.png?fit=max&auto=format&n=gKqTvJPtsRi2bLNx&q=85&s=8abbce3efb590630de2102c43d32aadf)
.png?fit=max&auto=format&n=Dy9YsIECUbR9JZiT&q=85&s=a1f404cd7f7aeb1727c89d81137ae1ac)
The Lakera Guard template connects Lakera Guard, an API-first runtime security layer for LLM and agent applications, as a custom rule engine in MCP Manager. It is the simplest provider to set up — the endpoint is fixed and MCP Manager handles the request and response translation, so you only supply authentication. Add it from Rule Engines → Add → Lakera Guard.Documentation Index
Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
Use this file to discover all available pages before exploring further.
This page summarizes Lakera Guard to help you decide how to use it from MCP Manager. Lakera owns the product and changes it often — treat the Lakera Guard documentation as the authoritative source for current detectors, limits, and pricing. (Lakera is now part of Check Point, following an acquisition that completed in November 2025.)
What Lakera Guard is
Lakera Guard is a runtime security layer that sits between your application and your LLM, screening both inputs (prompts and retrieved documents) and outputs (model replies) and returning an allow / block / sanitize decision with reasons you can log. Think of it as content moderation, data-loss prevention, and prompt-attack detection combined and tuned for AI. What sets it apart from a generic content filter is the threat-intelligence engine behind it: Lakera maintains a large, continuously growing database of adversarial attack data — fed in part by Gandalf, its public prompt-injection game — that keeps its detectors current against new attack techniques. Lakera Guard is model-agnostic, working with hosted providers (OpenAI, Anthropic, Google, Azure OpenAI, AWS Bedrock) and self-hosted models alike.What it detects
Lakera Guard leads with security detections rather than responsible-AI categories. Its core coverage:- Prompt injection and jailbreaks — both direct attacks and indirect attacks that arrive through external systems and data.
- Data leakage (PII and secrets) — sensitive information leaving the model or being pulled from connected data, with DLP-style controls.
- Toxic and policy-violating content — content moderation, including violent and dangerous content.
- Per-project, per-route policies — different routes can run different guardrails, so a public chatbot can use strict filters while an internal agent uses a tuned profile.
- Custom detectors — you can tailor detection beyond the prebuilt catalog.
Why it fits an MCP gateway
Lakera explicitly recommends gateway-level deployment — screening all LLM traffic in one place so policy and enforcement apply consistently, without each application team building it in. That maps directly onto MCP Manager: attaching Lakera Guard as a gateway rule screens your MCP tool requests and tool responses as they pass through, including the indirect prompt attacks that ride in through tool data. Applied this way, Lakera operates at the model-interaction layer and complements MCP Manager’s governance at the connection and traffic layer.Setup
The endpoint URL is fixed athttps://api.lakera.ai/v2/guard and the HTTP method is locked to POST — both are filled in for you and can’t be changed. All you provide is a header to authenticate with Lakera:
- Under Headers, add
Authorizationwith the valueBearer <your-Lakera-API-key>.
How it behaves as a rule
Once saved, Lakera Guard appears in the Detection method dropdown on gateway rules. As with every custom engine, there is no action picker — Lakera’s verdict drives whether the message passes, is modified, or is blocked — and the rule’s failure mode defaults to Block. You can test it with sample text before rolling it out.Things to plan for
- Text only, today. Lakera Guard screens text (structured and natural language). Lakera describes audio and image (multi-modal) defense as coming soon, so it won’t inspect non-text content the way Bedrock’s image filtering does. Check Lakera for current multi-modal support.
- Availability and the single-point-of-failure trade-off. The managed API routes your screened traffic through Lakera’s infrastructure, so a Lakera outage affects it. In MCP Manager this is governed by the rule’s failure mode: with the default Block, an unreachable Lakera fails closed and blocks the message; choose Allow to fail open. For tighter control, Lakera offers a self-hosted container — see Lakera’s security page.
- Pricing is largely quote-based. Lakera documents a free Community plan (up to 10,000 requests per month) and a customizable, quote-based Enterprise plan (flexible volumes, self-hosting, SSO, enterprise support). For an accurate quote, sign up at platform.lakera.ai or contact Lakera/Check Point sales with your expected request volume, region, and any on-prem needs. Treat pricing as subject to change.
- MCP Manager adds no per-call charge. As long as your plan includes custom rule engines, MCP Manager does not meter or charge per call for routing MCP traffic to Lakera Guard. Any usage cost is billed by Lakera (Check Point) directly, under their own plan, for the requests you screen.
- Vendor performance claims. Lakera and Check Point cite figures such as sub-50 ms latency, high detection rates, and support for 100+ languages, and position Guard as helping meet EU AI Act requirements. These are vendor claims — verify them against Lakera for your own use case.
Further reading
Custom Rule Engines
How custom engines are added, tested, and applied to gateway rules.
Amazon Bedrock Guardrails
The other built-in custom-engine template, responsible-AI-first.
Gateway Rules Overview
Detection methods, hooks, failure modes, actions, and rule ordering.
Microsoft Presidio
The built-in PII detection method that complements Lakera Guard.