惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
小众软件
小众软件
Engineering at Meta
Engineering at Meta
博客园 - 三生石上(FineUI控件)
WordPress大学
WordPress大学
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
V2EX
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 热门话题
酷 壳 – CoolShell
酷 壳 – CoolShell
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
H
Help Net Security
Martin Fowler
Martin Fowler
G
GRAHAM CLULEY
Simon Willison's Weblog
Simon Willison's Weblog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - Franky
V
Vulnerabilities – Threatpost
云风的 BLOG
云风的 BLOG
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
量子位
Stack Overflow Blog
Stack Overflow Blog
Recent Announcements
Recent Announcements
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
I
Intezer
Scott Helme
Scott Helme
A
About on SuperTechFans
博客园 - 司徒正美
Hacker News: Ask HN
Hacker News: Ask HN
The GitHub Blog
The GitHub Blog
Forbes - Security
Forbes - Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Spread Privacy
Spread Privacy
T
Tailwind CSS Blog
S
Security Affairs
宝玉的分享
宝玉的分享

OpenRouter Blog

Choosing the Optimal Image Input Detail Level in LLMs — OpenRouter Blog DeepSeek V4 Is Earning Agentic Token Share — OpenRouter Blog The Open Weight Models that Matter: June 2026 — OpenRouter Blog The OpenRouter MCP Server — OpenRouter Blog Introducing the Unified Image API — OpenRouter Blog The AI Governance Checklist That Maps to Your Stack — OpenRouter Blog Enforce AI Data Residency at the Routing Layer — OpenRouter Blog OpenRouter vs Portkey: Routing Network vs Control Plane — OpenRouter Blog OpenRouter vs LiteLLM: Managed vs Self-Hosted Gateway — OpenRouter Blog Connect OpenClaw to OpenRouter: One Key, Failover, Free Models — OpenRouter Blog Connect SillyTavern to OpenRouter: Setup, Models, Fixes — OpenRouter Blog A Robot is Sprinting Towards You: Do You Want it Running on Claude or Grok? Kilo Code + OpenRouter: Setup, Routing, and Free Models — OpenRouter Blog Codex CLI with OpenRouter: config.toml Setup and Models — OpenRouter Blog Claude Code with OpenRouter: Setup, Models, and Costs — OpenRouter Blog How to Use OpenRouter With Any Coding Agent or AI Tool — OpenRouter Blog Subagent: Let Your Model Delegate the Busywork — OpenRouter Blog Free LLM API in 2026: 13 Options Ranked and Compared — OpenRouter Blog How to Enforce Agentic AI Governance at the API Layer — OpenRouter Blog Keep Your Agent Running When Models Disappear — OpenRouter Blog Hermes Agent + OpenRouter: Setup, Model Choice & Routing Config — OpenRouter Blog Lowest-Cost LLM Inference: The Complete OpenRouter Guide — OpenRouter Blog How OpenRouter Model Routing Works: Providers, Fallbacks & Auto Router — OpenRouter Blog OpenRouter Failover: Provider Failover vs Model Fallbacks Explained — OpenRouter Blog Surpassing Frontier Performance with Fusion — OpenRouter Blog Dinner is Served — OpenRouter Blog LLM Gateway: What It Is and How to Choose One — OpenRouter Blog Advisor: Give Any Model a Lifeline to a Smarter One — OpenRouter Blog Gemini 2.5 Flash API - Pricing, Quickstart & Provider Comparison — OpenRouter Blog EU AI Act & Colorado ADMT Compliance: Human Oversight for AI Agents — OpenRouter Blog May Release Spotlight — OpenRouter Blog OpenRouter Raises $113M Series B — OpenRouter Blog Human-in-the-Loop Tools for the Agent SDK — OpenRouter Blog Consistent Web Search and Fetch Across Every Model — OpenRouter Blog GPT-5.5 Price Increase: What It Actually Costs — OpenRouter Blog New Audio APIs for Speech and Transcription — OpenRouter Blog Response Caching: Zero Cost for Identical Requests — OpenRouter Blog April Release Spotlight — OpenRouter Blog Create OpenRouter Accounts via CLI with Stripe Projects — OpenRouter Blog Opus 4.7 Agent SDK: Building Multi-turn Agent Workflows on OpenRouter — OpenRouter Blog Build Your Own Harness with the Agent SDK — OpenRouter Blog Introducing Workspaces — OpenRouter Blog Announcing Video Generation — OpenRouter Blog Auto Exacto: Adaptive Quality Routing, On by Default — OpenRouter Blog February Release Spotlight — OpenRouter Blog OpenRouter Outages on February 17 and 19, 2026 — OpenRouter Blog January Release Spotlight — OpenRouter Blog Distillable Models and Synthetic Data Pipelines with NeMo Data Designer — OpenRouter Blog December Release Spotlight — OpenRouter Blog Response Healing: Reduce JSON Defects by 80%+ — OpenRouter Blog The 2025 State of AI Report — OpenRouter Blog Is Implicit Caching Prompt Retention? — OpenRouter Blog Provider Variance: Introducing Exacto — OpenRouter Blog 1 million free BYOK requests per month — OpenRouter Blog The First-Ever Image Model Is Up on OpenRouter — OpenRouter Blog GPT-5 is now live — OpenRouter Blog Audio Inputs and PDF URLs for Apps — OpenRouter Blog Presets: How To Seamlessly Transfer Model Configurations Across Apps — OpenRouter Blog New Privacy-Focused Provider Drop: Venice — OpenRouter Blog Use OpenRouter Models in Cursor: Try it with Moonshot AI Updates to Our Free Tier: Sustaining Accessible AI for Everyone — OpenRouter Blog New Stealth Model: "Cypher Alpha" — OpenRouter Blog Introducing Presets: Manage LLM Configs from Your Dashboard! — OpenRouter Blog Dev & BYOK Updates: Uptime API + Smarter Key Management — OpenRouter Blog Simplifying Our Platform Fee — OpenRouter Blog GIF Prompts, Omni Search, Tool Caching, and BYOK Flags — OpenRouter Blog New Features: Reasoning Streams, Crypto Invoices, End-User IDs & More — OpenRouter Blog Passkeys, DevEx Upgrades, and a New Guide for TypeScript Agents — OpenRouter Blog New Provider Drop: Cerebras Is Here — OpenRouter Blog Better Insights, Faster Metrics, and New Developer Power Tools — OpenRouter Blog Privacy Clarity, New Providers, OAuth Upgrade, and Gemini Gets Parallel Tools — OpenRouter Blog Universal PDF Support — OpenRouter Blog Smarter Charts, Inline SVGs, and Live Usage Accounting — OpenRouter Blog Quasar Alpha and Optimus Alpha Reveal — OpenRouter Blog "Stealth" model: Optimus Alpha — OpenRouter Blog “Stealth” model: Quasar Alpha — OpenRouter Blog Never Pay for Empty AI Responses Again — OpenRouter Blog Deep Research & Many New Models — OpenRouter Blog Introducing Nitro and Floor Price Shortcuts — OpenRouter Blog Introducing Cloudflare as a new provider — OpenRouter Blog Reasoning Tokens for Thinking Models — OpenRouter Blog Introducing Web Search via the API — OpenRouter Blog Standardized finish reasons — OpenRouter Blog Happy New Year! Introducing a new Auto Router — OpenRouter Blog Holiday launches: Web Search & Price Cuts — OpenRouter Blog Bring Your Own API Keys — OpenRouter Blog Crypto Payments API — OpenRouter Blog Structured Outputs & Free Gemini Flash 2.0 — OpenRouter Blog Price Drops and Llama 3.3 70b — OpenRouter Blog Author Pages & Amazon Nova — OpenRouter Blog
Guardrails: Protect your Agents, Data, and Costs — OpenRouter Blog
Cailee Moberg · 2026-05-29 · via OpenRouter Blog

OpenRouter workspaces have guardrails: a set of configurable security and governance tools for budget enforcement, zero data retention (ZDR), model and provider restrictions, prompt injection defense, and data loss prevention. Layer each of these rules into a guardrail to govern your entire workspace, or create customized guardrails for team member groups or API keys, all without changing your code.

Go to Workspaces > Guardrails in your home dashboard or use the management API to create guardrails. Read the docs for more detail.

Budget Enforcement

Set spending limits with daily, weekly, or monthly reset windows. Requests that exceed the limit for the time period will fail with a 402 response. Use it to cap spending per member or per key so a single runaway script can’t burn the month’s budget.

Guardrail budgets are per-entity, not shared. Assign a guardrail with a $50/day limit to three team members, and each one gets their own $50 budget. API key budgets layer independently on top of member budgets. If Audrey has a $100/day member limit and her key has a $30/day limit, the key caps at $30 and Audrey’s total across all keys in the workspace caps at $100. Both are checked on every request.

Zero Data Retention (ZDR) and Model/Provider Restrictions

Disable all endpoints that retain or train on data in one-click, block individual models or providers, or restrict the workspace to a model/provider allowlist. Disallowed requests fail with a 404 response. Use it to keep traffic on providers you’ve vetted, off providers that retain or train on inputs, and on the model price tier each project should use.

Your account-wide privacy policies and provider restrictions are inherited by default. Guardrails can only be more restrictive.

Prompt Injection Defense

Scan inputs against a set of >30 regex patterns derived from the OWASP LLM Prompt Injection Prevention Cheat Sheet and other resources to identify prompt injection and jailbreak attempts. The detection system includes techniques to catch common evasion strategies: typoglycemia, encoding-based, and character-spaced evasion. It’s deterministic and latency overhead is negligible.

Detection runs before the request is sent to the model provider, so blocked traffic never leaves OpenRouter. Use it to catch common injection and jailbreak patterns, especially for agents that pass user input verbatim.

Choose the action you want taken when a pattern is detected:

  • Flag: The request passes through unmodified; the detection is recorded for observability, but no enforcement is applied. Useful for evaluating the impact on your traffic before switching to redact or block.
  • Redact: Matched parts of the input are replaced with [PROMPT_INJECTION] and the sanitized request is sent to the model.
  • Block: The entire request is rejected with a 403 before it reaches the model. The 403 response includes metadata about the type of pattern detected.

Read the prompt injection detection docs.

Data Loss Prevention (DLP)

Detect and handle PII and other sensitive information in requests. Seven sensitive info types are built in. You can also add your own custom regex patterns for domain-specific data (internal project codenames, proprietary IP). Configure each to Redact the sensitive info or Block the request entirely. Blocked requests return a 403 response with information about the type of content detected. Use it to keep PII and sensitive identifiers out of vendor logs and in compliance with your data handling commitments.

Most built-in patterns and all custom patterns use regular expression matching. This is deterministic and adds negligible latency to requests. Names and addresses use Natural Language Processing (NLP) via Presidio and add latency proportional to input size.

Built-in patternMethodRedacted as
Email addressRegex[EMAIL]
Phone numberRegex[PHONE]
Social Security numberRegex[SSN]
Credit card numberRegex[CREDIT_CARD]
IP addressRegex[IP_ADDRESS]
Person nameNLP[PERSON_NAME]
AddressNLP[ADDRESS]

Read the sensitive info protection docs.

Assign to API keys or org members

You can assign a guardrail to multiple API keys or members. When assigned to members, the guardrail applies to all of their keys in the workspace.

Each workspace has a default guardrail you can configure that applies to every API key and member in the workspace. You can create additional guardrails to further restrict specific API keys or members. The workspace default guardrail sets the baseline; any additional guardrails layer on top.

Start using guardrails

Go to Workspaces > Guardrails in your home dashboard to configure your workspace guardrail or create guardrails for specific API keys or members.

Configure programmatically. The Management API supports every guardrail operation, including create, update, delete, list, and assign to keys or members, so you can automate provisioning during team onboarding or key rotation.

curl https://openrouter.ai/api/v1/guardrails \
  -H "Authorization: Bearer $OPENROUTER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-safety",
    "limit_usd": 100,
    "reset_interval": "daily",
    "allowed_models": [
      "anthropic/claude-sonnet-4.6",
      "openai/gpt-5.4",
      "google/gemini-3.1-pro-preview"
    ],
    "content_filter_builtins": [
      {"slug": "regex-prompt-injection", "action": "block"},
      {"slug": "email", "action": "redact"},
      {"slug": "credit-card", "action": "block"}
    ]
  }'

Guardrails docs overview · Guardrails API reference