TameFlare + Lakera Guard: Defense in Depth for AI Agents
Lakera Guard secures LLM inputs and outputs. TameFlare enforces what agents can do with external APIs. Together they cover both the content layer and the action layer - a complete AI agent security stack.
Two layers, one security stack
AI agent security has two distinct layers:
- Content layer - What goes into and comes out of the LLM (prompts, responses, embeddings)
- Action layer - What the agent does with external APIs (GitHub, Stripe, Slack, databases)
What Lakera Guard does
Lakera Guard is a content security API that detects and blocks:Lakera Guard works by inspecting the text content of LLM interactions. You call their API before sending a prompt to the LLM, and again after receiving the response.
What TameFlare does
TameFlare is a transparent HTTP/HTTPS proxy that sits between your agent and the APIs it calls. It enforces:
TameFlare doesn't inspect LLM content. It governs what the agent does after the LLM responds.
Why you need both
Consider this attack chain:
- An attacker crafts a prompt injection that bypasses the system prompt
- The LLM responds with instructions to delete a GitHub repository
- The agent's tool-calling system executes the deletion
github.repo.delete action.
Two independent controls. Both must fail simultaneously.
Architecture
User prompt
↓
Lakera Guard (content check)
↓ clean prompt
LLM (generates response + tool calls)
↓
Lakera Guard (response check)
↓ clean response
Agent tool execution
↓ HTTP requests
TameFlare Gateway (policy enforcement)
↓ allowed requests only
External APIs (GitHub, Stripe, Slack, etc.)
Lakera Guard wraps the LLM. TameFlare wraps the APIs. The agent sits in the middle, governed on both sides.
Integration example
Lakera Guard integration (in your agent code)
# Check the prompt before sending to LLM
lakera_response = lakera.check(prompt=user_input)
if lakera_response.flagged:
return "This prompt was blocked by security policy"
# Call the LLM
llm_response = openai.chat.completions.create(...)
# Check the response
lakera_check = lakera.check(response=llm_response.content)
if lakera_check.flagged:
return "This response was filtered by security policy"
TameFlare integration point
TameFlare integrates at the process level - zero code changes:
# Run the agent through TameFlare proxy
tf run -- "my-agent" python agent.py
All outbound HTTP requests from the agent process are routed through the proxy. No SDK. No code changes. No middleware.
Complementary coverage matrix
| Threat | Lakera Guard | TameFlare | Combined |
|---|---|---|---|
| Prompt injection | Detects and blocks | Not applicable | Lakera handles |
| Jailbreak attempts | Detects and blocks | Not applicable | Lakera handles |
| PII in prompts/responses | Detects and redacts | Not applicable | Lakera handles |
| Unauthorized API calls | Not applicable | Policy enforcement | TameFlare handles |
| Credential exposure | Not applicable | Vault isolation | TameFlare handles |
| Destructive actions (delete, deploy) | Not applicable | Deny or require approval | TameFlare handles |
| Injection → action chain | Content detection | Action blocking | Both layers needed |
| Data exfiltration via API | Not applicable | Deny unknown domains | TameFlare handles |
| Audit trail for compliance | LLM call logs | Action-level audit | Both contribute |
| Emergency stop | Not applicable | Kill switch | TameFlare handles |
Key differences
| Lakera Guard | TameFlare | |
|---|---|---|
| Layer | Content (LLM inputs/outputs) | Actions (HTTP API calls) |
| Deployment | Cloud API (SaaS) | Local cloud gateway |
| Integration | SDK/API middleware | Transparent proxy (zero code) |
| License | Proprietary (free tier available) | Elastic License v2 (source-available) |
| Data flow | Prompts/responses transit Lakera cloud | Agent traffic stays local |
| Pricing | Free (10k req/mo) + Enterprise (custom) | Free (1k actions/mo) + Pro ($29/mo) |
When to use this stack
This combination is most valuable when:
Getting started
Step 1: Set up Lakera Guard
Sign up at lakera.ai and integrate their API into your LLM calls. Their free tier covers 10,000 requests/month.
Step 2: Set up TameFlare
- Create a free account - 3 gateways, 1,000 actions/month
- Create a gateway and add connectors for your APIs
- Run your agent through the proxy:
tf run -- "my-agent" python agent.py
Step 3: Verify both layers
Test the content layer by sending a known prompt injection - Lakera Guard should block it.
Test the action layer by having the agent attempt a blocked action (e.g., branch deletion) - TameFlare should deny it.
Check the TameFlare audit trail to verify all agent actions are being logged and enforced.
The defense in depth principle
Security engineers know that any single control can fail. Prompt injection detection can be bypassed with novel techniques. Policy rules can have gaps. The value of defense in depth is that both layers must fail simultaneously for an attack to succeed.
Lakera Guard and TameFlare are independent systems with no shared failure modes. Lakera inspects content. TameFlare enforces actions. Together, they cover the full attack surface of an AI agent.
Next steps
Related articles
How to Secure AI Agent API Calls with a Policy Gateway
AI agents make HTTP calls on your behalf. Without a policy layer, a single misconfigured agent can delete production data, leak secrets, or rack up API bills. Here's how to add a security boundary.
OpenClaw Proves Agentic AI Works. Here's How to Secure It.
OpenClaw has 100k+ stars and zero built-in security. Every outbound HTTP call runs with full user permissions. Here's how to add a policy enforcement layer without changing your agent code.
Using TameFlare with LangChain: Zero-Code Agent Governance
LangChain agents call external APIs with zero built-in security. Add policy enforcement, credential isolation, and audit logging without changing a single line of agent code.