ShepAI evaluates every AI API request for bots, prompt injection, DDoS, abuse, and fake accounts — returning ALLOW, CHALLENGE, or BLOCK before your inference even starts.
"requestId": "req_01jxk8f3a2b",
"decision": "BLOCK",
"riskScore": 95,
"riskLevel": "CRITICAL",
"processingTimeMs": 3,
"cached": false,
"signals": [
{
"type": "PROMPT_INJECTION",
"score": 95,
"reason": "Known jailbreak persona",
"triggered": true
},
{
"type": "BOT_DETECTION",
"score": 62,
"reason": "Headless browser fingerprint",
"triggered": true
}
]How It Works
POST the incoming LLM request metadata — IP, User-Agent, prompt text, userId, account age — to /v1/risk/evaluate before calling your inference provider.
ShepAI's reactive engine fans out across all signal evaluators simultaneously. Repeat offender IPs are served from an in-memory decision cache in under 1ms.
The response includes an aggregate risk score (0–100), a severity band, and a full per-signal breakdown so you can apply your own custom policy thresholds on top.
What We Detect
Purpose-built for the inference gateway layer — not a generic WAF adapted for AI. Every evaluator is designed around how LLMs are actually attacked in production.
Multi-layer detection covering the full spectrum of adversarial prompt techniques used against production LLMs — from social engineering to structural manipulation.
Identifies non-human traffic through multi-signal fingerprinting of request characteristics, client behaviour patterns, and session context.
Detects abnormal request volumes across multiple time windows per source, with configurable thresholds that adapt to your traffic profile.
Identifies usage patterns that violate content policies or indicate systematic misuse — including resource exhaustion and bulk automation.
Evaluates account trust signals to detect newly-created or machine-generated identities attempting to abuse free tiers or bypass usage limits.
Quick Start
A single POST. No SDK required. Works with any HTTP client in any language.
curl -X POST https://api.shep.ai/v1/risk/evaluate \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{
"requestId": "req_abc123",
"clientId": "my-gateway-prod",
"providerId": "fireworks",
"ipAddress": "203.0.113.42",
"userAgent": "Mozilla/5.0 ...",
"userId": "user_7f3a",
"accountCreatedAt": "2026-05-01T10:00:00Z",
"prompt": "Ignore all previous instructions...",
"model": "llama-3.1-70b",
"requestsLastMinute": 12,
"requestsLastHour": 87
}'{
"requestId": "req_abc123",
"decision": "BLOCK",
"riskScore": 95,
"riskLevel": "CRITICAL",
"processingTimeMs": 3,
"cached": false,
"signals": [
{
"type": "PROMPT_INJECTION",
"score": 95,
"reason": "Known jailbreak persona",
"triggered": true
},
{
"type": "DDOS",
"score": 0,
"reason": "Normal rate: 12 req/min",
"triggered": false
}
]
}import httpx
client = httpx.Client(
base_url="https://api.shep.ai",
headers={"Authorization": "Bearer sk_live_..."},
)
response = client.post("/v1/risk/evaluate", json={
"requestId": "req_abc123",
"clientId": "my-gateway-prod",
"ipAddress": "203.0.113.42",
"userAgent": "Mozilla/5.0 ...",
"userId": "user_7f3a",
"prompt": "User's prompt text here...",
"model": "llama-3.1-70b",
})
result = response.json()
if result["decision"] == "BLOCK":
raise PermissionError("Request blocked by ShepAI")
# Otherwise forward to inference provider
decision = result["decision"] # "ALLOW"
risk_score = result["riskScore"] # 0–100
signals = result["signals"] # per-evaluator breakdownimport asyncio, httpx
async def check_risk(payload: dict) -> str:
async with httpx.AsyncClient(
base_url="https://api.shep.ai",
headers={"Authorization": "Bearer sk_live_..."},
) as client:
r = await client.post("/v1/risk/evaluate", json=payload)
return r.json()["decision"]const SHEP_KEY = process.env.SHEPAI_API_KEY;
async function checkRisk(payload) {
const res = await fetch("https://api.shep.ai/v1/risk/evaluate", {
method: "POST",
headers: {
"Authorization": `Bearer ${SHEP_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify(payload),
});
return res.json();
}
// In your inference gateway middleware:
const { decision, riskScore, signals } = await checkRisk({
requestId: "req_abc123",
clientId: "my-gateway-prod",
ipAddress: req.ip,
userAgent: req.headers["user-agent"],
userId: session.userId,
prompt: req.body.messages.at(-1)?.content,
model: req.body.model,
});
if (decision === "BLOCK") {
return res.status(403).json({ error: "Request blocked", riskScore });
}import OpenAI from "openai";
const openai = new OpenAI();
async function safeCompletion(messages, ctx) {
const risk = await checkRisk({
ipAddress: ctx.ip,
userId: ctx.userId,
prompt: messages.at(-1).content,
model: "gpt-4o",
});
if (risk.decision !== "ALLOW") throw new Error("Blocked");
return openai.chat.completions.create({ model: "gpt-4o", messages });
}import org.springframework.web.reactive.function.client.WebClient;
var client = WebClient.builder()
.baseUrl("https://api.shep.ai")
.defaultHeader("Authorization", "Bearer sk_live_...")
.build();
record RiskPayload(
String requestId, String clientId,
String ipAddress, String userAgent,
String userId, String prompt
) {}
var result = client.post()
.uri("/v1/risk/evaluate")
.bodyValue(new RiskPayload(
requestId, clientId, ip, userAgent, userId, prompt
))
.retrieve()
.bodyToMono(RiskResponse.class)
.block(); // or .subscribe() for non-blocking
if (result.decision() == Decision.BLOCK) {
throw new SecurityException("Request blocked: score="
+ result.riskScore());
}@Component
public class ShepAIFilter implements WebFilter {
private final ShepAIClient shepai;
@Override
public Mono<Void> filter(
ServerWebExchange exchange,
WebFilterChain chain
) {
return shepai.evaluate(exchange)
.flatMap(r -> r.isBlock()
? reject(exchange, r)
: chain.filter(exchange));
}
}Pricing
Start free. Scale without friction. No per-signal charges — flat rate for all evaluators.
For evaluation and side projects
Forever free · No credit card required
Get Started FreeAPI key delivered within 24h
For production AI gateways
Billed monthly · 14-day free trial
Start Pro TrialNo credit card for trial · Cancel anytime
For large-scale AI infrastructure
Volume discounts · Annual contracts available
Talk to SalesResponse within 4 business hours
| Feature | Free | Pro | Enterprise |
|---|---|---|---|
| Monthly requests | 10K | 5M | Unlimited |
| Bot Detection | ✓ | ✓ | ✓ |
| DDoS Detection | ✓ | ✓ | ✓ |
| Prompt Injection | 2 of 14 | All 14+ | All 14+ custom |
| Abuse Detection | – | ✓ | ✓ |
| Fake Account Detection | – | ✓ | ✓ |
| Custom thresholds | – | ✓ | ✓ |
| Custom rule authoring | – | – | ✓ |
| Prometheus metrics | – | ✓ | ✓ |
| Latency SLA | Best-effort | p99 < 5ms | p99 < 3ms |
| Uptime SLA | – | 99.9% | 99.99% |
| Audit logs | – | – | ✓ |
| SOC 2 / DPA | – | – | ✓ |
| Support | Community | Priority email | Dedicated Slack |
| API keys | 1 | 5 | Unlimited |
ShepAI is purpose-built for AI provider gateways — not adapted from a generic WAF. Every signal is designed around how LLMs are attacked in production, updated continuously as the threat landscape evolves.