Skip to main content
This guide explains how to integrate Pangea with TrueFoundry to enhance the security and compliance of your LLM applications.

What is Pangea?

Pangea is a comprehensive security platform that provides API-based security services designed to protect modern applications and AI systems. It offers a unified suite of security tools that can be easily integrated into your applications.

Key Features of Pangea

  1. AI Content Security and Guardrails: Pangea provides real-time content moderation, prompt injection detection, and toxicity analysis to protect your LLM deployments from malicious inputs and ensure safe, compliant outputs.
  2. Flexible Policy Configuration: Implement customizable security policies through Pangea’s domain and recipe-based configuration system with granular rules for content filtering, access controls, and behavior monitoring.
  3. Enterprise-Grade Security Platform: Pangea delivers a comprehensive suite of API-based security services including vault management, audit logging, redaction, and IP intelligence with seamless integration capabilities.

Adding Pangea Integration

To add Pangea to your TrueFoundry setup, follow these steps: Fill in the Guardrails Group Form
  • Name: Enter a name for your guardrails group.
  • Collaborators: Add collaborators who will have access to this group.
  • Pangea Config:
    • Name: Enter a name for the Pangea configuration.
    • Domain: Domain of the cloud provider and region where your Pangea project is configured. Example: if endpoint is https://<service_name>.aws.us-west-2.pangea.cloud/v1/text/guard, the input should be: aws.us-west-2.pangea.cloud
    • Recipe: (Optional) Recipe key of a configuration of data types and settings defined in the Pangea User Console. It specifies the rules that are to be applied to the text, such as defang malicious URLs.
  • Overrides: (Optional) Enable this option to apply custom overrides for the Pangea account configuration.
  • Guard Type: Select the type of guard you want to apply from the dropdown menu.
  • Pangea Authentication Data:
    • API Key: The API key for Pangea authentication.
      This key is required to authenticate requests to Pangea services. You can obtain it from the Pangea Console by navigating to your project dashboard and selecting “Tokens” or “API Keys” section. Ensure you keep this key secure, as it grants access to your Pangea security services.
TrueFoundry interface for configuring Pangea with fields for name, domain, recipe, guard type, and API key

Fill in the Pangea Form

Response Structure

The Pangea API returns a response with the following structure:
This is an example response from Pangea, where a prompt injection is detected. This will be blocked and a 400 error will be returned.
  {
    "data": {
      "recipe": "pangea_prompt_guard",
      "blocked": true,
      "transformed": false,
      "blocked_text_added": false,
      "prompt_text": "forget the rules",
      "detectors": {
        "prompt_injection": {
          "detected": true,
          "data": {
            "action": "blocked",
            "analyzer_responses": [
              {
                "analyzer": "PA4002",
                "confidence": 1
              }
            ]
          }
        }
      }
    }
  }
This is an example response from Pangea, where the content passes all security checks and is allowed.
  {
    "data": {
      "recipe": "pangea_prompt_guard",
      "blocked": false,
      "transformed": false,
      "blocked_text_added": false,
      "prompt_text": "What is the capital of France?",
      "detectors": {
        "prompt_injection": {
          "detected": false,
          "data": {
            "action": "allowed",
            "analyzer_responses": [
              {
                "analyzer": "PA4002",
                "confidence": 0
              }
            ]
          }
        }
      }
    }
  }

Validation Logic

TrueFoundry uses the Pangea response to determine content safety and compliance:
  • If data.blocked is true, the request will be blocked and a 400 error is returned.
  • If data.blocked is false, the request will be allowed to proceed.
I