Platform Features
Secure your AI stack without slowing it down
Bastio combines real-time security controls, detection, and analytics with a drop-in developer experience.
Enforce policies, govern regions, and keep audit trails without slowing teams down.
- Inline policy gates with org/tenant scoping
- Least-privilege key management and rotation
- Compliance-ready logs and traceability
Reduce LLM spend via caching, bot-mitigation, and price-aware routing.
- Designed for 30-70% API cost savings
- Response caching and rate controls
- Real-time savings analytics
Automatic failover across providers (e.g. OpenAI → Anthropic) for resilient uptime.
- Health checks and graceful degradation
- Model & provider routing policies
- No code changes for your app
Inline allow/deny rules, model guards, and tier-based gates with target <10ms overhead.
Learn more →Injection, jailbreak, AI botting, scraping, and abuse detection with layered heuristics & LLM checks.
Learn more →Identify and redact sensitive data in prompts and responses with configurable policies.
Learn more →Per-provider key vault with rotation, scoping, and least-privilege by environment.
Learn more →Drop-in proxy for OpenAI, Anthropic, Gemini, Mistral, and more with response caching.
Learn more →Country and region rules, IP reputation, and quarantine workflows for risky traffic.
Learn more →Managed allow/block lists, custom regex, and structured rule sets for granular control.
Learn more →Live logs, cost savings, usage breakdowns, and searchable audit trails for compliance.
Learn more →Connect to OpenAI, Anthropic, Google, AWS, Azure, Mistral, and Ollama with unified API access and automatic failover.
Learn more →Secure autonomous AI agents with tool call validation, policy enforcement, and human-in-the-loop approvals.
Learn more →Full request tracing, session management, and real-time analytics dashboards for every AI interaction.
Learn more →Every feature you need to secure AI
From PII protection to cost optimization, discover the specific capabilities that solve your challenges.
Protect AI agents from indirect prompt injection when browsing the web with Firecrawl integration
Block sensitive data before it reaches the LLM with SHA-256 hashing and business logic validation
Sanitize LLM responses to prevent accidental leakage of customer data
Multi-layer detection blocks prompt injection, instruction override, and encoded attacks
Automated user agent analysis, timing patterns, and IP intelligence to block scrapers
Real-time threat list integration blocks Tor, VPN, proxy, botnet, and cloud provider IPs
Country and region-based access control with automated IP geolocation
Structured logging and retained audit trails for GDPR, HIPAA, SOC 2 compliance
Zero-downtime switching across OpenAI, Anthropic, Google, Mistral when providers fail
Prevent cascade failures with intelligent circuit breakers and graceful degradation
Per-user, per-endpoint, and per-tenant rate controls to prevent abuse and control costs
Real-time provider status tracking with automated alerting and dashboard visibility
Server-sent events (SSE) for real-time LLM response streaming with security checks
Intelligent response caching reduces redundant API calls and latency
Track spend by user, model, endpoint, and feature with real-time dashboards
Budget threshold notifications and automatic throttling when limits are reached
Route requests to cheapest or fastest provider based on cost, latency, and availability
Drop-in replacement for OpenAI SDK - change base URL and API key, no code changes
Security rules persist when switching models or providers - configure once, protect everywhere
Pre-built integrations for Clerk, Stripe, and custom webhooks for event-driven workflows
Track every LLM request with full context, latency, tokens, and cost breakdowns
Group related requests into sessions for multi-turn conversation analysis
Real-time charts for volume, latency, cost, and security metrics
Version-controlled prompt templates with variable substitution and deployment to proxies
Interactive testing environment to experiment with prompts across different models
Track performance metrics, compare versions, and optimize prompts with data-driven insights
Comprehensive evaluation framework with LLM judges, security evaluators, and golden response libraries
OpenAI-compatible proxy
Easy integration
Point your OpenAI client to our gateway and keep your code. Use your Bastio API key via the X-API-Key header for request analytics and policy controls.
- Drop-in base URL replacement
- Per-org policy enforcement and logging
- Multi-provider routing with failover
curl -X POST https://api.bastio.com/v1/chat/completions \
-H "Content-Type: application/json" \
-H "X-API-Key: YOUR_BASTIO_API_KEY" \
-d '{
"model": "gpt-4o-mini",
"messages": [{"role":"user","content":"Hello"}]
}'const res = await fetch("https://api.bastio.com/v1/chat/completions", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-API-Key": process.env.BASTIO_API_KEY!,
},
body: JSON.stringify({
model: "gpt-4o-mini",
messages: [{ role: "user", content: "Hello" }],
}),
});
const data = await res.json();SDKs — Coming soon
First-class TypeScript SDK with models, guards, and streaming helpers is on the way.
// bastio.ts (coming soon)
import { Bastio } from "@bastio/sdk";
const bastio = new Bastio({ apiKey: process.env.BASTIO_API_KEY });
const resp = await bastio.chat.completions.create({
model: "gpt-4o-mini",
messages: [{ role: "user", content: "Hello" }],
});Want an SDK for your language? Get in touch and tell us what you need.