Pillar + TrueFoundry: Runtime AI Protection, Built Into the Gateway

Dor Sarig

and

April 24, 2026

min read

Enterprises running AI in production need two things the same day: a gateway that routes traffic across models and providers without latency tax, and runtime protection that stops prompt injection, data leakage, and unsafe outputs before they reach users or LLMs.

Today we're announcing that Pillar's AI runtime protection is natively integrated into TrueFoundry's AI Gateway, so TrueFoundry customers can turn on Pillar protection across every AI request with a config change.

What the integration delivers

TrueFoundry's Gateway sits between your applications and every model you call — OpenAI, Anthropic, Bedrock, Azure, open-source, self-hosted. With Pillar plugged in, every request and response flowing through the Gateway gets inspected in real time against Pillar's policy engine. The Gateway enforces the verdict uniformly, regardless of which downstream model served the request.

Pillar's AI runtime protection covers the threats that matter most for production AI:

Prompt injection protection. Block direct and indirect injection attempts before they manipulate your model or agent.
Jailbreak detection. Catch attempts to bypass safety controls, including multi-turn and obfuscated variants.
PII, PCI and secrets detection. Flag and redact sensitive and financial data, API keys, and credentials in both prompts and responses.
Content moderation and toxicity filtering. Keep outputs clean, safe, and compliant with enterprise policy.
Reconnaissance and evasion. Identify any attempt to perform app fingerprinting or evade detection using hidden characters or encoding techniques.
Context-aware threat detection. Pillar evaluates the full conversation and session context, not only the single turn, which is how it catches threats that single-shot classifiers miss.

Why context matters for agentic workloads

Most runtime protection layers evaluate one message at a time. That works for chatbots. It breaks for agents. Agentic workflows chain tool calls, retrieve external content, and carry state across many turns, which is exactly where indirect prompt injection, data exfiltration, and goal hijacking live. Pillar's detection operates on the full session, so injected instructions embedded in a retrieved document or tool response get caught even when the individual turn looks benign in isolation.

Run this through the TrueFoundry Gateway and you get session-aware protection on every model call your agent makes, without writing detection logic into your application code.

How the flow works

Your application sends a request through the TrueFoundry AI Gateway.
The Gateway forwards the prompt to Pillar for an input scan.
If Pillar returns allow, the Gateway routes to the target model. If Pillar returns block, the request stops and the Gateway returns a safe response to your app.
When the model responds, the Gateway runs an output scan through Pillar before the response reaches your application.
Every scan, verdict, and decision is logged on both sides for audit, incident response, and policy tuning.

Setting it up in TrueFoundry

Adding Pillar to your TrueFoundry Gateway takes a runtime protection config and an API key. From the Guardrails Group setup in TrueFoundry:

Add a Pillar configuration to the group.
Supply your Pillar API key and the policy profile you want to apply.
Scope the protection to specific models, teams, routes, or environments. You can apply strict policies to production agents and looser policies to internal prototyping.
Save. Every request routed through that group now runs through Pillar.

Full setup instructions are in the TrueFoundry docs.

What teams can do on day one

Apply Pillar scanning to any model behind the Gateway without changing application code.
Block prompt injection and jailbreak attempts before they reach production LLMs.
Prevent accidental exposure of PII, secrets, and credentials in prompts and completions.
Set different policies for different teams, use cases, or risk tiers from a single control plane.
Combine Pillar's detection logs with TrueFoundry's per-request tracing for complete audit coverage.
Roll out progressively. Begin with one model or one team, expand with zero downtime.

Why this matters

Security teams have told us the same thing for the past year: they don't want to pick between a gateway that routes traffic and a security layer that protects it. They want both, wired together, with one place to configure policy and one place to audit what happened.

Pillar and TrueFoundry together deliver that. TrueFoundry runs the traffic. Pillar runs the defense. Your platform team gets a single deployment path for every AI workload in the enterprise, with runtime protection on by default.