Skip to main content

Aim Security

Quick Start​

1. Create a new Aim Guard​

Go to Aim Application and create a new guard.

When prompted, select API option, and name your guard.


In case you want to host your guard on-premise, you can enable this option by installing Aim Outpost prior to creating the guard.

2. Configure your Aim Guard policies​

In the newly created guard's page, you can find a reference to the prompt policy center of this guard.

You can decide which detections will be enabled, and set the threshold for each detection.

3. Add Aim Guardrail on your LiteLLM config.yaml​

Define your guardrails under the guardrails section

- model_name: gpt-3.5-turbo
model: openai/gpt-3.5-turbo
api_key: os.environ/OPENAI_API_KEY

- guardrail_name: aim-protected-app
guardrail: aim
mode: [pre_call, post_call] # "During_call" is also available
api_key: os.environ/AIM_API_KEY
api_base: os.environ/AIM_API_BASE # Optional, use only when using a self-hosted Aim Outpost

Under the api_key, insert the API key you were issued. The key can be found in the guard's page. You can also set AIM_API_KEY as an environment variable.

By default, the api_base is set to If you are using a self-hosted Aim Outpost, you can set the api_base to your Outpost's URL.

4. Start LiteLLM Gateway​

litellm --config config.yaml

5. Make your first request​


The following example depends on enabling PII detection in your guard. You can adjust the request content to match different guard's policies.


When using LiteLLM with virtual keys, an Authorization header with the virtual key is required.

curl -i http://localhost:4000/v1/chat/completions \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-3.5-turbo",
"messages": [
{"role": "user", "content": "hi my email is"}
"guardrails": ["aim-protected-app"]

If configured correctly, since would be detected by the Aim Guard as PII, you'll receive a response similar to the following with a 400 Bad Request status code:

"error": {
"message": "\"\" detected as email",
"type": "None",
"param": "None",
"code": "400"


Aim Guard provides user-specific Guardrail policies, enabling you to apply tailored policies to individual users. To utilize this feature, include the end-user's email in the request payload by setting the x-aim-user-email header of your request.

curl -i http://localhost:4000/v1/chat/completions \
-H "Content-Type: application/json" \
-H "x-aim-user-email:" \
-d '{
"model": "gpt-3.5-turbo",
"messages": [
{"role": "user", "content": "hi what is the weather"}
"guardrails": ["aim-protected-app"]