Security

KoreShield secures LLM traffic by combining sanitization, detection, and policy enforcement in a single proxy layer. This keeps provider API keys server-side and applies the same safeguards to every request.

Core Capabilities

Input sanitization to remove unsafe content patterns
Prompt injection detection with multi-layered rules
Policy enforcement that blocks or warns on detected threats
Audit-friendly logging and metrics for monitoring

How It Works

Requests enter the KoreShield proxy
Content is sanitized and scanned for threats
Policies decide whether to allow, warn, or block
Allowed traffic is forwarded to the configured provider
Results are logged for monitoring and audit

Configure Security Defaults

Set defaults in the KoreShield Dashboard (hosted) or your deployment settings (self-hosted). Typical settings include sensitivity and default action.

Sensitivity Guidance

high: strict enforcement, best for regulated workloads
medium: balanced defaults for most production use
low: lenient mode for experimentation

Operational Tips

Use structured logging and alerts to monitor blocks and threats
Apply rate limits to protect upstream providers
Protect proxy endpoints with JWT or X-API-Key auth

Detection details in Attack Detection
Configuration settings in /configuration/settings

Core Capabilities​

How It Works​

Configure Security Defaults​

Sensitivity Guidance​

Operational Tips​

Related Docs​

Core Capabilities

How It Works

Configure Security Defaults

Sensitivity Guidance

Operational Tips

Related Docs