> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Lakera Guard

> What Lakera Guard is and how to connect it to MCP Manager as a custom rule engine: its threat-intelligence-driven detection of prompt injection, jailbreaks, PII, and toxic content, the gateway-level fit, the fixed /v2/guard setup, and the availability and pricing details to know.

The **Lakera Guard** template connects [Lakera Guard](https://www.lakera.ai/), an API-first runtime security layer for LLM and agent applications, as a [custom rule engine](/features/gateway-rules/custom-rules-engines) in MCP Manager. It is the simplest provider to set up — the endpoint is fixed and MCP Manager handles the request and response translation, so you only supply authentication. Add it from **Rule Engines** → **Add** → **Lakera Guard**.

<Note>
  This page summarizes Lakera Guard to help you decide how to use it from MCP Manager. Lakera owns the product and changes it often — treat the [Lakera Guard documentation](https://docs.lakera.ai/guard) as the authoritative source for current detectors, limits, and pricing. (Lakera is now part of Check Point, following an acquisition that [completed in November 2025](https://www.checkpoint.com/press-releases/check-point-acquires-lakera-to-deliver-end-to-end-ai-security-for-enterprises/).)
</Note>

## What Lakera Guard is

Lakera Guard is a runtime **security** layer that sits between your application and your LLM, screening both inputs (prompts and retrieved documents) and outputs (model replies) and returning an allow / block / sanitize decision with reasons you can log. Think of it as content moderation, data-loss prevention, and prompt-attack detection combined and tuned for AI.

What sets it apart from a generic content filter is the **threat-intelligence engine** behind it: Lakera maintains a large, continuously growing database of adversarial attack data — fed in part by [Gandalf](https://gandalf.lakera.ai), its public prompt-injection game — that keeps its detectors current against new attack techniques. Lakera Guard is **model-agnostic**, working with hosted providers (OpenAI, Anthropic, Google, Azure OpenAI, AWS Bedrock) and self-hosted models alike.

## What it detects

Lakera Guard leads with **security** detections rather than responsible-AI categories. Its core coverage:

* **Prompt injection and jailbreaks** — both direct attacks and indirect attacks that arrive through external systems and data.
* **Data leakage (PII and secrets)** — sensitive information leaving the model or being pulled from connected data, with DLP-style controls.
* **Toxic and policy-violating content** — content moderation, including violent and dangerous content.

Two capabilities matter for an enterprise deployment:

* **Per-project, per-route policies** — different routes can run different guardrails, so a public chatbot can use strict filters while an internal agent uses a tuned profile.
* **Custom detectors** — you can tailor detection beyond the prebuilt catalog.

<Tip>
  Lakera Guard and [Amazon Bedrock Guardrails](/features/amazon-bedrock) lead from different ends and can be used together. Lakera is **security-first** (prompt injection, jailbreaks, agent-loop screening, threat-intel-driven); Bedrock is **responsible-AI-first** (content categories, denied topics, hallucination and grounding checks). They overlap on PII and content moderation.
</Tip>

## Why it fits an MCP gateway

Lakera explicitly recommends **gateway-level deployment** — screening all LLM traffic in one place so policy and enforcement apply consistently, without each application team building it in. That maps directly onto MCP Manager: attaching Lakera Guard as a gateway rule screens your MCP **tool requests and tool responses** as they pass through, including the indirect prompt attacks that ride in through tool data. Applied this way, Lakera operates at the model-interaction layer and complements MCP Manager's governance at the connection and traffic layer.

## Setup

The **endpoint URL** is fixed at **`https://api.lakera.ai/v2/guard`** and the HTTP method is locked to POST — both are filled in for you and can't be changed. All you provide is a header to authenticate with Lakera:

* Under **Headers**, add `Authorization` with the value `Bearer <your-Lakera-API-key>`.

MCP Manager formats the request to Lakera for you — sending the tool message text in Lakera's expected format and reading back its verdict — so you don't build any request yourself. Get an API key by signing up at [platform.lakera.ai](https://platform.lakera.ai).

## How it behaves as a rule

Once saved, Lakera Guard appears in the **Detection method** dropdown on gateway rules. As with every [custom engine](/features/gateway-rules/custom-rules-engines), there is **no action picker** — Lakera's verdict drives whether the message passes, is modified, or is blocked — and the rule's [failure mode](/features/gateway-rules/overview#failure-mode-what-happens-when-a-detection-method-fails) defaults to **Block**. You can [test](/features/gateway-rules/custom-rules-engines#testing-an-engine) it with sample text before rolling it out.

## Things to plan for

* **Text only, today.** Lakera Guard screens text (structured and natural language). Lakera describes audio and image (multi-modal) defense as coming soon, so it won't inspect non-text content the way [Bedrock's image filtering](/features/amazon-bedrock) does. Check Lakera for current multi-modal support.
* **Availability and the single-point-of-failure trade-off.** The managed API routes your screened traffic through Lakera's infrastructure, so a Lakera outage affects it. In MCP Manager this is governed by the rule's [failure mode](/features/gateway-rules/overview#failure-mode-what-happens-when-a-detection-method-fails): with the default **Block**, an unreachable Lakera fails closed and blocks the message; choose **Allow** to fail open. For tighter control, Lakera offers a **self-hosted container** — see [Lakera's security page](https://www.lakera.ai/security).
* **Pricing is largely quote-based.** Lakera documents a free **Community** plan (up to 10,000 requests per month) and a customizable, quote-based **Enterprise** plan (flexible volumes, self-hosting, SSO, enterprise support). For an accurate quote, sign up at [platform.lakera.ai](https://platform.lakera.ai) or contact Lakera/Check Point sales with your expected request volume, region, and any on-prem needs. Treat pricing as subject to change.
* **MCP Manager adds no per-call charge.** As long as your plan includes custom rule engines, MCP Manager does **not** meter or charge per call for routing MCP traffic to Lakera Guard. Any usage cost is billed by Lakera (Check Point) directly, under their own plan, for the requests you screen.
* **Vendor performance claims.** Lakera and Check Point cite figures such as sub-50 ms latency, high detection rates, and support for 100+ languages, and position Guard as helping meet EU AI Act requirements. These are vendor claims — verify them against Lakera for your own use case.

## Further reading

<CardGroup cols={2}>
  <Card title="Custom Rule Engines" icon="plug" href="/features/gateway-rules/custom-rules-engines">
    How custom engines are added, tested, and applied to gateway rules.
  </Card>

  <Card title="Amazon Bedrock Guardrails" icon="aws" iconType="brands" href="/features/amazon-bedrock">
    The other built-in custom-engine template, responsible-AI-first.
  </Card>

  <Card title="Gateway Rules Overview" icon="shield-halved" href="/features/gateway-rules/overview">
    Detection methods, hooks, failure modes, actions, and rule ordering.
  </Card>

  <Card title="Microsoft Presidio" icon="user-shield" href="/features/gateway-rules/presidio">
    The built-in PII detection method that complements Lakera Guard.
  </Card>
</CardGroup>

## External sources

<CardGroup cols={2}>
  <Card title="Guard documentation" icon="book-open" href="https://docs.lakera.ai/guard" />

  <Card title="Gateway & agent integration" icon="diagram-project" href="https://docs.lakera.ai/docs/integration" />

  <Card title="Security & self-hosting" icon="shield-halved" href="https://www.lakera.ai/security" />

  <Card title="Gandalf (threat-intel game)" icon="hat-wizard" href="https://gandalf.lakera.ai" />
</CardGroup>
