Lakera Guard is an AI security API that protects LLM applications against prompt injection, jailbreaks, and data leakage in real time.
Lakera was founded in 2021 in Zurich by David Haber (CEO), Dr. Mateo Rojas-Carulla, and Dr. Matthias Kraft — AI researchers with backgrounds at Google and Meta. The company has 11 PhDs on staff. Lakera gained widespread recognition for creating Gandalf, an educational game where players try to extract a secret password from an AI through prompt injection. Gandalf has attracted over 1 million players and generated 80M+ adversarial prompts that feed directly into Lakera’s threat intelligence.
In September 2025, Check Point announced the acquisition of Lakera to form a Global Center of Excellence for AI Security in Zurich. The integration brings Lakera’s technology into Check Point’s Infinity Platform, CloudGuard WAF, and GenAI Protect products.
What is Lakera Guard?
Lakera Guard sits between users and LLMs as a security layer. Every input and output passes through Guard’s detection engine before reaching the model. If a threat is detected, it flags or blocks the request before the LLM processes it.
The system delivers 98%+ detection rates with sub-50ms latency and false positive rates below 0.5%. It screens content across 100+ languages and scripts. The detection models learn from 100K+ new adversarial samples each day, drawn partly from the Gandalf community’s 80M+ prompts.
Key Features
| Feature | Details |
|---|---|
| Prompt Injection Detection | Direct injection, indirect injection, jailbreak, system prompt extraction |
| Detection Rate | 98%+ across all attack types |
| Latency | Sub-50ms per request |
| False Positive Rate | Below 0.5% in production |
| Language Support | 100+ languages and scripts |
| PII Detection | Identifies and redacts personal data in inputs and outputs |
| Content Moderation | Toxicity, hate speech, violence, custom policies |
| Link Scanning | Flags suspicious URLs outside approved domain lists |
| API Format | OpenAI-compatible chat completions message format |
| Scale | 1M+ secured transactions per app per day |
How the API works
Lakera Guard uses a single endpoint: POST https://api.lakera.ai/v2/guard. Requests follow the OpenAI chat completions message format with roles (system, user, assistant). Guard screens the last interaction in the message chain and returns a flagged boolean indicating whether a threat was detected.
You can configure projects with specific policies that determine which detectors run. The breakdown parameter returns per-detector flagging details, and the payload parameter returns match locations for PII and profanity.
The four main detection categories are:
- Prompt attacks — prompt injections, jailbreaks, and manipulation attempts
- Data leakage — PII and sensitive information exposure
- Content violation — offensive, hateful, sexual, violent, or vulgar material
- Unknown links — suspicious URLs outside approved domain lists
Lakera Red
Lakera Red is the company’s AI red teaming product. It runs automated attack simulations against your LLM applications to identify vulnerabilities before they reach production. Red teaming results feed back into Guard’s detection models.
Gandalf
Gandalf is Lakera’s interactive game where players try to extract a secret password from an AI through increasingly sophisticated prompt injection techniques. It demonstrates real-world attack patterns and has been used by security researchers, AI engineers, educational institutions, and CTF competitions.
The 80M+ adversarial prompts collected through Gandalf form a unique dataset that informs Lakera’s threat intelligence. The game is free to play at gandalf.lakera.ai.
Getting Started
https://api.lakera.ai/v2/guard with your messages in OpenAI chat completions format. If flagged is true, block the request.When to use Lakera Guard
Lakera Guard is built for teams deploying LLM-powered applications that need real-time input/output screening. The API-first design means integration takes minutes rather than weeks. It works with any LLM — OpenAI, Anthropic, Google, Azure OpenAI, AWS Bedrock, or self-hosted models.
The platform handles high-volume production traffic (1M+ transactions per app per day) with sub-50ms latency, making it practical for customer-facing chatbots and real-time applications.
For more on prompt injection and LLM threats, see our AI security guide. For open-source prompt injection detection, consider LLM Guard. For broader AI/ML model security (scanning, runtime defense), look at HiddenLayer or Protect AI Guardian. For LLM red teaming, see Garak or Promptfoo. For custom guardrail logic, explore NeMo Guardrails.
Note: Acquired by Check Point in 2025 to form the Global Center of Excellence for AI Security. Includes Lakera Guard, Lakera Red, and Gandalf Agent Breaker.
