For agent platforms, support AI, internal copilots, and MCP-connected apps

One API to secure your AI.

Veil AI Firewall protects prompts, responses, and MCP tool calls with built-in PII redaction, prompt injection detection, output filtering, and hallucination flags. Keep your SDK. Change one URL.

Get Free API Key See Firewall Docs
100 free requests/month. No credit card. Same domain, same billing, same OpenAI-compatible proxy, now with runtime AI security.
Prefer the dedicated Guard surface? Open Veil Guard.
Input Firewall Demo

What your app sends

Summarize this support ticket:

"Hi, my name is Sarah Johnson
and my email is sarah.j@company.com.
My SSN is 078-05-1120 and I'm
calling from 555-867-5309.
My card 4111-1111-1111-1111
was charged twice."

What the LLM sees

Summarize this support ticket:

"Hi, my name is <<VEIL_PERSON_a8f2c3d1e4f5>>
and my email is <<VEIL_EMAIL_ADDRESS_c3d1e4f5a8b2>>.
My SSN is <<VEIL_US_SSN_9e7b1a2c3d4e>> and I'm
calling from <<VEIL_PHONE_NUMBER_4f2a1b3c8d9e>>.
My card <<VEIL_CREDIT_CARD_b1e8a2c3d4f5>>
was charged twice."

See what Veil would sanitize before the model sees it.

Try the built-in redaction layer on a real prompt. Then turn on runtime input, output, and MCP controls in the API.

Results will appear here...

Input, output, and MCP security in one code change.

Keep your current SDK, models, and provider keys. Point your client at Veil and turn protections on with headers or standalone firewall endpoints.

// Before const openai = new OpenAI({ apiKey: process.env.OPENAI_API_KEY, }); // After — Veil AI Firewall sits in front of the model const openai = new OpenAI({ apiKey: process.env.OPENAI_API_KEY, baseURL: "https://veil-api.com/v1", defaultHeaders: { "Authorization": `Bearer ${process.env.VEIL_API_KEY}`, "x-upstream-key": process.env.OPENAI_API_KEY, "x-veil-input-policy": "block", "x-veil-output-policy": "monitor", } }); // PII still gets redacted and restored automatically. // Output filtering and MCP inspection are available in the same API.

Three security lanes, one runtime.

Veil still handles privacy. Now it also gives you runtime controls for the two other places AI apps break: model behavior and tool surfaces.

Input firewall

Redact PII, catch prompt injection, and stop obvious approval-bypass or credential-harvesting attempts before they reach the model.

Output firewall

Flag risky responses, prompt leakage, suspicious links, unsafe tool arguments, and unsupported new claims before they leave your stack.

MCP firewall

Inspect tool descriptors, calls, and results for hidden instructions, scope mismatches, destructive actions, and data exfiltration paths.

Built on the existing proxy

Same auth flow, same billing, same provider routing. You can add runtime security without migrating off the Veil integration you already have.

Useful defaults, explicit controls

Keep the default proxy behavior backward compatible, then opt into input blocking, output monitoring, or hallucination flags per request.

Security-founder distribution

Veil is being built from real vulnerability research and public MCP audits, not generic “guardrails” copy disconnected from how attacks actually look.

Works with every provider.

41 named providers. Veil AI Firewall protects the traffic without forcing a model-vendor rewrite.

OpenAI
Anthropic
Google Gemini
Mistral
Cohere
xAI (Grok)
AI21 Labs
Together AI
Groq
Fireworks AI
OpenRouter
Perplexity
Cerebras
SambaNova
Lepton AI
Nebius AI
Novita AI
Hyperbolic
Lambda
DeepInfra
DeepSeek
Moonshot
Zhipu AI
Yi (01.AI)
Baichuan
Stepfun
MiniMax
Qwen (DashScope)
SiliconFlow
Replicate
Baseten
HuggingFace
Portkey
Helicone
Codestral
Targon
Kluster
Chutes
Martian
Braintrust
Unify AI

Data and secret coverage.

PII redaction is still built in for support tickets, patient records, legal documents, internal notes, credentials, and structured identifiers.

Global

PERSON
EMAIL_ADDRESS
PHONE_NUMBER
CREDIT_CARD
CRYPTO
IP_ADDRESS
MAC_ADDRESS
IBAN_CODE
LOCATION
NRP
MEDICAL_LICENSE

Secrets & API Keys

AWS_ACCESS_KEY
GITHUB_TOKEN
SLACK_TOKEN
STRIPE_KEY
GCP_API_KEY
JWT_TOKEN
PRIVATE_KEY
GENERIC_SECRET

Crypto Wallets

ETHEREUM
BITCOIN
LITECOIN
MONERO

United States

US_SSN
US_PASSPORT
US_DRIVER_LICENSE
US_BANK_NUMBER
US_ITIN
US_MBI
US_NPI
ABA_ROUTING_NUMBER

United Kingdom

UK_NHS
UK_NINO
UK_PASSPORT
UK_POSTCODE
UK_VEHICLE_REGISTRATION

Germany

DE_TAX_ID
DE_PASSPORT
DE_ID_CARD
DE_SOCIAL_SECURITY
DE_HEALTH_INSURANCE
DE_KFZ
DE_VAT_ID
DE_FUEHRERSCHEIN
DE_LANR
DE_BSNR

Europe, Asia & More

ES_NIF
ES_NIE
IT_FISCAL_CODE
IT_DRIVER_LICENSE
IT_VAT_CODE
IT_PASSPORT
PL_PESEL
FI_PERSONAL_IDENTITY_CODE
SE_PERSONNUMMER
SG_NRIC_FIN
AU_ABN
AU_TFN
AU_MEDICARE
IN_PAN
IN_AADHAAR
IN_PASSPORT
KR_RRN
KR_PASSPORT
TH_TNIN
NG_NIN

Americas

CA_SIN
BR_CPF
BR_CNPJ
MX_CURP
FR_NIR

Context PII

DATE_OF_BIRTH
PASSWORD
CVV

Structured Identifiers

VIN
IMEI
US_EIN
SWIFT_BIC
GEO_COORDINATE

Infrastructure

DATABASE_URL
BEARER_TOKEN

Pricing.

Start free in a minute. Upgrade only when real traffic hits.

Free

$0
Test the full product on real payloads. No credit card required.
  • 100 requests/month
  • All 79+ entity types
  • Streaming support
  • All providers
We email a one-time verification link, then issue your key. Usually takes under a minute.

Starter

$49/mo
For teams shipping their first AI features.
  • 10,000 requests/month
  • All 79+ entity types
  • Streaming support
  • All providers
  • Email support

Growth

$149/mo
For teams scaling AI in production.
  • 100,000 requests/month
  • All 79+ entity types
  • All 41 providers
  • Streaming support
  • Priority support

Enterprise

$499/mo
For companies that need guarantees.
  • 1,000,000+ requests/month
  • All 79+ entity types
  • All 41 providers
  • Streaming support
  • Direct support

FAQ

Common questions from developers.

What is Veil AI Firewall?

Veil AI Firewall is a drop-in proxy and inspection API that secures prompts, responses, and MCP tool traffic. It includes the original Veil PII redaction flow plus prompt injection detection, output filtering, and MCP inspection.

Does Veil still redact PII?

Yes. PII redaction and response restoration are still built into the core proxy. The firewall layer expands Veil into prompt, response, and MCP runtime protection without removing the original privacy workflow.

How do I turn on runtime protections?

On inline chat traffic, add headers like x-veil-input-policy: block or x-veil-output-policy: monitor. For standalone inspection, call /v1/firewall/input, /v1/firewall/output, or /v1/firewall/mcp.

Does Veil work with the OpenAI Python SDK?

Yes. Set the base_url parameter to your Veil endpoint and add your Veil API key in the headers. No other code changes needed. Works with the official SDKs and 41 named upstream providers.

What does the MCP firewall inspect?

It inspects MCP descriptors, tool calls, and tool results for tool poisoning, scope mismatches, destructive action patterns, prompt injection, suspicious links, and secret leakage.

Can I test this before touching production?

Yes. Start on the free tier, use the live redaction demo above, point a staging client at Veil, or call the standalone firewall endpoints directly. You do not need to replace your provider or rewrite your app to try it.