Skip to content
Firewall · for LLM

LLM Firewall inside your perimeter

All your company AI traffic under control, without slowing adoption: DLP inbound and outbound, kill-switch, provable audit.

§01 / Drop-in

One line of config. Every model behind the gateway.

Only base_url changes to point at the gateway. Your SDK, client code and models stay the same, the gateway key replaces the vendor key, and traffic flows through Prizma inspection.

from openai import OpenAI

client = OpenAI(
    base_url="https://prizma.acme.internal/v1",  # gateway instead of api.openai.com
    api_key=PRIZMA_TOKEN,                          # gateway key, not the vendor key
)
resp = client.chat.completions.create(model="gpt-5", messages=msgs)
8 layers
DLP · pre and post
L0–L7 + multimodal
L0–L4
kill-switch
stops instantly
in perimeter
data never leaves the perimeter
self-hosted · air-gap
~2 min
make quickstart
from zero to a running gateway
§03 / Traffic flow

One path for every request

One gateway between developers, agents and models. DLP runs twice: before the model call and after the response. Any stage can be cut with the kill-switch or rewritten by policy.

§04 / Routing

Routing for availability, cost and latency

The client keeps one contract, and underneath the gateway picks the provider and model for the current load.

Availability

A dead route never drops the request: retry and fallback walk the chain down to a local model inside your perimeter.

retry · fallback to Ollama / vLLM

Cost

A two-tier semantic cache answers a repeat without hitting the provider or burning tokens again.

L1 SHA-256 · L2 cosine

Latency

Live rolling p95 per provider, and Thompson-Sampling shifts the route to the fastest responder.

latency-aware · Thompson-Sampling
§05 / Three capabilities

Inspect, control, prove

Inspect

Sees more than just secrets, inbound and outbound.

  • DLP layers 0–7 + multimodal (OCR)
  • pre-call and post-call, streaming
  • secrets, PII, financial data · milliseconds
DLP layers

Control

Policy decides what reaches the model: before the call, not after.

  • BLOCK / MASK / WARN policies, RBAC
  • budgets and cost attribution
  • kill-switch L0–L4 · instant
Kill-switch

Prove

Every request leaves a trail that survives an audit.

  • HMAC-chained audit, tamper-evident
  • SIEM export over CEF
  • evidence packs 152-FZ / GDPR / SOC 2
Pipeline
§06 / DLP engine / L1 · regex · luhn · INN

Regex, NER and a code detector: inbound and outbound

Regex with validators (Luhn for cards, MOD-11 for INN), Presidio NER for names and organizations, a dedicated code detector: AWS keys in source, GPL/AGPL headers and internal API domains never reach the model. Three modes: tokens [CARD_1], format-preserving substitution (a valid synthetic INN and a Luhn-correct card) or full redaction. Below, the first of eight layers runs live, right in your browser. Switch the mode by hand to see the difference.

Prompt · raw inbound
Prompt · cleaned waiting
entities
0
scan
· ms
verdict
·
L0 Injection
L1 Regex + Luhn
L2 NER
L3 LLM Guard
L4 Corp data
L5 Semantic
L6 Hallucination
L7 Copyright
§07 / Self-hosted

Data never leaves your perimeter

Not SaaS. It lives in your perimeter, on hardware you control: under your SIEM, secret store and SSO. Deploys in a couple of minutes, runs in air-gap.

Deployment
§09 / Ready?

All your AI traffic under your control

A self-hosted LLM Firewall inside your perimeter. One base_url line, and no prompt leaves directly.

sales@hackadvisor.io NDA on request · reply within one business day