Most OpenAI integrations ship with zero security in the request path. The prompt goes straight to the provider: no PII check, no injection screening, no audit trail, no spend cap. One developer pasting a customer record — or one leaked API key — and you have a compliance incident or a runaway bill. The fix does not require rebuilding your stack. It is one line.
What a raw OpenAI call is missing
- No PII check — customer data reaches the model as-is.
- No injection detection — a poisoned document or user message can hijack the prompt.
- No audit trail — you cannot prove what was sent or what came back.
- No spend cap — a loop or a leaked key can drain the month's budget.
The one-line change
Autrace is OpenAI-compatible, so you change the base URL and keep everything else. Your Autrace key goes where the provider key used to; your real provider key is configured once in the dashboard, and inference still runs on your own account (BYOK).
# Python — before
client = OpenAI(api_key="sk-...")
# Python — after
client = OpenAI(
api_key="aut_live_YOUR_KEY",
base_url="https://gateway.autraceai.com/v1",
)// Node — after
const client = new OpenAI({
apiKey: "aut_live_YOUR_KEY",
baseURL: "https://gateway.autraceai.com/v1",
});What you get the moment you switch
- PII redaction in-path — sensitive values are tokenized before the model and re-hydrated on the way back.
- Prompt-injection detection on inbound prompts.
- A hash-chained audit trail of every request (metadata, not bodies).
- Per-key spend caps and rate limits.
- Exact + semantic cache to cut repeat cost.
Nothing else in your code changes — same request shape, same response shape. It works with the OpenAI SDK, LangChain, LlamaIndex, or any OpenAI-compatible client. See the security page for exactly what is and is not stored.
Start on the free plan (50,000 tokens/month, no card) and point one service at the gateway. If it does not add value, changing the base URL back takes the same five minutes. Create a key →
- OpenAI API reference — platform.openai.com/docs/api-reference
- OWASP LLM Top 10 — LLM01 Prompt Injection, LLM06 Sensitive Information Disclosure.