AI Security Gateway - User Guide

Beta Release - v2026.3.1-beta

This documentation covers a beta release of the AI Security Gateway. Features and interfaces may change before the stable release. We welcome your feedback and bug reports via GitHub Issues.

Documentation itself is a work in progress and may not always accurately reflect the current feature processes!

The public release is now live, check at https://github.com/syphon1c/ai-security-gateway/

Welcome to the comprehensive user documentation for the AI Security Gateway, a security platform for Model Context Protocol (MCP) servers, Large Language Model (LLM) APIs and Agent to Agent (A2A) registry.

About This Project

Security in the AI space has a long way to go. As the AI market continues to expand, pivot, and evolve at a pace never seen before in technology, I found myself increasingly concerned about the attack surface we're creating. The threats are real and growing: prompt injection attacks, data poisoning, MCP supply chain vulnerabilities, and rug pull schemes targeting unsuspecting developers and organizations.

As a security professional working in this space, I couldn't wait for the industry to catch up. I needed tools that could address these concerns now. That's when I started building the AI Security Gateway, initially as a personal toolkit to secure my own MCP and LLM deployments (private use). What began as a collection of scripts and proxies has evolved into a comprehensive security solution.

After months of development and real-world testing, I've decided to open this project to the public. My hope is that by sharing these tools, we can collectively improve security across the AI ecosystem and help developers deploy AI services with greater confidence and protection.

Getting Started

Essential guides for new users:

• Installation - Complete setup and deployment guide
• Admin Quick Start Guide - Get up and running in 5 minutes
• Configuration Reference - Environment variables and configuration options

Changelog

• Current Changelog - 5th Beta Release 2026.3.1

Configuration

Configure authentication, security policies, and system settings:

Authentication & Access Control

• Authentication Overview - JWT, OAuth, and API key authentication
• API Key Authentication - API key management for programmatic access
• Custom API Keys - Advanced API key configuration
• OAuth Provider Guide - Configure OAuth providers (GitHub, Google, Okta, etc.)
• OAuth Proxy Guide - Enable OAuth authentication on MCP/LLM proxies
• Cross-App Access (XAA) - Okta XAA setup for per-proxy access

Security Policies

• Policy Overview - Understanding security policies
• Custom Policies Guide - Create custom threat detection rules

System Configuration

• System Prompts - AI system prompt management and injection
• Environment Variables - Environment variable reference

Deployment

Production deployment guides:

• Docker Deployment - Deploy with Docker and Docker Compose
• Docker Commands - Docker command reference and troubleshooting
• Hybrid Deployment - Combine Docker and native binaries
• Web Server Deployment - Deploy with Nginx or Apache

Integration

Integrate with external tools and services:

• Integration Guide - Overview of integration options (Langfuse, SIEM, SOAR, Slack)
• Claude Code Proxy Setup - Integrate with Claude Code IDE
• Cursor MCP OAuth Setup - Configure Cursor IDE integration
• OAuth Proxy Quick Reference - Quick API reference for OAuth proxies
• OAuth Proxy Chatbot Integration - Integrate chatbots with OAuth-protected MCP servers
• Langfuse Setup - Configure LLM observability with Langfuse

Operations

Monitor, maintain, and troubleshoot your deployment:

Monitoring & Logging

• Audit Logging - Comprehensive audit logging reference
• Alert Recording System - Security alert management
• Observability - Metrics, tracing, and monitoring

Maintenance

• Troubleshooting - Common issues and solutions

API Usage

Programmatic access and API references:

• API Examples - Practical examples for common tasks
• Proxy API Reference - Multi-proxy management endpoints
• OAuth API Reference - OAuth authentication API
• A2A API - Agent-to-agent communication API

Agent-to-Agent (A2A)

Enable secure agent-to-agent communication:

• Agent Registry Guide - Configure agent discovery and authentication

Architecture

System architecture and design:

• Architecture Overview - High-level system architecture

---

Quick Start Paths

New User? Start here:

1. Installation
2. Admin Quick Start
3. Authentication Setup

Setting up OAuth? Follow this path:

1. OAuth Provider Guide - Configure OAuth providers
2. OAuth Proxy Guide - Enable OAuth on proxies
3. Authentication Overview - Verify setup

Deploying to Production? Check these:

1. Docker Deployment
2. Security Runbook
3. Audit Logging

Home Support

• Troubleshooting: See Operations → Troubleshooting
• GitHub Issues: Report bugs or request features
• Documentation: Contributions welcome!