforcement — atomic wallet deductions with pre-flight cost estimation, hard 402 stops, and per-project token quotas
- •Prompt Injection Defense — 5-category heuristic detection (jailbreaks, DAN variants, SYSTEM OVERRIDE impersonation, instruction overrides, encoding exploits)
- •Recursive Loop Protection — fingerprint-based detection that auto-kills agent retry loops after configurable thresholds, preventing credit drain from runaway automations
- •Webhook Security Alerts — HMAC-SHA256 signed real-time notifications to Slack, PagerDuty, or any HTTPS endpoint when PII is blocked, injections are caught, budgets are hit, or loops are detected
- •EU AI Act Compliance Logging — hash-chained, tamper-evident audit records with SHA-256 input/output fingerprints (no prompt content stored — privacy by design). Append-only, minimum 10-year retention, JSONL export. Ready for Article 12 enforcement (August 2026)
- •Governance Orchestration — fail-closed architecture, multi-project team management, metadata audit logging, and analytics dashboards
The analogy: Presidio is to AI Security Gateway what PostgreSQL is to Stripe, or what Linux is to AWS. Nobody says “Stripe is just a Postgres wrapper” because the value is in the payment logic, fraud detection, and compliance infrastructure built on top. Similarly, our value is in the policy engine, vision DLP, smart routing, budget enforcement, and governance orchestration — not in the underlying NLP library that every DLP product uses.
07
Compliance Roadmap
Our path to enterprise-grade certifications.
| Certification | Status |
|---|---|
| SOC 2 Type I | Planned H2 2026 |
| SOC 2 Type II | Planned 2027 |
| EU AI Act Article 12 Logging | Shipped |
| Designed for GDPR Compliance | Architecturally Aligned |
| CCPA Compliance | Architecturally Aligned |
| HIPAA | Planned H2 2026 |
| Penetration Testing | Planned H2 2026 |
“Architecturally Aligned” means our design follows the standard’s requirements but formal audits have not yet been completed. “Planned” items are on our roadmap but auditor engagement has not begun.
Independent Privacy Assessment: A+
ImmuniWeb’s automated Website Privacy Test awarded aisecuritygateway.ai an A+ rating — their highest grade. The test evaluates tracking cookies, third-party content, XHR requests, tracking pixels, web form privacy, and data scraping protections.
Verify the result on ImmuniWeb08
Telemetry & Observability
Privacy-first analytics — no session replay, no keystroke logging, ever.
Google Analytics — Public Marketing Pages Only
We utilize Google Analytics exclusively on our public marketing domain (aisecuritygateway.ai) to analyze referral sources and site performance. Google Analytics is not used within our authenticated dashboard or API proxy.
PostHog — Anonymized Product Telemetry
Within the application (app.aisecuritygateway.ai), we utilize product telemetry via PostHog limited to high-level operational events (e.g., “Project Created”, “Wallet Top-up”). We do not transmit AI prompts, responses, or sensitive customer data to any analytics provider.
Crisp — Live Support Chat
Crisp provides real-time support chat on dashboard pages only. It is not loaded on the landing page or public marketing pages. Crisp does not have access to your prompt content, API keys, or billing data.
Cookie Consent
Analytics scripts (both Google Analytics and PostHog) are loaded only after explicit user consent via our cookie banner. Essential cookies (authentication, billing) are always active as required for the service to function.
Our commitment: We have configured our analytics systems to disable session recording, keystroke capture, and detailed user interaction tracking. We do not transmit AI prompts, responses, or sensitive customer data to any analytics provider. This is a core architectural principle, not a configuration option.
Security FAQ
Common questions from security teams and enterprise architects.
Do you store my prompts or AI responses?
No. Prompts and completions are processed entirely in volatile memory (RAM) and discarded immediately after the request is fulfilled. We persist only metadata — token counts, latency, and violation types — never content.
What happens if your DLP engine fails?
Our architecture is "Fail-Closed." If the AI Firewall is unavailable or returns an error, the request is terminated with a 500 error. We never forward un-scanned data to the LLM provider.
Can your team see my prompts?
No. Prompts exist only in ephemeral container memory during processing. There is no log, database, or storage that contains prompt content. Even our engineering team has no mechanism to access your data in transit.
How are my BYOK API keys protected?
Your provider API keys are encrypted with AES-256 authenticated encryption before storage. The encryption key is stored in a separate hardware-backed secrets manager. Even if our database were fully compromised, your keys remain unreadable.
Do AI providers train on my data?
The providers we support do not use API data for model training. We partner only with providers who offer contractual data privacy guarantees. We encourage you to review each provider's data processing agreement.
How do you protect against DDoS and abuse?
All traffic passes through an edge security layer with per-IP rate limiting, managed WAF rulesets (SQL injection, XSS, known exploits), and automatic DDoS mitigation. Additionally, per-API-key rate limiting (default 10 RPS per key) is enforced at the application layer as an anti-abuse measure. This is a per-key throttle, not a system-wide capacity constraint — the platform scales horizontally via auto-scaling containers. Enterprise plans support higher per-key limits.
What happens if someone steals an API key from my logs?
API keys are stored as irreversible cryptographic hashes with a server-side pepper, so leaked hashes are useless. If a raw key is compromised, you can instantly revoke it from the dashboard — revocation takes effect on the very next request.
How do you handle internal credentials (like the Playground)?
Internal credentials are resolved entirely server-side and are never sent to or visible in the browser. The Playground UI uses your authenticated session to issue requests — no API key is ever exposed to the client.
Do you use session replay or keystroke logging?
No. We have configured our analytics systems to disable session recording, keystroke capture, and detailed user interaction tracking. We use Google Analytics exclusively on our public marketing site (aisecuritygateway.ai) for referral and performance analysis. Within the application (app.aisecuritygateway.ai), we use PostHog limited to high-level operational events. We do not transmit AI prompts, responses, or sensitive customer data to any analytics provider.