Detailed feature comparison
Every capability, across all four plans.
← swipe to compare plans →
| Features | DeveloperFree | Team$149/mo | RecommendedBusiness$499/mo | EnterpriseCustom |
|---|---|---|---|---|
| AI Gateway | ||||
| Universal API — chat, embeddings, rerank, images, audio, video, batch, async jobs | ✓ | ✓ | ✓ | ✓ |
| 24+ providers + bare-model-name routing | ✓ | ✓ | ✓ | ✓ |
| OpenAI-compatible + Anthropic / Bedrock / LangChain / LiteLLM passthrough | ✓ | ✓ | ✓ | ✓ |
| Automatic fallbacks, retries & load balancing | ✓ | ✓ | ✓ | ✓ |
| Adaptive routing (latency / cost / health-aware) | — | ✓ | ✓ | ✓ |
| Per-model rate limits & cost budgets | 2 models | ✓ | ✓ | ✓ |
| Bring-your-own model endpoint (Ollama / SGLang / vLLM) | — | ✓ | ✓ | ✓ |
| Private LLM connectivity (PrivateLink / VPC-SC / Private Endpoints) | — | — | — | ✓ |
| Providers & Model Management | ||||
| Model catalog with pricing metadata | ✓ | ✓ | ✓ | ✓ |
| Custom per-model pricing overrides & margin calc | — | ✓ | ✓ | ✓ |
| Model limits (RPM / TPM / cost) | 2 | 25 | 100 | Unlimited |
| Routing rules | 1 | 10 | 25 | Unlimited |
| Guardrails & Safety | ||||
| Heuristic engine + injection / jailbreak + PII / secrets / toxicity | ✓ | ✓ | ✓ | ✓ |
| Pattern preset cards (~50) + OWASP LLM Top 10 (2025) cards | ✓ | ✓ | ✓ | ✓ |
| Multimodal attachment text-extraction scan | ✓ | ✓ | ✓ | ✓ |
| ML detector sidecar (7 models) + deep semantic classifier | — | ✓ | ✓ | ✓ |
| Partner guardrails (Bedrock / Model Armor / Azure) + webhook | — | ✓ | ✓ | ✓ |
| PII redactor (auto-mask in transit) | — | ✓ | ✓ | ✓ |
| OWASP Agentic Top-10 + 7 domain packs + coverage badges | — | — | ✓ | ✓ |
| Compiled control cross-walk per pack (MITRE / NIST / HIPAA / SOC2) | — | — | ✓ | ✓ |
| RAG Security | ||||
| Chunk filtering SDK + per-chunk trust / injection scoring | ✓ | ✓ | ✓ | ✓ |
| guard_retriever() / guard_embedder() framework hooks | ✓ | ✓ | ✓ | ✓ |
| Source ACL tags, citation enforcement, PII-in-chunk blocking | — | ✓ | ✓ | ✓ |
| Context-poisoning detection + decision traces + findings | — | ✓ | ✓ | ✓ |
| Shadow / enforce mode + compliance evidence export bundle | — | ✓ | ✓ | ✓ |
| Agentic Security (PEP / PDP) | ||||
| Agentic SDK + LangGraph / CrewAI / AutoGen instrumentation | ✓ | ✓ | ✓ | ✓ |
| PDP core — decide, rule builder, Rego, ABAC, decision cache, audit | — | ✓ | ✓ | ✓ |
| OWASP T1–T17 threat operands (AST ≡ Rego) | — | ✓ | ✓ | ✓ |
| Policy lifecycle (draft → staged → published) + per-policy targeting | — | ✓ | ✓ | ✓ |
| Tool Integrity Engine + AIBOM / tool pinning + tool grants | — | — | ✓ | ✓ |
| Code-threat scanning + function identity (T11 RCE / T17 supply chain) | — | — | ✓ | ✓ |
| ReBAC / OpenFGA fine-grained authorization | — | — | ✓ | ✓ |
| Agent identity (Entra / ZeroID / OIDC) + Shadow / Canary / Enforce | — | — | ✓ | ✓ |
| Service graph, agent discovery, server-side analytics | — | — | ✓ | ✓ |
| Compliance cross-walk on audit export (NIST / ISO / EU AI Act / ATLAS) | — | — | — | ✓ |
| Agentic & MCP Tool Control | ||||
| MCP servers (register & broker) | 1 | 25 | 50 | Unlimited |
| MCP transports (stdio / SSE / HTTP) + per-server auth | ✓ | ✓ | ✓ | ✓ |
| MCP tool sync + per-server health monitor | ✓ | ✓ | ✓ | ✓ |
| Parallel MCP guardrail classification | — | ✓ | ✓ | ✓ |
| MCP tool-result caching (per-tool TTL) | — | ✓ | ✓ | ✓ |
| MCP relationship authorization (ReBAC: connect / invoke / resource) | — | — | ✓ | ✓ |
| Code-mode sandboxing for tool execution (Starlark) | — | — | — | ✓ |
| Agentic Observability | ||||
| Agent run traces + span / observation timeline | — | — | ✓ | ✓ |
| Langfuse integration (model / token / cost / score enrichment) | — | — | ✓ | ✓ |
| Vendor-neutral OTLP export (Tempo / Honeycomb / Datadog) | — | — | ✓ | ✓ |
| LLM-as-judge + tool-integrity score + AI tool-behavior summaries | — | — | ✓ | ✓ |
| Opt-in ZDR prompt-preview capture | — | — | ✓ | ✓ |
| Agentic Cache (verdict-gated) | ||||
| Verdict-gated, boundary-scoped post-decision cache (tool-result) | — | — | ✓ | ✓ |
| Per-VK scope + workspace settings + obligation-honoring on hit | — | — | ✓ | ✓ |
| Unified platform-savings + admin flush + zero-leak attestation | — | — | ✓ | ✓ |
| Caching & Cost Optimization | ||||
| Response cache + provider prompt cache + request coalescing | ✓ | ✓ | ✓ | ✓ |
| TTFT prefix reorder + guardrail evaluation cache | ✓ | ✓ | ✓ | ✓ |
| Semantic cache + Direct-gate L1 + cache warmer | — | ✓ | ✓ | ✓ |
| Cascade routing + per-VK cache scoping (7 modes) | — | ✓ | ✓ | ✓ |
| Prompt compression (LLMLingua-2) + RAG re-ranking (bge) | — | ✓ | ✓ | ✓ |
| Conversation summarization + reasoning-effort throttling | — | ✓ | ✓ | ✓ |
| Token-savings reporting + per-layer drift sampler | — | ✓ | ✓ | ✓ |
| Bring-your-own vector store (Pinecone / Qdrant / Weaviate / Redis) | — | — | — | ✓ |
| Accuracy & Safety | ||||
| Hallucination control (pre-LLM) + evaluation (post-LLM) | — | — | ✓ | ✓ |
| Ground-truth management + 6-metric quality dashboard | — | — | ✓ | ✓ |
| Response consistency — exact / semantic / pinned / strict | — | — | ✓ | ✓ |
| Model Hub & Fine-Tune | ||||
| Model inventory + per-model limits & overrides | ✓ | ✓ | ✓ | ✓ |
| DeepintShield Models sidecar (Hugging Face detector inventory) | — | ✓ | ✓ | ✓ |
| Detector fine-tune — regex extraction + LoRA (train → deploy → reset) | — | ✓ | ✓ | ✓ |
| Prompt Management | ||||
| Prompt repository + versioning + diff | ✓ | ✓ | ✓ | ✓ |
| Variables / template partials + multi-provider playground | ✓ | ✓ | ✓ | ✓ |
| Role-based (RBAC) prompt access control | ✓ | ✓ | ✓ | ✓ |
| Observability | ||||
| Real-time KPI dashboard (RPS, p50 / p95 / p99 latency, error %, $) | ✓ | ✓ | ✓ | ✓ |
| Per-request audit trail + custom metadata tagging + free-text search | ✓ | ✓ | ✓ | ✓ |
| MCP tool-call observability + provider-dimension dashboards | ✓ | ✓ | ✓ | ✓ |
| Usage attribution (by customer / virtual key / team) | — | ✓ | ✓ | ✓ |
| CSV + scheduled exports (aggregate / anonymize, signed-URL) | — | ✓ | ✓ | ✓ |
| Prometheus /metrics + OpenTelemetry export (Jaeger / Datadog / New Relic) | — | — | ✓ | ✓ |
| Maxim AI integration + Pushgateway + sample Grafana dashboard | — | — | ✓ | ✓ |
| Configurable export to data lake (S3 / GCS / BigQuery / Snowflake) | — | — | — | ✓ |
| Governance, RBAC & Multi-Tenancy | ||||
| Built-in roles (viewer / editor / admin) | — | ✓ | ✓ | ✓ |
| Customers — end-user attribution | — | ✓ | ✓ | ✓ |
| Org-level metadata reporting | — | — | — | ✓ |
| Single-tenant slice on shared control plane | — | — | — | ✓ |
| Multi-region data planes + multi-node clustering | — | — | — | ✓ |
| Org management (multi-org admin) | — | — | — | ✓ |
| Dedicated control-plane namespace | — | — | — | Add-on |
| Authentication & Security | ||||
| Username / password + Google / Microsoft OAuth2 | ✓ | ✓ | ✓ | ✓ |
| Native TOTP MFA + single-use recovery codes | ✓ | ✓ | ✓ | ✓ |
| Self-service DSAR personal-data export (GDPR) | ✓ | ✓ | ✓ | ✓ |
| HTTP / SOCKS5 proxy + custom-CA trust | — | ✓ | ✓ | ✓ |
| OIDC SSO + SAML 2.0 + SCIM 2.0 + JIT provisioning | — | — | — | ✓ |
| Outbound-only mTLS tunnel (no inbound from vendor) | — | — | — | ✓ |
| Compliance & Hosting | ||||
| Managed cloud control plane | ✓ | ✓ | ✓ | ✓ |
| Customer-hosted data plane (Helm / Compose / GKE / EKS / AKS) | — | — | — | ✓ |
| Multi-cloud (GCP / AWS / Azure) + on-prem + air-gapped | — | — | — | ✓ |
| Data residency selection | US | US / EU / IN | US / EU / IN | Choose |
| Audit log of admin actions (immutable, hash-chained) + tamper-verify | — | — | — | ✓ |
| HIPAA + BAA · GDPR DPA · SOC 2 / ISO 27001 | DPA* | DPA | DPA | ✓ |
| SDKs & Integrations | ||||
| Python SDK v2.4.0 (14 extras) + native framework binders + MCP adapters | ✓ | ✓ | ✓ | ✓ |
| shield.agentic.* PDP surface + in-SDK prompt / Gemini cache helpers | ✓ | ✓ | ✓ | ✓ |
| Plugin SDK (custom Go middleware) | — | ✓ | ✓ | ✓ |
| Terraform module + Helm chart + Admin Console | — | — | — | ✓ |
| Configuration & Operations | ||||
| API-key management UI + caching config (TTL / similarity / scoping) | ✓ | ✓ | ✓ | ✓ |
| Governance plugin (VK enforcement, header rules, MCP catalog binding) | ✓ | ✓ | ✓ | ✓ |
| Fast JSON (sonic) + LiteLLM compat shim + streaming-JSON accumulator | ✓ | ✓ | ✓ | ✓ |
| Performance / pricing / observability config + margin reporting | — | ✓ | ✓ | ✓ |
| Request mocker / replay + per-org feature releases (“Updates”) | — | ✓ | ✓ | ✓ |
| Cluster / data-plane management | — | — | — | ✓ |
| eBPF / XDP kernel prefilter (Linux) | — | — | — | ✓ |
| Enterprise-VPC provisioning wizard + Phase-3 mTLS tunnel + signed bundles | — | — | — | ✓ |
| Support & SLA | ||||
| Community (GitHub, Discord) | ✓ | ✓ | ✓ | ✓ |
| Email support | Best-effort | 24-hr | 12-hr | 1-hr |
| Dedicated Slack + solution-architect onboarding | — | — | — | ✓ |
| 24×7 phone + named TAM | — | — | — | Add-on |
| Uptime SLA | — | 99.5% | 99.9% | 99.95% |
| Custom roadmap input + N / N-1 version support | — | — | — | ✓ |
| Volume & Overage Pricing | ||||
| Included governed requests / month | 10K | 250K | 1M | Custom |
| Beyond the included limit (additional requests) | Hard cap — HTTP 429 (blocked, $0) | $19 per 100K | $15 per 100K | Custom (aggregate-metered) |
| Logged-request overage (secondary meter) | — | $5 per 100K | $5 per 100K | — |
| Overage ceiling → next step | Blocked at 10K | up to 1M, then upgrade to Business | up to 5M, then talk to Sales | Unlimited / contracted |
| Token markup on routed provider spend | 0% | 12% | 12% | 0% (negotiated) |
* DPA available on request. · Prices shown are monthly; annual billing available. · All plans run self-hosted with no prompt or key egress on customer-hosted deployments.