Skip to main content

Security Gateway

The Guardion Security Gateway is a specialized proxy that sits between your applications and your LLM providers or MCP servers. It enforces runtime guardrails, PII redaction, and policy compliance on every call — without requiring changes to your application code.

What it does

  • Runtime guardrails enforcement — automatically applies your configured policies (Prompt Security, Moderation, Grounding, Custom) to every LLM and MCP request and response
  • PII redaction — detects and redacts personally identifiable information before it reaches the LLM, and restores it on the way back
  • Policy enforcement — ensures all traffic complies with your organization’s safety policies before reaching any downstream provider

Built-in integrations

The Security Gateway comes with built-in support for:

LLM Providers

Connect to any major LLM provider through the gateway. All requests are automatically guarded by your configured policies.
  • OpenAI, Anthropic, Google, Azure OpenAI, AWS Bedrock, and more
  • Any OpenAI-compatible API endpoint

AI Gateways

Layer Guardion on top of existing AI gateways for defense-in-depth.
  • LiteLLM, Portkey, and other routing gateways

MCP Registry

Manage and secure your MCP (Model Context Protocol) server connections.
  • Centralized MCP server registry and discovery
  • Policy enforcement on all tool calls and responses
  • Periodic vulnerability scans on remote MCP servers to detect security issues
  • Code scanning for malicious patterns, backdoors, or unsafe behaviors in MCP server implementations

Token & Key Management

  • Manage API keys and tokens for all connected providers in one place
  • Smart routing across providers based on availability, cost, or latency
  • Rate limiting and usage tracking per application

How it works

Your App → Guardion Security Gateway → LLM Provider / MCP Server
               ↓                              ↓
         Policy check (input)          Policy check (output)
         PII redaction                 PII restoration
         Guardrail enforcement         Guardrail enforcement
  1. Your application sends requests to the Security Gateway instead of directly to the LLM provider
  2. The gateway applies input guardrails — checking for prompt injections, PII, policy violations
  3. Clean requests are forwarded to the configured LLM provider or MCP server
  4. Responses pass through output guardrails — checking for hallucinations, unsafe content, grounding
  5. Safe responses are returned to your application
All traffic is logged and visible in the Guardion dashboard for monitoring and investigation.

Agent Trace Observability

Because the Security Gateway intercepts every LLM and MCP call, it captures complete agent traces — giving you deep visibility into multi-step agent workflows. This goes beyond simple request/response logging:
  • Full action tracking — see every tool call, LLM request, and decision an agent makes across its entire execution chain
  • Action-level guardrails — apply runtime guardrails not just on inputs and outputs, but on individual agent actions as they happen, blocking dangerous or policy-violating steps before they execute
  • Chain analysis — understand how agents combine actions, detect malicious or unintended action sequences, loops, or escalation patterns
  • Observability dashboard — visualize agent traces end-to-end, identify bottlenecks, and investigate flagged actions with full context
This enables you to enforce policies at the action level — catching risks that only become visible when you see the full sequence of what an agent is doing, not just what it says.