AI Gateway
Business objective
The traffic cop and toll booth for model calls. An AI gateway is the single exit door through which all of an organization’s LLM traffic flows: it routes requests to the right model/provider, enforces rate limits and budgets, manages API keys and fallbacks, caches responses, and — crucially for governance — logs and archives every prompt and response in one place. Instead of every team wiring its own OpenAI/Anthropic/Bedrock keys, calls go through one governed chokepoint.
The gateway’s value is mostly plumbing and control rather than security inspection: routing, cost control, reliability (failover, retries), and a complete audit trail. It is the place you attach the security (ai-runtime-security) and visibility (llm-observability) controls, because it’s the one point every model call must cross.
When you need it
Day-1, and lightweight to stand up. The first time more than one team or app calls a model API, you want a single front door — for cost visibility, for kill-switch control, and for the audit log that compliance and comms-surveillance will later need. For a hedge fund the archival angle matters: a gateway that captures every prompt/response is the cheapest way to make AI traffic reviewable for MAR/MNPI purposes downstream. If you only use a vendor-hosted enterprise-ai-assistant, the assistant vendor is effectively your gateway; the moment you build apps on raw model APIs, you want your own.
Security role
Controls outbound data flows by construction: it is the single outbound path for model traffic, so it’s where you enforce which models can be reached, what gets logged, and where output-side policy attaches. It’s a preventive, inline chokepoint — but a chokepoint, not an inspector: it actually blocks exfiltration only when you bolt guardrails (ai-runtime-security) onto it. It typically sits at the boundary of the yellow/green zone, mediating all calls leaving internal apps for external model providers.
Vendors
Developer/OSS-leaning gateways
- litellm — widely used open-source proxy/SDK that normalizes 100+ model providers behind one OpenAI-compatible API.
- portkey — gateway plus guardrails, observability, and prompt management; control-plane oriented.
- truefoundry — AI/ML platform with a gateway plus an mcp-gateway offering.
- openrouter — aggregator/marketplace routing to many models behind one API and billing relationship.
Incumbent infra / API-management gateways
- kong — API-gateway incumbent extended with an AI gateway (and MCP tool ACLs).
- f5 — application-delivery incumbent with an AI gateway (and AI security via the CalypsoAI acquisition, per seed).
- cloudflare — edge platform offering an AI gateway (caching, rate-limiting, analytics) alongside its network stack.
Consolidation / M&A dynamics
Per seed flags (unverified — to confirm in research): Portkey flagged as acquired by Palo Alto Networks; F5 flagged as having acquired calypsoai (pairing a gateway with AI guardrails). The broader pattern is two-sided: API-management and networking incumbents (Kong, F5, Cloudflare, Palo Alto) are adding AI-gateway features, while AI-native gateways add security and observability to move up the stack. Expect gateway + firewall + observability to converge into single suites.
Adjacent categories
- ai-runtime-security — the inspection logic that attaches to the gateway chokepoint; often sold together.
- llm-observability — consumes the gateway’s traces/logs; some gateways (Portkey) ship their own observability.
- mcp-gateway — the agent-era analogue: a single doorway for the tools agents call, where the AI gateway is the doorway for model calls. Several vendors (Kong, TrueFoundry) do both.
- network-security-sase — the foundation-layer egress control the AI gateway complements at the application layer.
Survey
Question: Which AI gateway products are you using or evaluating to route, govern, and log your organization’s model/API traffic?
Answer options: Portkey, LiteLLM, TrueFoundry, Kong AI Gateway, F5, Cloudflare, OpenRouter, Other (Please Specify).
Response scale: multi-select; Interested; Considering/evaluating; Pilot/implementing; In production; Would recommend; Would not recommend.
Notes for survey design:
- LiteLLM is the most common OSS default; expect high “in production” among teams building on raw APIs.
- “AI gateway” overlaps confusingly with mcp-gateway (Kong, TrueFoundry appear in both) — clarify “model traffic” vs “agent tool access” in the question stem.
- Many shops use a model provider’s native console or a SASE/proxy as a de-facto gateway; the Other field will catch DIY/none.
- M&A dates Portkey (flagged → Palo Alto) and F5 (flagged ← CalypsoAI); show product names respondents will recognize.
Open taxonomy questions
- AI gateway vs mcp-gateway: as agents dominate, does the model-call gateway fold into the tool-call gateway, or stay distinct?
- Where does a gateway end and an ai-runtime-security firewall begin when one product does both (Portkey, F5, Prisma AIRS)?