Google Cloud has launched the public preview of Model Armor, a native LLM governance framework integrated into the Apigee API management platform. Detailed in a community post, Model Armor introduces out-of-the-box enforcement for LLM-specific policies such as prompt validation, output filtering, and token-level controls at the API layer.
Model Armor operates directly within Apigee’s proxy layer, where it inspects both requests and responses using declarative policies. It is available across all Apigee tiers, allowing teams to adopt LLM governance regardless of their subscription level. LLM APIs enable powerful new customer experiences and automation, but also introduce risks such as prompt injection (a significant OWASP Top 10 risk for LLMs) attacks and exposure of sensitive data.
These policies can detect issues like jailbreak attempts, prompt injection, and exposure of personally identifiable information (PII), allowing outputs to be redacted, altered, or blocked as needed, all without modifying downstream systems. According to Google, “with Model Armor, enterprises can treat LLM traffic with the same governance rigor as traditional APIs”.
These controls are expressed in Apigee’s XML-based policy language, allowing teams to integrate LLM safety rules into existing APIs. A hands-on tutorial demonstrates how to apply these policies, covering prompt inspection, token quotas, and integration with Vertex AI. The tutorial includes a downloadable proxy template and step-by-step instructions for configuring Model Armor enforcement rules. Policy enforcement applies at the proxy layer for consistency across services and endpoints.
Apigee and Model Armor architecture (Source: Google Community Post)
Model Armor supports multiple LLM providers, including Vertex AI (Gemini, Meta Llama), OpenAI, Anthropic, and self-hosted models, allowing centralized governance across heterogeneous architectures.
Additionally, Google has integrated Model Armor with Google Kubernetes Engine (GKE) and Security Command Center. This allows organizations to deploy Model Armor policies directly on inference gateways or load balancers running in GKE clusters. These policies inspect model prompts and responses before they reach internal services. Any violations are surfaced as security findings in the Security Command Center, providing centralized monitoring, alerting, and remediation workflows. This integration strengthens Model-Armor’s position as a bridge between LLM traffic governance and broader cloud security operations.
Apigee as a gateway between the LLM application and models (Source: Google Community Post)
The framework logs detailed metadata for each policy evaluation, including triggered filters and enforcement outcomes. These logs feed into Apigee’s observability and logging pipelines, supporting monitoring, anomaly detection, and post-incident analysis of LLM behavior.
While other API gateways offer general-purpose traffic controls, they often require custom middleware for model-level safety. Model Armor aims to eliminate this complexity by offering native enforcement of LLM-specific policies within Apigee.
