Skip to content
Lakera Guard

Lakera Guard

NEW ACQUIRED
Category: AI Security
License: Commercial (with Free tier)
Visit Lakera Guard
Suphi Cankurt
Suphi Cankurt
+8 Years in AppSec
Updated February 2, 2026
6 min read
Key Takeaways
  • Real-time API that blocks prompt injection with 98%+ detection and sub-50ms latency
  • Supports 100+ languages; acquired by Cisco in May 2025 and folded into Cisco AI Defense
  • Creators of Gandalf, the prompt injection game played by 1M+ people
  • Commercial with free tier; single API endpoint integration

Lakera Guard is an AI security API that protects LLM applications against prompt injection, jailbreaks, and data leakage in real time.

Lakera Guard real-time visibility dashboard showing threat detection across applications

Lakera was founded in 2021 in Zurich by David Haber (CEO), Dr. Mateo Rojas-Carulla, and Dr. Matthias Kraft β€” AI researchers with backgrounds at Google and Meta.

The company has 11 PhDs on staff.

Lakera gained widespread recognition for creating Gandalf, an educational game where players try to extract a secret password from an AI through prompt injection.

Gandalf has attracted over 1 million players and generated 80M+ adversarial prompts that feed directly into Lakera’s threat intelligence.

In May 2025, Cisco announced the acquisition of Lakera. The deal brings Lakera Guard, Lakera Red, and the Gandalf community dataset into the Cisco AI Defense portfolio.

The Zurich-based research team continues to maintain Guard’s detection models under Cisco, with new sales now routed through Cisco enterprise procurement.

What is Lakera Guard?

Lakera Guard sits between users and LLMs as a security layer. Every input and output passes through Guard’s detection engine before reaching the model.

If a threat is detected, it flags or blocks the request before the LLM processes it.

The system delivers 98%+ detection rates with sub-50ms latency and false positive rates below 0.5%. It screens content across 100+ languages and scripts.

The detection models learn from 100K+ new adversarial samples each day, drawn partly from the Gandalf community’s 80M+ prompts.

Prompt Attack Detection
Detects and blocks direct prompt injection, indirect prompt injection, jailbreak attempts, and system prompt extraction across 100+ languages in real time.
Data Leakage Prevention
PII detection and redaction, secrets detection, and custom data pattern matching for both inputs and outputs. Prevents sensitive information from reaching or leaving the LLM.
Content Moderation
Filters toxic, hateful, violent, and inappropriate content. Supports custom content policies and profanity detection. Identifies suspicious URLs outside approved domain lists.

Pick your next step

See alternatives

Compare Lakera Guard side by side with other prompt-injection guardrails before you commit.

β†’

Open-source option

LLM Guard is a free, self-hosted alternative if you prefer to run prompt-injection detection on your own infrastructure.

β†’

Browse the category

See every AI security tool I've reviewed, grouped by guardrail, red-team, and model-scanning use cases.

β†’

Key Features

FeatureDetails
Prompt Injection DetectionDirect injection, indirect injection, jailbreak, system prompt extraction
Detection Rate98%+ across all attack types
LatencySub-50ms per request
False Positive RateBelow 0.5% in production
Language Support100+ languages and scripts
PII DetectionIdentifies and redacts personal data in inputs and outputs
Content ModerationToxicity, hate speech, violence, custom policies
Link ScanningFlags suspicious URLs outside approved domain lists
API FormatOpenAI-compatible chat completions message format
Scale1M+ secured transactions per app per day

How the API works

Lakera Guard uses a single endpoint: POST https://api.lakera.ai/v2/guard. Requests follow the OpenAI chat completions message format with roles (system, user, assistant).

Guard screens the last interaction in the message chain and returns a flagged boolean indicating whether a threat was detected.

Lakera Guard API POST /v2/guard request and JSON response showing flagged prompt injection detection

You can configure projects with specific policies that determine which detectors run. The breakdown parameter returns per-detector flagging details, and the payload parameter returns match locations for PII and profanity.

Lakera Guard Policy Center showing prompt defense threshold configuration from lenient to strict

The four main detection categories are:

  • Prompt attacks β€” prompt injections , jailbreaks, and manipulation attempts
  • Data leakage β€” PII and sensitive information exposure
  • Content violation β€” offensive, hateful, sexual, violent, or vulgar material
  • Unknown links β€” suspicious URLs outside approved domain lists

Lakera Red

Lakera Red is the company’s AI red teaming product. It runs automated attack simulations against your LLM applications to identify vulnerabilities before they reach production. Red teaming results feed back into Guard’s detection models.

Lakera Guard threat detection and response interface showing flagged prompt injection requests

Gandalf

Gandalf is Lakera’s interactive game where players try to extract a secret password from an AI through increasingly sophisticated prompt injection techniques. It demonstrates real-world attack patterns and has been used by security researchers, AI engineers, educational institutions, and CTF competitions.

The 80M+ adversarial prompts collected through Gandalf form a unique dataset that informs Lakera’s threat intelligence. The game is free to play at gandalf.lakera.ai.

Cisco acquisition
Cisco acquired Lakera in May 2025. Lakera Guard, Lakera Red, and Gandalf are being integrated into Cisco AI Defense, and new contracts now run through Cisco enterprise procurement. Lakera Guard remains available as a standalone API for existing customers.

Getting Started

1
Create an account β€” Sign up at platform.lakera.ai. A free tier is available to get started.
2
Set up a project β€” Create a project to get a project ID and configure which detectors and policies to apply. Lakera recommends setting up a project rather than using the default policy.
3
Integrate the API β€” Add a single API call to your application. Send a POST request to https://api.lakera.ai/v2/guard with your messages in OpenAI chat completions format. If flagged is true, block the request.
4
Monitor and tune β€” Use the Security Center dashboard to monitor threats, review analytics, and adjust policies. Feed log data into your SIEM via Grafana, Splunk, or similar integrations.

Lakera Guard pricing

Lakera publishes a free Community tier on platform.lakera.ai for evaluation and low-volume use. Paid Pro and Enterprise plans are sales-gated β€” Lakera does not publish per-call or per-seat list prices, and post-acquisition quotes now route through Cisco enterprise sales.

I do not publish dollar amounts for sales-gated tools. To get a quote, sign up at platform.lakera.ai for the free tier or contact Cisco AI Defense for Enterprise pricing. Be ready to share expected request volume per app per day, deployment region (data residency rules), and whether you need on-prem deployment in addition to the managed API.

When to use Lakera Guard

Lakera Guard is built for teams deploying LLM-powered applications that need real-time input/output screening. The API-first design means integration takes minutes rather than weeks.

It works with any LLM β€” OpenAI, Anthropic, Google, Azure OpenAI, AWS Bedrock, or self-hosted models.

The platform handles high-volume production traffic (1M+ transactions per app per day) with sub-50ms latency, making it practical for customer-facing chatbots and real-time applications.

Best for
Teams deploying customer-facing LLM applications that need prompt injection detection with low latency and low false positive rates across multiple languages.

Lakera alternatives

Lakera Guard’s wedge is sub-50ms latency, 100+ language coverage, and a managed API trained on the Gandalf community dataset. When that managed-API model is not the right fit, these are the closest alternatives:

  • LLM Guard β€” Open-source (MIT) input/output scanner stack from Protect AI. Pick LLM Guard when you need self-hosted runtime guardrails with no data leaving your infrastructure and accept managing the ML inference yourself.
  • OpenAI Guardrails β€” OpenAI’s official tripwire-pattern guardrails for the Assistants and Responses APIs. Better when you are already locked to OpenAI infrastructure and want first-party agent guardrails.
  • NeMo Guardrails β€” NVIDIA’s framework adds dialog-flow control via the Colang language. Choose NeMo when multi-turn conversation modeling matters more than per-request input/output scanning.
  • Prompt Security β€” A managed runtime guardrail service now operated by SentinelOne (acquired May 2025) and integrated into the Singularity Platform. Pick Prompt Security when you are standardized on SentinelOne for endpoint and want AI guardrails in the same stack.
  • Knostic β€” A different problem space: need-to-know access control for enterprise LLMs (Microsoft 365 Copilot, Glean). Pair with Lakera rather than swap; Knostic enforces who can see what, Lakera enforces what the model can be tricked into doing.
  • See the full Lakera alternatives guide for a side-by-side comparison table and post-Cisco-acquisition framing.

For a wider catalog, the AI security tools hub groups these by sub-category (runtime guardrails, red teaming, model scanning, access control).

Note: Acquired by Cisco in May 2025 and integrated into Cisco AI Defense. Includes Lakera Guard, Lakera Red, and Gandalf Agent Breaker.
Visit Lakera Guard

Frequently Asked Questions

What is Lakera Guard?
Lakera Guard is a real-time AI security API that protects LLM applications against prompt injection, jailbreaks, and data leakage. It delivers 98%+ detection rates with sub-50ms latency across 100+ languages. Lakera was acquired by Cisco in May 2025 and folded into Cisco AI Defense.
Is Lakera Guard free or commercial?
Lakera Guard is commercial with a free tier available at platform.lakera.ai. Enterprise plans support higher volumes and additional features like custom policies and on-prem deployment.
Does Lakera Guard protect against prompt injection?
Yes, prompt injection detection is Lakera Guard’s core capability. It blocks direct injection, indirect injection, jailbreak attempts, and system prompt extraction in real time with sub-50ms latency.
What is the Gandalf game?
Gandalf is an educational game created by Lakera where players try to extract a secret password from an AI through prompt injection. It has attracted 1M+ players and generated 80M+ adversarial prompts that feed back into Lakera’s threat intelligence.
How does Lakera Guard integrate with LLM applications?
Lakera Guard uses a single API endpoint (POST to /v2/guard) that follows the OpenAI chat completions message format. It screens the last interaction in a message chain and returns a flagged boolean. Integration takes one API call.
How I review tools Suggest an edit

Other AI Security Tools

7AI
7AI

AI SOC Agents with Dynamic Reasoning

Agentic Radar
Agentic Radar

Security Scanner for LLM Agentic Workflows

Alter
Alter

Zero-Trust Access Control for AI Agents (YC S25)

Arize AI
Arize AI

OpenTelemetry-based AI observability with open-source Phoenix

Augustus
Augustus

Production-grade LLM vulnerability scanner with 210+ adversarial probes

Cerbos
Cerbos

Policy-Based Authorization for AI Agents and MCP Servers

See all AI Security tools

Complement with SAST

Pair AI security with static analysis for broader coverage.

Veracode
Veracode

Binary Analysis AppSec Platform

Corgea
Corgea

AI-native SAST with automatic vulnerability detection and code fix generation

See all SAST tools

Learn More

Vibe Coding Security AI-Generated Code Security LLM Red Teaming: Tools, Attacks & Methodology (2026) Prompt Injection Attacks What is AI Security?

Explore all AI Security guides and tools