Zuplo
AI Platform Overview →

One Gateway for REST, LLMs, and MCP.

Put every LLM call through the same policy pipeline that runs your APIs. Multi-provider routing, semantic caching, prompt injection protection, and dollar budgets — all OpenAPI-native, deployed via GitOps.

Talk to an AI Expert Read the Docs
AI Gateway · Teams
ENFORCED

All Teams

Policy scope

Acme Corp

L0

Monthly Budget

$7,440/$12,000

Tokens

58%

Requests

71%

Inherits limits from parent team
AccuWeather
Read the Case Study
Blockdaemon
Read the Case Study
Lake Michigan Credit Union
Read the Case Study
Finsolutia
Read the Case Study
VNDR
Read the Case Study
Mews
Read the Case Study
Yext
Read the Case Study
Zumiez
Read the Case Study

Features

Built for LLM traffic, governed like an API.

Multi-provider routing

Route to OpenAI, Anthropic, Gemini, and Mistral through one endpoint. Swap providers in config, not code.

Semantic caching

Cache responses by vector similarity, not exact match. Cut latency and spend on repeated prompts.

Prompt injection protection

Block malicious instructions before they reach your model. Fully configurable via the prompt-injection-outbound policy.

Secret masking

Redact API keys, emails, and other sensitive values from responses with the secret-masking-outbound policy.

Dollar budgets, per team

Set hierarchical spend limits in USD for each team. Requests halt when the budget is hit — no overspend.

Observability & tracing

Stream every request to Galileo, Comet Opik, or your own collector. Inspect latency, tokens, and cost per call.

Want to see it in action?

Book a Technical Call
Team Hierarchy
LIVE

Acme Inc

Organization · hard cap

$4,393/$10,000

Engineering

$2,210/$4,000

Chatbot$670/$800
Copilot$1,540/$3,200

Sales

$1,040/$3,000

Marketing

$1,143/$3,000

Team hierarchy

Policies and budgets at every level of your org.

Most AI gateways give you one global cap. Zuplo lets you nest organizations, teams, sub-teams, and apps — each with their own daily and monthly dollar budgets that cascade from the top down. Platform sets the ceiling, finance sets department caps, engineering divides it across projects. Everyone gets predictable spend. Nobody has to ask for a new key.

  • Dollar budgets at org, team, and app level
  • Daily and monthly limits — hard stops or warnings
  • Sub-team budgets cannot exceed the parent's ceiling
  • Rate limits and security policies inherit the same way

Multi-provider routing

Route to the right model, every time.

Map routes to OpenAI, Anthropic, Gemini, or Mistral. Override the target in policy per-request, per-tenant, or per-API-key. Teams keep the same SDK integration while platform teams control cost and availability.

  • Declarative provider mapping in zuplo.json
  • Per-route model selection via OpenAPI extensions
  • Drop-in compatibility with OpenAI SDK baseURL
  • Works with Claude Code, Cursor, LangChain, Goose
AI Gateway
ACTIVE

Routed to

OpenAI

Auto-failover enabled

Semantic Cache

67% hit rate

Monthly Budget

$444/1,200

Prompt Injection Blocked

Drop-in integration

Swap the base URL. Keep your SDK.

Point any OpenAI-compatible client at your Zuplo gateway and policies take over. No new SDK to learn.

TypeScriptclient.ts
// Keep your existing OpenAI SDK — just swap the base URL
import OpenAI from "openai";

const client = new OpenAI({
  baseURL: "https://your-org.zuplo.app/v1",
  apiKey: process.env.ZUPLO_AI_KEY, // your Zuplo key, not OpenAI's
});

const response = await client.chat.completions.create({
  model: "gpt-4o",
  messages: [{ role: "user", content: "Summarize our Q1 sales data." }],
});

Built on the Zuplo platform

Not a standalone AI box — part of one API platform.

The AI Gateway runs on the same policy engine, the same auth modules, and the same GitOps pipeline as your REST and MCP APIs. One bill. One pane of glass. When your AI product graduates from prototype to production, the gateway already knows how to run it.

See every policy → Explore the full AI platform

Enterprise AI governance

The seven questions every CISO asks about AI.

Security, cost, and data-privacy controls a centralized AI governance program needs — and where Zuplo enforces each one.

Unrestricted access

How do we prevent models from acting beyond their intended scope?

AI Gateway scopes which providers, models, and routes a key can reach. MCP Gateway publishes virtual servers that expose only the tools each team is approved to use — the model literally can't see anything outside that allowlist. Auth translation keeps privileged downstream credentials out of the model's hands.

MCP Gateway →
Cost control

How do we cap costs when AI usage exceeds projections?

Token and dollar budgets at every level — org, team, sub-team, app — that cascade and constrain each other. Hard 429s before the bill arrives, not soft alerts after. Per-team attribution shows exactly which workload is driving cost; semantic caching and per-consumer quotas drop spend further.

Usage limits →
Data privacy

How do we keep PII or SPDI out of logs and prompts?

Two layers, deliberately separated. Inbound, the secret-masking-outbound policy and the optional Akamai AI Firewall redact patterns before requests reach the model. Outbound to your observability stack, Zuplo scrubs sensitive fields at the logging-pipeline layer before shipping to your SIEM. Map both as separate trust zones.

AI Firewall →
Visibility & monitoring

How do we monitor AI activity, especially for agents and AIOps?

Every LLM call and every MCP tool invocation is logged with caller identity, inputs, tool name, latency, tokens, cost, and outcome — streamed to your SIEM. For agent workloads, the tool-call audit matters more than the LLM-call view: you see what the agent did, not just what it said. Traces also flow to Galileo, Comet Opik, or any OTel collector.

Audit logs →
Prompt injection

How do we mitigate "ignore all previous instructions" attacks?

Honest framing: prompt injection is the SQL injection of LLMs — you mitigate, you don't eliminate. Layered approach: detect known patterns at the input via the prompt-injection policy and Akamai AI Firewall; constrain agency through tool allowlists and scoped credentials so a successful injection has limited blast radius; validate outputs before downstream side effects; log every blocked attempt.

AI Firewall →
Cross-team data leakage

How do we prevent one team's model from accessing another team's logs?

Virtual MCP servers per team plus RBAC on the audit log itself. Finance gets Stripe and QuickBooks tools; Engineering gets GitHub and Linear; Support gets helpdesk tools — all from the same upstream sources with team-specific configs and isolated audit trails. The same hierarchy on the AI Gateway scopes models, budgets, and request logs by team.

MCP Gateway →
Unauthorized access

How do we stop developers from bypassing the gateway and calling Bedrock or OpenAI directly?

Straight answer: no AI gateway alone fully solves this. It's a network-egress and IAM problem — block outbound calls to provider endpoints, strip Bedrock/Vertex/OpenAI permissions from developer identities so only the gateway's service principal has them, vault provider keys so they never live in developer hands. Zuplo is the enforcement point and key vault; our Akamai partnership covers the network side.

Dedicated deployment →

Frequently Asked Questions

Learn about API management and how Zuplo helps your team build better APIs.

Want a demo of Zuplo? Talk to an API expert

Start with the AI Gateway today.

Free forever for developers. Same signup as the API Gateway — your account owns both.

Start for Free Compare AI Gateways