Home / Kong Plugin Hub
Edit
Report

AI Semantic Response Guard

AI License Required
Overview ExamplesGuidesConfiguration reference Changelog
Related Documentation
Gateway Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid db-less traditional
Supported Konnect Deployments
hybrid cloud-gateways serverless
Compatible Protocols
grpc grpcs http https
Minimum Version
Kong Gateway - 3.12
Tags
#ai
Related Resources
Get started with AI Gateway
AI Prompt Guard plugin
AI Semantic Prompt Guard
AI Proxy plugin
AI Semantic Cache plugin
Use AI Semantic Response Guard plugin to govern your LLM traffic
Embedding-based similarity matching in Kong AI gateway plugins
AI Gateway Enterprise: This plugin is only available as part of our AI Gateway Enterprise offering.

The AI Semantic Response Guard plugin extends the AI Prompt Guard plugin by filtering LLM responses based on semantic similarity to predefined rules. It helps prevent unwanted or unsafe responses when serving llm/v1/chat, llm/v1/completions, or llm/v1/embeddings requests through AI Gateway.

You can use a combination of allow and deny response rules to maintain integrity and compliance when returning responses from an LLM service.

How it works

The plugin analyzes the semantic content of the full LLM response before it is returned to the client. The matching behavior is as follows:

  • If any deny_responses are set and the response matches a pattern in the deny list, the response is blocked with a 400 Bad response.
  • If any allow_responses are set, but the response matches none of the allowed patterns, the response is also blocked with a 400 Bad response.
  • If any allow_responses are set and the response matches one of the allowed patterns, the response is permitted.
  • If both deny_responses and allow_responses are set, the deny condition takes precedence. A response that matches a deny pattern will be blocked, even if it also matches an allow pattern. If the response does not match any deny pattern, it must still match an allow pattern to be permitted.

Response processing

To enforce these rules, the plugin:

  1. Disables streaming (stream=false) to ensure the full response body is buffered before analysis.
  2. Intercepts the response body using the guard-response filter.
  3. Extracts response text, supporting JSON parsing of multiple LLM formats and gzipped content.
  4. Generates embeddings for the extracted text.
  5. Searches the vector database (Redis, Pgvector, or other) against configured allow_responses or deny_responses.
  6. Applies the decision rules described above.

If a response is blocked or if a system error occurs during evaluation, the plugin returns a 400 Bad Request to the client without exposing that the Semantic Response Guard blocked it.

Vector databases

A vector database can be used to store vector embeddings, or numerical representations, of data items. For example, a response would be converted to a numerical representation and stored in the vector database so that it can compare new requests against the stored vectors to find relevant cached items.

The AI Semantic Response Guard plugin supports the following vector databases:

  • Using config.vectordb.strategy: redis and parameters in config.vectordb.redis:
  • Using config.vectordb.strategy: pgvector and parameters in config.vectordb.pgvector:

To learn more about vector databases in AI Gateway, see Embedding-based similarity matching in Kong AI gateway plugins.

Using cloud authentication with Redis v3.13+

If your plugin uses a Redis datastore, you can authenticate to it with a cloud Redis provider. This allows you to seamlessly rotate credentials without relying on static passwords.

The following providers are supported:

  • AWS ElastiCache
  • Azure Managed Redis
  • Google Cloud Memorystore (with or without Valkey)

You need:

  • A running Redis instance on an AWS ElastiCache instance for Valkey 7.2 or later or ElastiCache for Redis OSS version 7.0 or later
  • The ElastiCache user needs to set “Authentication mode” to “IAM”
  • The following policy assigned to the IAM user/IAM role that is used to connect to the ElastiCache: 
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticache:Connect"
            ],
            "Resource": [
                "arn:aws:elasticache:ARN_OF_THE_ELASTICACHE",
                "arn:aws:elasticache:ARN_OF_THE_ELASTICACHE_USER"
            ]
        }
    ]
}

To configure cloud authentication with Redis, add the following parameters to your plugin configuration:

config:
  vectordb:
    strategy: redis
    redis:
      host: $INSTANCE_ADDRESS
      username: $INSTANCE_USERNAME
      port: 6379
      cloud_authentication:
        auth_provider: aws
        aws_cache_name: $AWS_CACHE_NAME
        aws_is_serverless: false
        aws_region: $AWS_REGION
        aws_access_key_id: $AWS_ACCESS_KEY_ID
        aws_secret_access_key: $AWS_ACCESS_SECRET_KEY

Replace the following with your actual values:

  • $INSTANCE_ADDRESS: The ElastiCache instance address.
  • $INSTANCE_USERNAME: The ElastiCache username with IAM Auth mode configured.
  • $AWS_CACHE_NAME: Name of your AWS ElastiCache instance.
  • $AWS_REGION: Your AWS ElastiCache instance region.
  • $AWS_ACCESS_KEY_ID: (Optional) Your AWS access key ID.
  • $AWS_ACCESS_SECRET_KEY: (Optional) Your AWS secret access key.

Next Steps

Use AI Semantic Prompt Guard plugin to govern your LLM traffic
Use AI Prompt Guard plugin to govern your LLM traffic
Something wrong?
Report an Issue | Edit this Page
View all Kong documentation

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help?

Ask in our Slack Community
Contact Support