The firewall
Five inspection layers. One request path.
Every prompt and response flows through the full pipeline inline — pattern, token, semantic, redaction, and output guardrails — at a 2.57ms p95. No round-trip to a second model, no added hop in your critical path.
Pattern & DLP
200+ DLP dictionaries and signature rules catch known injection strings, secrets, and PII before any model spend.
Token & Structure
Token-level heuristics flag obfuscation, encoding tricks, delimiter injection, and oversized payloads designed to slip past naive filters.
Semantic Intent
A lightweight classifier scores semantic intent — jailbreak framing, role-play coercion, and goal hijacking the regex layer can't see.
PII Redaction
Inline redaction rewrites prompts and responses so sensitive data never reaches the provider or your logs — fully configurable per policy.
Output Guardrails
Responses are re-scanned for leaked secrets, toxic content, and policy violations before they ever return to your user.
Fail-closed by default. If any layer errors or times out, the request is blocked — never silently passed through. Guardrail bypasses are a security incident, not a fallback.
Proof, not promises
The widest attack coverage in the category — measured.
Every number is sourced from the drift-checked registry and the public firewall benchmark, not a slide. Hover any bar to read the count.
p95 stays flat under load
Full pipeline (pattern · token · semantic · output), measured across 20K runs — while a naive in-band scanner degrades with volume.
Red-team plugins vs the field
Attack coverage across 42 strategies and 14 categories.
attack plugins
Defense-in-depth breadth
One platform spans the whole attack surface — where a standalone guardrail covers a slice.
Posture
Hardened from the host up.
The firewall protects your traffic; this is how we protect the platform that runs it.
Isolated Infrastructure
Dedicated servers on Hetzner Cloud with full-disk encryption and private networking. No shared multi-tenant compute.
Encryption Everywhere
AES-256-GCM at rest, TLS 1.3 in transit. API keys sealed with envelope encryption — BYOK supported, keys never leave your control.
Least-Privilege Access
Row-level security at the database layer, RBAC for every action, SSH key-only host access, and SSO/SAML with enforced MFA for enterprise.
Continuous Monitoring
Internal health checks every 30s; external synthetic probes every 15 minutes with public history. Sentry error tracking and container monitoring.
Tamper-Proof Audit Log
HMAC-SHA256 audit logging for every data mutation. Append-only, verifiable, and exportable for compliance evidence.
Hardened CI/CD
gitleaks secret scanning as a hard gate, plus SBOM-based vulnerability scanning (syft + grype, daily). No secret reaches main.
Data & compliance
Your data stays yours.
We follow GDPR and ISO 27001 principles, and our SOC 2 control evidence engine is live today. SOC 2 Type 1 attestation is in progress (target Q4 2026, gated on funding the auditor engagement) — the /security page will not claim SOC 2 anything until the auditor's letter is signed.
Automated daily backups (pg_dump at 2 AM UTC) with weekly full-backup verification.
Data residency controls — choose the region your data is stored in.
Right to erasure — full data deletion within 30 days of request.
No training on customer data. Your prompts and evaluations never train a model.
33 frameworks mapped · honest posture, no unearned badges
Put the firewall in front of your model.
Route traffic through the gateway and every request gets the full 5-layer inspection — no app changes, no added latency budget you'll notice.
Security resources
Security reports: security@evalguard.ai