Home / Kong Plugin Hub
Edit
Report

AI Semantic Prompt Guard

AI License Required
Overview Examples Configuration reference Changelog
Related Documentation
Gateway Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid db-less traditional
Supported Konnect Deployments
hybrid cloud-gateways serverless
Compatible Protocols
grpc grpcs http https
Minimum Version
Kong Gateway - 3.8
Related Resources
Get started with AI Gateway
AI Prompt Guard plugin
AI Proxy plugin
AI Semantic Cache plugin
Use AI Semantic Prompt Guard plugin to govern your LLM traffic
Embedding-based similarity matching in Kong AI Gateway plugins
AI Gateway Enterprise: This plugin is only available as part of our AI Gateway Enterprise offering.

The AI Semantic Prompt Guard plugin extends the AI Prompt Guard plugin by allowing you to permit or block prompts based on a list of similar prompts, helping to prevent misuse of llm/v1/chat or llm/v1/completions requests.

You can use a combination of allow and deny rules to maintain integrity and compliance when serving an LLM service using Kong AI Gateway.

How it works

The matching behavior is as follows:

  • If any deny prompts are set and the request matches a prompt in the deny list, the caller receives a 400 response.
  • If any allow prompts are set, but the request matches none of the allowed prompts, the caller also receives a 400 response.
  • If any allow prompts are set and the request matches one of the allow prompts, the request passes through to the LLM.
  • If there are both deny and allow prompts set, the deny condition takes precedence over allow. Any request that matches a prompt in the deny list will return a 400 response, even if it also matches a prompt in the allow list. If the request doesn’t match a prompt in the deny list, then it must match a prompt in the allow list to be passed through to the LLM.

Vector databases

A vector database can be used to store vector embeddings, or numerical representations, of data items. For example, a response would be converted to a numerical representation and stored in the vector database so that it can compare new requests against the stored vectors to find relevant cached items.

The AI Semantic Prompt Guard plugin supports the following vector databases:

  • Using config.vectordb.strategy: redis and parameters in config.vectordb.redis:
  • Using config.vectordb.strategy: pgvector and parameters in config.vectordb.pgvector:

To learn more about vector databases in AI Gateway, see Embedding-based similarity matching in Kong AI gateway plugins.

Using cloud authentication with Redis v3.13+

Starting in Kong Gateway 3.13, you can authenticate with a cloud Redis provider for your Redis strategy. This allows you to seamlessly rotate credentials without relying on static passwords.

The following providers are supported:

  • AWS ElastiCache
  • Azure Managed Redis
  • Google Cloud Memorystore (with or without Valkey)

Each provider also supports an instance and cluster configuration.

Important: Kong Gateway open source plugins do not support any Redis cloud provider cluster configurations.

To configure cloud authentication with Redis, add the following parameters to your plugin configuration:

You need:

  • A running Redis instance on an AWS ElastiCache instance for Valkey 7.2 or later or ElastiCache for Redis OSS version 7.0 or later
  • The ElastiCache user needs to set “Authentication mode” to “IAM”
  • The following policy assigned to the IAM user/IAM role that is used to connect to the ElastiCache: 
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticache:Connect"
            ],
            "Resource": [
                "arn:aws:elasticache:ARN_OF_THE_ELASTICACHE",
                "arn:aws:elasticache:ARN_OF_THE_ELASTICACHE_USER"
            ]
        }
    ]
}

config:
  storage: redis
  storage_config:
    redis:
      host: $INSTANCE_ADDRESS
      username: $INSTANCE_USERNAME
      port: 6379
      cloud_authentication:
        auth_provider: aws
        aws_cache_name: $AWS_CACHE_NAME
        aws_is_serverless: false
        aws_region: $AWS_REGION
        aws_access_key_id: $AWS_ACCESS_KEY_ID
        aws_secret_access_key: $AWS_ACCESS_SECRET_KEY

Replace the following with your actual values:

  • $INSTANCE_ADDRESS: The ElastiCache instance address.
  • $INSTANCE_USERNAME: The ElastiCache username with IAM Auth mode configured.
  • $AWS_CACHE_NAME: Name of your AWS ElastiCache instance.
  • $AWS_REGION: Your AWS ElastiCache instance region.
  • $AWS_ACCESS_KEY_ID: (Optional) Your AWS access key ID.
  • $AWS_ACCESS_SECRET_KEY: (Optional) Your AWS secret access key.

FAQs

Does the AI Semantic Prompt Guard plugin support multilingual input?

Yes, the AI Semantic Prompt Guard plugin supports multilingual input—depending on the capabilities of the configured embedding model. The plugin sends raw UTF-8 text to the embedding provider supported by AI Gateway (such as Azure, Bedrock, Gemini, Hugging Face, Mistral, or OpenAI). As long as the model supports multiple languages, semantic comparisons and rule enforcement will work as expected without requiring additional plugin configuration.

How do I resolve the MemoryDB error Number of indexes exceeds the limit?

If you see the following error in the logs:

failed to create memorydb instance failed to create index: LIMIT Number of indexes (11) exceeds the limit (10)

This means that the hardcoded MemoryDB instance limit has been reached. To resolve this, create more MemoryDB instances to handle multiple AI Semantic Prompt Guard plugin instances.

Next Steps

Use AI Semantic Prompt Guard plugin to govern your LLM traffic
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support