🚨 NeuralTrust has raised $20M
Back

NeuralTrust vs Portkey: Best for Enterprise AI Security?

Share
NeuralTrust vs Portkey: Best for Enterprise AI Security?

This comparison is written for enterprise security and platform leaders (CISOs, CIOs, Heads of AI, and platform engineering teams) evaluating an AI gateway as the control layer for LLM, MCP (Model Context Protocol), and agent traffic. It compares two products in that category: NeuralTrust TrustGate and Portkey (the Portkey AI Gateway).

An AI gateway sits between AI agents and the services they call (LLM providers, MCP tool servers, and other agents) and becomes the single place where routing, policy, security enforcement, and observability attach. Both TrustGate and Portkey operate at this layer as open-source, self-hostable gateways with commercial tiers on top.

One fact frames the entire comparison and must be stated up front, because it is central to any enterprise evaluation: Palo Alto Networks completed its acquisition of Portkey on May 29, 2026 (announced April 30, 2026), and Portkey is now positioned as the AI Gateway for Palo Alto's Prisma AIRS security platform. This does not change what the gateway does today, but it changes who owns the roadmap, which is a material procurement consideration.

This article compares the two on architecture, runtime security, posture management, governance, MCP and tool controls, observability, and deployment. Only the gateway/proxy component of each vendor is in scope. Adjacent products are referenced only where they mark the boundary of what the gateway itself does.

Related article: The 11 Best AI Gateways for Enterprise AI Security in 2026


Executive Summary (TL;DR)

  • TrustGate is security-first and independent, positioning as "the AI gateway built by a security company." Its differentiating design choice is a Security Engine that attaches to every Route, into which NeuralTrust's own runtime security product (TrustGuard) plugs.
  • TrustGate emphasizes a single unified multi-protocol trace tree across LLM, MCP, and A2A traffic, with cost, latency, and security findings attributed inline at every level (Consumer, Route, Provider, span).
  • NeuralTrust offers a companion posture product (TrustLens) that discovers and assesses AI running outside the gateway's path, a layer Portkey's gateway does not include.
  • NeuralTrust's roadmap is independent. TrustGate is built by a standalone AI security company, with no acquiring parent directing its direction.
  • Portkey is a mature, widely adopted LLM gateway with very broad model coverage (Portkey states 1,600+ models; its Models pricing database covers 2,300+ across 40+ providers), strong reliability features (fallbacks, retries, load balancing, conditional routing), caching, and polished observability. This maturity is real and well documented.
  • Portkey was acquired by Palo Alto Networks (closed May 29, 2026) and is being folded into Prisma AIRS. The Apache 2.0 open-source gateway remains, but the managed tier and roadmap now sit under Palo Alto's ownership.
  • Portkey's runtime security is guardrail-based: PII redaction, and a guardrails framework that integrates many external checks. Its gateway does not center on a first-party multi-turn behavioral detection engine.
  • Both are open-source, self-hostable gateways with commercial control planes; both cover LLM and MCP traffic.

Comparison at a Glance

FeatureNeuralTrust TrustGatePortkey
AI Gateway (LLM / MCP)✅✅
Runtime AI SecurityFirst-party Security Engine (TrustGuard) attaches to every RouteGuardrails framework + PII redaction; integrates many external checks
AI Agent Discovery / PostureVia TrustLens (separate NeuralTrust product)Not a gateway feature
MCP GovernancePer-Consumer tool access, unified auditMCP Gateway: auth, access control, observability, identity forwarding
AI ObservabilityUnified multi-protocol trace tree; cost/latency/security attributionLogs, traces, cost tracking, dashboards (storage layer is commercial)
DeploymentSelf-hosted OSS core; managed & hybrid (VPC, air-gapped) at enterprise tierSelf-hosted OSS; hosted SaaS; enterprise private cloud
Ownership / RoadmapIndependent AI security companyOwned by Palo Alto Networks (acquisition closed May 29, 2026)
LicenseApache 2.0Apache 2.0 (gateway core, per Portkey's March 2026 open-source release)
Best ForSecurity-led buyers wanting an independent first-party enforcement substrateTeams wanting broad model coverage and mature LLM observability/routing

Platform Overview

What is NeuralTrust TrustGate?

TrustGate is NeuralTrust's AI gateway. It sits between agents and the services they call (LLM providers, MCP servers, and other agents) and is designed to be the one place where routing, policy, security, and observability attach across all three kinds of AI traffic. Its core abstractions are Consumers, Providers, Routes, and Policies. Provider connections are configured once and reused; routing, failover, retries, and caching live in the gateway rather than in each application's code.

TrustGate's defining design choice is that a Security Engine attaches to every Route: when one is attached, every request is inspected and an allow/block/transform decision is executed before the request reaches its target. Security findings render as first-class spans in the same trace tree as operational telemetry. NeuralTrust positions this as the architectural consequence of being "the only AI gateway built by a security company," and as an independent vendor, its roadmap is not subject to an acquiring parent's priorities.

Per NeuralTrust's own documentation, TrustGate is explicitly not itself the content-detection product (that is TrustGuard, the engine that attaches) and not a posture-management product (that is TrustLens, a separate product). The gateway core is Apache 2.0 and open source; the governance layer, retention, and security-finding depth are commercial.

What is Portkey?

Portkey is an open-source, enterprise-ready AI gateway focused on fast, reliable, and secure routing to a very large catalog of models. Portkey states the gateway routes to 1,600+ language, vision, audio, and image models, and its open-source Models pricing database covers 2,300+ models across 40+ providers. It is OpenAI-API compatible, lightweight, and widely adopted, with the company reporting very large daily token volumes across thousands of organizations.

The gateway's strengths are reliability and developer experience: fallbacks, automatic retries, load balancing, conditional routing, canary testing, request timeouts, simple and semantic caching, batching, and a unified API. In March 2026, Portkey merged its production gateway into its open-source repository under Apache 2.0, bringing previously commercial features (circuit breakers, usage policies, the MCP Gateway with OAuth 2.1, the full model catalog) into the self-hostable core. What remained commercial: the observability storage layer (log database and dashboard), semantic caching at scale, multi-team RBAC, compliance certifications, and enterprise support.

The defining corporate fact: Palo Alto Networks completed its acquisition of Portkey on May 29, 2026. Portkey now serves as the AI Gateway for Palo Alto's Prisma AIRS platform. Palo Alto has stated it will continue supporting existing and new Portkey customers.


Architecture Comparison

Both are software gateways that front AI traffic and centralize routing, policy, and observability, and both are open-source and self-hostable with a commercial layer on top.

TrustGate organizes around Consumers, Providers, Routes, and Policies, and is designed so that a Security Engine attaches at the Route level as a foundational concern. It covers LLM, MCP, and A2A traffic in one model and renders security findings inline in the trace tree. NeuralTrust's stated deployment model is an open-source self-hosted core, with managed and hybrid (VPC, air-gapped) deployment at the enterprise tier. As an independent company, NeuralTrust controls its own architectural roadmap.

Portkey is a lightweight, OpenAI-compatible gateway (the project describes a very small footprint and sub-millisecond added latency) that emphasizes breadth of provider coverage and reliability primitives. It runs via the hosted API or self-hosted through Docker, Node.js, Cloudflare, and other targets, with an enterprise private-cloud deployment option. Its architecture is proven at very high token volumes. The trade-off after the acquisition: architectural direction and the managed control plane are now Palo Alto decisions, and the most differentiated value (observability storage, semantic caching at scale, compliance) sits in the commercial tier that is being integrated into Prisma AIRS.


Runtime AI Security

This is a difference of model and ownership.

TrustGate places a Security Engine attachment at the center of its design: NeuralTrust's own runtime product, TrustGuard, plugs in and inspects every request inline, with the decision executed before the request reaches its target. NeuralTrust positions TrustGuard as delivering conversation-level and multi-turn analysis rather than isolated per-request filtering. Two honest caveats: the content-detection capability is TrustGuard (a separate, attachable product), not the bare gateway, and TrustGuard's specific detections should be verified against its own documentation. Critically, both products come from a single independent security company.

Portkey approaches runtime safety through a guardrails framework and PII redaction. Portkey's gateway can enforce guardrails on requests and responses and records guardrail violations, and its GitHub materials describe PII redaction to strip sensitive data. Portkey's broader positioning (and third-party reviews) emphasize production-safety features such as guardrails, PII redaction, and jailbreak detection integrated at the gateway layer, with a large library of guardrail integrations. What Portkey's gateway does not center on is a first-party, multi-turn behavioral detection engine of its own; its guardrails model is primarily per-request checks and third-party integrations. Post-acquisition, Portkey's runtime security story is increasingly tied to Palo Alto's Prisma AIRS, which inspects AI traffic at runtime, so the deepest security capabilities are moving into the Palo Alto platform rather than the standalone gateway.

Bottom line: TrustGate offers a first-party engine from an independent security company, attached inline as the gateway's organizing principle. Portkey offers a mature guardrails framework whose deepest runtime-security future is now inside Palo Alto's Prisma AIRS. Which fits depends on whether the buyer wants an independent security-company stack or is already committed to (or comfortable adopting) the Palo Alto ecosystem.


AI Security Posture Management (AI-SPM)

Posture management means discovering and assessing AI agents, tools, and models across the estate, including those that do not route through the gateway.

Neither gateway does this on its own. For TrustGate, NeuralTrust's documentation is explicit that discovering and assessing AI outside the gateway's path is the job of TrustLens, a separate NeuralTrust product that consumes gateway signals. For Portkey, estate-wide AI discovery/posture is not a documented feature of the gateway itself; within the Palo Alto portfolio, posture and runtime concerns are addressed by Prisma AIRS and related products rather than by the gateway alone.

On a strict gateway-only basis this is a tie: neither gateway is a posture-management product. The practical difference is the shape of the companion: NeuralTrust offers a dedicated posture product (TrustLens) that a customer can evaluate on its own merits alongside an independent gateway, whereas Portkey's posture answer now lives inside the broader Palo Alto security platform.


AI Governance

Governance capabilityTrustGatePortkey
Policy enforcementOperational policy (rate limits, model allowlists, token/cost caps, routing) per request; security via attached engineUsage policies, model/provider allow controls, budget and cost controls, guardrails
RBACConsumer-based access; enterprise tier adds SSO/SAML, RBACSecure key management and virtual keys; multi-team RBAC in the commercial tier
IdentityConsumer identity model; SSO/SAML at enterprise tierSSO supported; identity forwarding to MCP servers
AuditEvery request logged/traced; findings as spans; long-term retention at enterprise tierRequest logging and audit; observability storage layer is commercial

Portkey's governance features (virtual keys, budget controls, usage policies, SSO, org-wide audit logs) are well established and were a core part of its enterprise value before the acquisition. A key nuance for a security review: multi-team RBAC and the observability/log storage that underpins audit remain in Portkey's commercial tier, not the open-source gateway. TrustGate similarly gates SSO/SAML, RBAC, and long-term retention behind its enterprise tier.


MCP & Tool Governance

Both products have a real MCP governance story.

TrustGate governs MCP traffic that flows through it: per-Consumer tool access, tracing of every tool invocation (which tool, which arguments, which Consumer, which result, at what cost), and a unified audit trail. NeuralTrust's documentation is explicit that TrustGate is not an MCP connectivity platform and does not ship a library of pre-built MCP integrations; it governs the servers the customer registers.

Portkey ships an MCP Gateway described as a centralized control plane for managing MCP servers across an organization: a single authentication layer at the gateway (users authenticate once; MCP servers receive verified requests), access control over which teams and users can reach which servers and tools with instant revocation, full observability of every tool call (who called what, parameters, response, latency), and identity forwarding (email, team, roles) to MCP servers. It works with MCP-compatible clients such as Claude Desktop, Cursor, and VS Code. Per Portkey, the MCP Gateway with OAuth 2.1 is part of the open-source release.

Neither product ships a large managed catalog of ready-to-use MCP integrations as the gateway's core value. Portkey does maintain an MCP ecosystem/registry as a separate resource, but the gateway governs the servers you connect. If a big pre-built MCP catalog is a hard requirement, qualify it separately for both.


Observability

Both are strong, and observability is one of Portkey's most praised areas.

TrustGate resolves a full agent workflow into a single trace tree (the model call, the MCP tool calls it triggers, and A2A delegations) with cost, latency, and security findings attributed at every level (Consumer, Route, Provider, span). NeuralTrust frames this unified multi-protocol trace as a differentiator, with security findings inline in the same view. Live observability is in the open-source core; long-term retention and historical analytics are commercial.

Portkey provides detailed logging and tracing, per-request cost tracking, and dashboards that customers frequently cite as a strength: full request traces, latency insight, error and caching visibility, and log export to reporting tools. An important licensing nuance: the observability storage layer (log database and dashboard) is commercial, not part of the open-source gateway, so self-hosters must supply their own storage and logging infrastructure for full observability. This is a widely noted gap of the self-hosted path.

The practical difference is emphasis and packaging: TrustGate centers a unified multi-protocol trace with inline security findings; Portkey offers mature, polished LLM observability whose storage backend is a commercial component.


Deployment

Deployment optionTrustGatePortkey
SaaS / ManagedManaged control plane (enterprise/consumption tier)Hosted API (Portkey Cloud), recommended default
Self-hosted OSSYes, Apache 2.0 coreYes, Apache 2.0 gateway (Docker, Node.js, Cloudflare, others)
Enterprise private cloudEnterprise tierEnterprise Private Cloud Deployments
Hybrid / VPC / Air-gappedEnterprise tier (VPC, air-gapped)Private cloud; verify air-gapped specifics with vendor (now Palo Alto)
Ownership considerationIndependent vendorDeployment/roadmap under Palo Alto Networks

Portkey's self-hosting flexibility is strong (multiple runtimes and an enterprise private-cloud path), with the caveat that the self-hosted gateway needs external observability storage to match the managed experience. TrustGate positions air-gapped and hybrid at its enterprise tier. The differentiator here is less technical than organizational: with Portkey, deployment and roadmap decisions now flow through Palo Alto Networks.


Detailed Feature Comparison

CapabilityTrustGatePortkey
LLM routing (multi-provider, failover)✅✅ (very broad model coverage)
Reliability (retries, load balancing, conditional routing, canary)✅✅ (mature, widely cited)
Caching (simple / semantic)✅✅ (semantic caching at scale is commercial)
MCP governancePer-Consumer tool access, unified audit✅ MCP Gateway (auth, access control, identity forwarding, tool-call logging)
A2A traffic✅Not a documented gateway feature
First-party runtime detection engine✅ Security Engine (TrustGuard attaches)✗ Guardrails framework + PII redaction; deep runtime moving to Prisma AIRS
Companion posture product✅ TrustLens (separate NeuralTrust product)✗ (posture addressed by Palo Alto platform)
Unified multi-protocol trace tree✅ Positioned as differentiatorLLM-focused tracing; storage layer commercial
Independent roadmap✅✗ Owned by Palo Alto Networks
LicenseApache 2.0Apache 2.0 (gateway core)

Which Platform Should You Choose?

Choose NeuralTrust TrustGate if...

  • Your driver is a security mandate and you want the runtime-security engine to be a first-party product from an independent security company, not a set of integrations or a capability being absorbed into a larger platform.
  • Vendor independence matters to your risk assessment, and you want a roadmap not governed by an acquiring parent.
  • You want security findings inline in the same trace tree the platform team already reads.
  • You expect to also adopt a companion posture product (TrustLens) to cover AI outside the gateway's path.
  • You need A2A (agent-to-agent) governance in the same gateway as LLM and MCP.
  • Air-gapped or VPC deployment governed by one independent vendor's stack is a procurement requirement.

Choose Portkey if...

  • Your priority is very broad model coverage across many providers behind one OpenAI-compatible API, with best-in-class reliability primitives (fallbacks, retries, load balancing, conditional routing).
  • You value mature, polished LLM observability and are comfortable using the managed tier (or supplying your own storage) for full logging and dashboards.
  • You want a proven, high-volume gateway with a large adoption base and extensive documentation.
  • You are already invested in, or comfortable adopting, the Palo Alto Networks ecosystem and see the Prisma AIRS integration as a benefit rather than a lock-in risk.
  • Semantic caching and cost-optimization features are central to your use case.
  • Your MCP need is a centralized control plane with authentication, access control, and identity forwarding to MCP servers.

Final Verdict

Both are credible, open-source, self-hostable AI gateways, and on core routing, reliability, caching, and MCP governance they are genuinely comparable. Portkey has an edge in raw model breadth, reliability primitives, and the maturity and polish of its LLM observability. TrustGate has an edge in first-party inline security enforcement, unified multi-protocol tracing that includes A2A, and a companion posture product.

The decision often turns on two axes rather than a feature checklist. The first is security model: TrustGate treats a first-party Security Engine attachment as the gateway's reason for existing, while Portkey provides a guardrails framework whose deepest runtime-security future is inside Palo Alto's Prisma AIRS. The second is independence and roadmap: TrustGate is built by a standalone AI security company, whereas Portkey is now owned by Palo Alto Networks, which is a benefit for buyers standardizing on Palo Alto and a lock-in consideration for buyers who want a neutral, independent gateway.

A security-led buyer who wants an independent, first-party enforcement substrate with A2A coverage and a dedicated posture companion will likely prefer TrustGate. A team optimizing for model breadth, reliability, and mature LLM observability, and either already in or open to the Palo Alto ecosystem, will likely prefer Portkey.


Key Takeaways

  • TrustGate's biggest differentiators are a first-party Security Engine (TrustGuard), an independent roadmap, unified multi-protocol tracing including A2A, and a companion posture product (TrustLens).
  • Portkey was acquired by Palo Alto Networks (closed May 29, 2026) and is being integrated as the AI Gateway for Prisma AIRS; the roadmap now sits with Palo Alto.
  • Both gateways are Apache 2.0, open-source, and self-hostable, with commercial control planes and enterprise tiers.
  • Portkey's strengths are very broad model coverage, reliability primitives, caching, and mature LLM observability.
  • Portkey's observability storage layer, semantic caching at scale, and multi-team RBAC remain commercial, so the self-hosted gateway needs external storage for full observability.
  • Portkey's runtime safety is guardrails-based (PII redaction plus many integrations); the deepest runtime security is moving into Prisma AIRS rather than the standalone gateway.
  • Both ship an MCP governance capability; neither treats a large pre-built MCP catalog as the gateway's core value.
  • The choice usually reduces to an independent, security-first stack (TrustGate) versus a mature, broad-coverage gateway now inside the Palo Alto ecosystem (Portkey).

Frequently Asked Questions

1. What is the difference between NeuralTrust TrustGate and Portkey?

TrustGate is a security-first, independent AI gateway whose Security Engine (TrustGuard) attaches to every Route and which covers LLM, MCP, and A2A traffic. Portkey is a mature, broadly adopted LLM gateway with very wide model coverage and strong observability, now owned by Palo Alto Networks and integrated into Prisma AIRS.

2. Is NeuralTrust independent, and does that matter?

Yes. NeuralTrust is a standalone AI security company, so TrustGate's roadmap is not directed by an acquiring parent. For buyers who want a neutral gateway not tied to a single large security vendor's platform strategy, this independence is a material consideration.

3. Does TrustGate support on-prem or air-gapped deployment?

NeuralTrust positions managed and hybrid deployment, including VPC and air-gapped, at its enterprise tier, with an open-source self-hosted core.

4. Does TrustGate ship pre-built MCP servers?

No. NeuralTrust's documentation states TrustGate is not an MCP connectivity platform and does not ship a library of pre-built MCP integrations; it governs the servers the customer registers.

5. Which AI gateway is better for enterprise AI?

Neither is universally better. Security-led buyers wanting an independent, first-party enforcement engine tend toward TrustGate; teams prioritizing model breadth, reliability, and mature observability, especially within the Palo Alto ecosystem, tend toward Portkey.

6. Who owns Portkey now?

Palo Alto Networks. The acquisition was announced April 30, 2026 and closed May 29, 2026. Portkey serves as the AI Gateway for Palo Alto's Prisma AIRS platform.

7. Is Portkey still open source after the acquisition?

The gateway core is Apache 2.0 (Portkey open-sourced its production gateway in March 2026), and the Apache 2.0 license protects that codebase. The managed tier, observability storage, semantic caching at scale, multi-team RBAC, and compliance features remain commercial and are now under Palo Alto's ownership.

8. Does Portkey have an MCP gateway?

Yes. Portkey's MCP Gateway provides a single authentication layer, access control over servers and tools, tool-call observability, and identity forwarding to MCP servers, and works with MCP-compatible clients such as Claude Desktop, Cursor, and VS Code.

9. How does Portkey handle runtime security?

Through a guardrails framework and PII redaction at the gateway, plus a large set of guardrail integrations. Its deepest runtime-security capabilities are increasingly delivered via Palo Alto's Prisma AIRS rather than the standalone gateway.

10. Does either gateway do AI posture management (AI-SPM)?

Not as a gateway feature. NeuralTrust offers a separate posture product (TrustLens); for Portkey, posture is addressed within the broader Palo Alto security platform.

11. Which has broader model coverage?

Portkey. It states routing to 1,600+ models, and its open-source pricing database covers 2,300+ models across 40+ providers. TrustGate covers the major providers an enterprise deploys and adds inline security and A2A governance.

12. Which has better observability?

Both are strong. Portkey's LLM observability is mature and frequently praised, though its storage layer is commercial. TrustGate emphasizes a single unified multi-protocol trace tree with cost, latency, and security findings attributed inline.

13. Does Portkey support self-hosting?

Yes, the Apache 2.0 gateway can be self-hosted via Docker, Node.js, Cloudflare, and other targets, with an enterprise private-cloud option. Note that full observability requires the commercial storage layer or your own logging infrastructure.


About the Author

Alessandro Pignati is Lead AI Security Researcher at NeuralTrust, where he leads research on AI and agentic security, advancing techniques to evaluate and secure large language models and autonomous AI systems. He specializes in adversarial machine learning, AI red teaming, LLM security, and AI safety, contributing to the development of secure and trustworthy AI.

NeuralTrust is an AI agent security platform, recognized in the Gartner 2025 Market Guide for Guardian Agents. Headquartered in Barcelona with ISO 27001 certification.


Subscribe to our newsletter

Share

Join the leaders securing the agent ecosystem

Get a Demo