---
title: "Bastio — The Enterprise AI Security Platform"
description: "Security for every AI your team ships — or uses. Open-source gateway, Shadow AI governance extension, secure employee workspace, EU-managed cloud. One platform, four pillars."
source: "https://bastio.com/"
---
Bastio / Platform v2.0 &lt;50ms · open source · Cloud EU-hosted

# Security for every AI your team ships. Or uses.

Your developers ship AI faster than security can review it. Your employees paste customer data into ChatGPT. Bastio sees both — and stops the dangerous prompts before they leave your network.

[Run a Shadow AI Audit](/audit)[Explore Developer Docs](/docs/getting-started)

$ git clone github.com/bastio-ai/bastio

[Open-source security gateway](/oss)[Shadow AI governance](/governance)[Secure employee workspace](/workspace)[EU-managed cloud](/cloud)

Securing AI infrastructure for teams building on

OpenAIAnthropicAWS BedrockGoogle GeminiMistralCohereLlamaIndexLangChainRedisClickHouse

§ 01 — The 4 pillars

## Built for the workforce. Engineered for builders.

### For the workforce

#### Bastio Governance

Extension

A deployable browser extension that audits company-wide AI usage and intercepts sensitive data before it hits public AI tools.

Policy block

rule: pii.ssn.block

[Inside Governance →](/governance)

#### Bastio Workspace

Portal

The destination Governance redirects into. Multi-model chat with your knowledge inline, branded for your company, zero retention by default. Built so employees prefer it to chatgpt.com.

Multi-modelKnowledge basesSSO + RBACBranded chat

[Inside Workspace →](/workspace)

### For the builders

#### Bastio Cloud

Managed

A full gateway, not just a /detect API. Proxies OpenAI and Anthropic traffic end-to-end with sub-5ms latency, giving you threat detection, observability, and provider fallback in one unified endpoint.

p50 latency3.8ms

uptime99.99%

[Inside Cloud →](/cloud)

#### Bastio OSS

Open source

Self-hostable first. Drop it between your app and the LLM via a single binary. Features deterministic detectors by default and tenant-owned custom policies you can shadow-test before activating.

`git clone github.com/bastio-ai/bastio`

[Inside OSS →](/oss)

§ 02 — The wedge

## Expose Shadow AI. Block & redirect.

Your employees are already using public AI tools — often with sensitive PII or proprietary company data. Bastio Governance intercepts these risky requests instantly.

Instead of just blocking them, it seamlessly redirects them to Bastio Workspace to complete their task securely.

chatgpt.com

🛑 Company policy

Can you summarize this Q3 financial report for Acme Corp...

Sensitive data (financial) detected.Process in Workspace →

§ 03 — Problem

## AI shipped. The adversaries shipped faster.

Every model call is a new attack surface. Customer PII leaks into prompts. Jailbreaks strip your system prompt in twelve tokens. Bots burn your inference budget over a long weekend — and you find out from the invoice.

You shipped AI anyway. Waiting for a security program meant not shipping. Bastio is the gateway you should have had from day one — inline, self-hostable, and fast enough that you'll forget it's on.

§ 04 — Coverage

## 47 OSS detectors, live on every request.

Not a checklist. A working pipeline. Toggle categories to see what's catching traffic right now across the open-source install base. Cloud customers additionally run the 5-detector Bastio AI Security Suite (Privacy Filter, Prompt Guard, Threat Vector, Injection Semantic, Session Risk Score) on every prompt — transformer-grade ML in sub-50ms. Cloud also dedupes identical prompts via the Bastio Response Cache — no second API call, no second bill.

All · 47PIISecretsInjectionJailbreakAbuseBotPolicyMeta

live · syncing every 30s

PII

pii.email

18,942 hits / 24h

PII

pii.phone

12,301 hits / 24h

PII

pii.ssn

214 hits / 24h

PII

pii.card

48 hits / 24h

PII

pii.address

3,024 hits / 24h

PII

pii.dob

590 hits / 24h

PII

pii.iban

21 hits / 24h

PII

pii.passport

7 hits / 24h

PII

pii.medical

142 hits / 24h

Secrets

secret.api\_key

812 hits / 24h

Secrets

secret.jwt

340 hits / 24h

Secrets

secret.aws

22 hits / 24h

Secrets

secret.private\_key

4 hits / 24h

Secrets

secret.password

188 hits / 24h

Secrets

secret.webhook

61 hits / 24h

Injection

inject.prompt

1,842 hits / 24h

Injection

inject.indirect

512 hits / 24h

Injection

inject.tool

38 hits / 24h

Injection

inject.system

402 hits / 24h

Injection

inject.delimiter

128 hits / 24h

Jailbreak

jailbreak.dan

221 hits / 24h

Jailbreak

jailbreak.roleplay

188 hits / 24h

Jailbreak

jailbreak.encoding

54 hits / 24h

Jailbreak

jailbreak.multilang

77 hits / 24h

Jailbreak

jailbreak.crescendo

32 hits / 24h

Jailbreak

jailbreak.payload

12 hits / 24h

Abuse

abuse.hate

94 hits / 24h

Abuse

abuse.sexual

41 hits / 24h

Abuse

abuse.self\_harm

17 hits / 24h

Abuse

abuse.violence

63 hits / 24h

Abuse

abuse.csam

0 hits / 24h

Bot

bot.signal

8,821 hits / 24h

Bot

bot.headless

2,413 hits / 24h

Bot

bot.residential

188 hits / 24h

Bot

bot.datacenter

1,042 hits / 24h

Policy

policy.topic

612 hits / 24h

Policy

policy.language

94 hits / 24h

Policy

policy.geography

22 hits / 24h

Policy

policy.competitor

8 hits / 24h

Policy

policy.custom

302 hits / 24h

Meta

lang.detect

29,102 hits / 24h

Abuse

toxicity.v3

421 hits / 24h

Meta

refusal.drift

88 hits / 24h

Meta

hallucination.cite

142 hits / 24h

Policy

copyright.match

38 hits / 24h

Secrets

code.exfil

14 hits / 24h

Injection

code.malicious

6 hits / 24h

— aggregated from 412 self-hosted installs, last 24h[Full catalog →](/oss)

§ 05 — Governance

AI governance · GDPR · EU AI Act

## Ship AI that Legal will sign off on.

Detection catches threats. *Governance* is what keeps you compliant. Bastio maps to GDPR, the EU AI Act, SOC 2, and ISO 27001 out of the box — so the regulator's visit isn't a six-week fire drill.

GDPRArt. 30

### PII never leaves

Inline redaction before the prompt reaches a provider. Lawful-basis tags on every request. Article 30 records generated automatically.

EU AI ActArt. 14

### Human-in-the-loop, by policy

Route high-risk tool calls to a named approver in Slack, Teams, or email. SLAs, fallbacks, and overrides — all logged as oversight evidence.

Audit7y retention

### Prove it on a Tuesday

Tamper-evident log of every prompt, decision, approver, and override. Export to CSV, OTEL, or a pre-formatted audit PDF.

Policy-as-codehitl.refund.yaml · v4

```
rule: "refund_over_threshold"
when:
  tool: "issue_refund"
  amount.gt: 500
  tenant.tier: [free, pro]
action:
  route: human
  channel: slack#cx-approvals
  approvers: [team:cx-leads]
  sla: 15m
  fallback: deny
record:
  scheme: eu-ai-act.art14
  retention: 7y
```

✓ valid24 rules activeedited 2h ago

Live review · Slackpending · 02:14 left

AI

support-agent wants to issue\_refundtool.call · trace 8f3a…c21 · 2s ago

customer cust\_01H8…9kP

amount   €842.00

reason   "order never arrived, 3rd time"

rule     refund\_over\_threshold

ApproveDeclineEdit

approver pool · cx-leads (3)logged · art14

median decision47s

approved94.2%

SLA breach0.3%

§ 06 — Install

## Change a base URL. Ship.

Bastio is wire-compatible with OpenAI. If your code talks to an OpenAI SDK, it talks to Bastio. No new client, no rewrite.

curlpythontypescriptgo

gw.bastio.local · 8080

```
# Point at Bastio instead of the provider.
curl https://gw.bastio.local/v1/chat/completions \
  -H "Authorization: Bearer $BASTIO_KEY" \
  -d '{
    "model": "gpt-5.4-mini",
    "messages": [{"role":"user","content":"..." }]
  }'
```

✓ Bastio is wire-compatible with OpenAI · Anthropic · Bedrock · Gemini · + 8 more[SDK reference →](/docs/sdks)

§ 07 — Deploy

## Run it yourself. Or don't.

Open sourceFree · FSL-1.1-ALv2

### Self-host

A single Go binary. Docker Compose or Helm. Your infra, your data, your audit trail.

RuntimeSingle binary, &lt;40MB

Data planePostgres + Redis

AnalyticsClickHouse (optional)

Air-gapSupported

SupportCommunity, GitHub

[Read the quickstart](/docs/getting-started)

ManagedFrom $0.002 / 1K tokens

### Bastio Cloud

We run the control plane. You get SSO, RBAC, audit, billing, and a dashboard that isn't your problem.

AuthSAML 2.0 + OIDC

RBACPer-tenant overlays

Audit7y retention, tamper-evident

SLA99.95% · 24/7 on-call

BillingStripe-native, token-metered

[Start free trial](/pricing)

§ 08 — Ship

## See your Shadow AI risk in 14 days.

[Run a Shadow AI Audit](/audit)[Explore Developer Docs](/docs/getting-started)