██████ █████ ███████ ████████ ██ ██████
██ ██ ██ ██ ██ ██ ██ ██ ██
██████ ███████ ███████ ██ ██ ██ ██
██ ██ ██ ██ ██ ██ ██ ██ ██
██████ ██ ██ ███████ ██ ██ ██████
Four products. One platform. Self-host the OSS, or run it as a service on Bastio Cloud.
"Make secure, affordable AI the default."
One line change. Sub-10 ms latency. Full protection.
🛡️ Bastio Gateway — OSSThe AI security gateway. Drop-in OpenAI-compatible proxy with prompt injection blocking, PII redaction, jailbreak detection, response caching, multi-provider routing, and full audit logging. Single Go binary, Docker Compose, or Helm. FSL-1.1-ALv2 · Go + React · Self-hostable |
☁️ Bastio Cloud — HostedThe managed version. Same gateway, plus auth, orgs, billing, SSO (SAML/OIDC), RBAC, and audit. SOC 2, HIPAA, GDPR ready. Free tier — pay only for what you proxy. Hosted · |
🔍 Bastio Governance — OSSChrome + Edge extension that audits Shadow AI usage across ChatGPT, Claude, Gemini, Copilot, and others. Four-layer detector (regex / secrets / code / Presidio) intercepts sensitive content with Block + Configurable Redirect. SCIM 2.0 for IdP rollouts. FSL-1.1-ALv2 · MV3 · "Free 14-day Shadow AI Audit" |
💬 Bastio Workspace — HostedA secure AI chat workspace for teams. Bring your own keys or use Bastio Cloud as the provider — every message routes through the gateway, so security and audit are on by default. Custom domains supported. Hosted · |
Before — calling OpenAI directly:
from openai import OpenAI
client = OpenAI(
api_key="sk-...",
)After — routed through Bastio:
from openai import OpenAI
client = OpenAI(
base_url="https://api.bastio.com/v1", # <- just change this
api_key="bastio-...", # <- just change this
)Every request now gets security, caching, compliance, and failover. Same change works against a self-hosted Bastio Gateway — just point base_url at your install.
Sign Up Free · Self-Host the OSS · Read the Docs
OpenAI · Anthropic · Google Gemini · AWS Bedrock · Azure OpenAI · Mistral · Groq · and more
One endpoint, every provider. Automatic failover when one goes down.
| Feature | Description | Impact |
|---|---|---|
| Prompt Injection Blocking | Detect and block malicious prompt manipulation | Prevent data leaks and misuse |
| PII Masking | Redact sensitive data before it hits the LLM | Compliance without manual review |
| Response Caching | Semantic caching for repeated queries | 30–70% cost reduction |
| Multi-Provider Routing | Route by cost, latency, or capability | Optimize spend & reliability |
| Budget Guardrails | Spend limits per team, project, or key | No surprise bills |
| Audit Logging | Immutable logs of every request and decision | SOC 2 / HIPAA / GDPR ready |
| Automatic Failover | Reroute when a provider is down | Zero-downtime AI ops |
| Real-Time Observability | Dashboards for latency, tokens, and costs | Full LLM visibility |
| Shadow AI Audit | Browser extension visibility into unsanctioned AI use | Catch leaks before they ship |
| OpenAI-Compatible API | Drop-in proxy — any OpenAI SDK client | Integrate in minutes |
| Repo | What | License |
|---|---|---|
| 🛡️ bastio | The AI Security Gateway — Go backend + React dashboard. Ships the Python and TypeScript SDKs from sdk/. |
FSL-1.1-ALv2 |
| 🔍 bastio-extension | Bastio Governance — Chrome/Edge Shadow AI extension | FSL-1.1-ALv2 |
| 🔧 bast | AI-powered terminal assistant CLI | MIT |
pip install bastio # Python
npm install @bastio/core # TypeScript / JavaScript
npm install @bastio/mastra # Mastra processor
npm install @bastio/vercel-ai # Vercel AI SDK middlewareAll SDKs are MIT-licensed and live in the bastio repo under sdk/.
Watch this org to get notified when we ship new repos.
🌐 Website · :book: Documentation · :rocket: Sign Up Free · :package: Self-Host · :email: Contact
"Make secure, affordable AI the default."
Founded by Daniel Jacobsen
X · LinkedIn · bastio.com