AI Semantic Prompt Guard

The AI Semantic Prompt Guard plugin extends the AI Prompt Guard plugin by allowing you to permit or block prompts based on a list of similar prompts, helping to prevent misuse of llm/v1/chat or llm/v1/completions requests.

You can use a combination of allow and deny rules to maintain integrity and compliance when serving an LLM service using Kong AI Gateway.

The matching behavior is as follows:

• If any deny prompts are set and the request matches a prompt in the deny list, the caller receives a 400 response.
• If any allow prompts are set, but the request matches none of the allowed prompts, the caller also receives a 400 response.
• If any allow prompts are set and the request matches one of the allow prompts, the request passes through to the LLM.
• If there are both deny and allow prompts set, the deny condition takes precedence over allow. Any request that matches a prompt in the deny list will return a 400 response, even if it also matches a prompt in the allow list. If the request doesn’t match a prompt in the deny list, then it must match a prompt in the allow list to be passed through to the LLM.

A vector database can be used to store vector embeddings, or numerical representations, of data items. For example, a response would be converted to a numerical representation and stored in the vector database so that it can compare new requests against the stored vectors to find relevant cached items.

The AI Semantic Prompt Guard plugin supports the following vector databases:

• Using config.vectordb.strategy: redis and parameters in config.vectordb.redis:
  • Redis with Vector Similarity Search (VSS)
  • AWS MemoryDB for Redis v3.12+
• Using config.vectordb.strategy: pgvector and parameters in config.vectordb.pgvector:
  • PostgreSQL with pgvector v3.10+

To learn more about vector databases in AI Gateway, see Embedding-based similarity matching in Kong AI gateway plugins.