Vercel

AI Gateway Introduces Provider Allowlist for Centralized Security Control


Executive Summary

AI Gateway has launched a new Provider Allowlist feature designed for teams requiring strict security and compliance. This feature enables team owners to centrally define and enforce a list of approved AI providers for their entire team. All requests, including those from developers or coding agents attempting to use unapproved vendors, are blocked at the gateway level, ensuring traffic only routes to vetted services.

Key Takeaways

* Centralized Control: Only team owners can modify the allowlist, preventing individual developers from bypassing organizational vendor policies.

* Team-Wide Enforcement: The restriction applies to every request routed through the AI Gateway, including Bring Your Own Key (BYOK) traffic.

* Secure by Default: When the allowlist is activated, any newly integrated providers are disabled by default, preventing unintentional use.

* Comprehensive Blocking: The gateway rejects requests to unapproved providers even if they are explicitly specified at the individual request level in code.

* Broad Compatibility: The feature works across all supported API formats, including the AI SDK, OpenAI Chat Completions API, and Anthropic Messages API.

Strategic Importance

This feature strengthens AI Gateway's position as an enterprise-grade tool by addressing the critical security and compliance needs of regulated organizations, making it a more trusted choice for vendor management.

Original article