WrapSec
WrapSecAI Security Gateway
About

Why WrapSec exists

Every team embedding LLMs into production applications faces the same problem: there is no standard enforcement layer between the application and the model. WrapSec is that layer.

The problem

AI adoption is outpacing AI security

Prompt injection, jailbreaks, PII leakage, and data exfiltration through LLM interfaces are not hypothetical - they are happening in production today. Most applications ship AI features with no enforcement layer between user input and the model.

WrapSec provides a single inspection point that covers the full request lifecycle - input inspection, output enforcement, audit logging, and policy scoping - without requiring changes to your existing application architecture.

Built for teams running AI in production - where security, auditability, and control are required, not optional.

100%
Request coverage
Every prompt inspected before reaching the model
~5ms
Detection latency
Rule + ML Tier 1. Transformer and LLM analysis optional.
2
Detection modes
Fast (rule + ML) and full (all layers including LLM semantic analysis)
MIT
License
Readable, auditable, forkable
Design principles

How it is built

Security-first, not security-as-feature
WrapSec is not a logging layer with a filter bolted on. The entire system is designed around enforcement - every detection layer, every guardrail, every error condition is built to prevent unsafe requests from reaching your model.
On-premises by design
Your prompts, your responses, and your audit logs stay in your environment. WrapSec is architected for self-hosted deployment. No data leaves your infrastructure.
Transparent over black-box
Every decision includes a primary reason, a risk score, and a trace ID. The detection logic, scoring model, and guardrail thresholds are all readable and auditable in the open source code.
Fail-safe, not fail-open
If a detector fails, WrapSec returns SYSTEM_ERROR - it never silently forwards a failed scan to your LLM. Clients must treat SYSTEM_ERROR as a failure and handle it explicitly.
Open source

Everything is readable.

Security tooling you cannot inspect is security theatre. The detection pipeline, scoring model, guardrail logic, and every architectural decision is in the repository - open to review, fork, and contribution.

View on GitHubGet in touch