Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.protectorplus.cloudsine.tech/llms.txt

Use this file to discover all available pages before exploring further.

A security profile is a packaged set of guardrail configurations that Protector Plus applies when evaluating prompts and responses. Each GenAI application is bound to a security profile — multiple applications can share a profile, or each can have its own.
Security profiles dashboard

Create a profile

1

Dashboard → Runtime LLM → Add Runtime LLM

Start the binding workflow.
2

Choose Forwarding mode or Non-forwarding mode

See sections below.
3

Fill the Secure Proxy Settings

Inputs depend on mode (see tables below).
4

Save

Protector Plus registers the binding and the profile becomes active.

Forwarding mode

The GenAI application points its LLM endpoint at the Protector Plus FQDN. Protector Plus applies the security profile bound to the FQDN before forwarding to the origin LLM.
SettingDescription
Runtime LLM URLValid FQDN unique to the GenAI application. Must resolve to Protector Plus.
Origin Server IPIP address of the LLM endpoint.
Origin ProtocolProtocol type of the LLM endpoint (HTTP / HTTPS).
Origin Protocol TCP portPort number of the LLM endpoint.
LLM Block MessageMessage returned to the GenAI app on harmful-prompt detection.
Assign one FQDN per GenAI application — this is how Protector Plus distinguishes which security profile to apply.

Non-forwarding mode

The application calls Protector Plus directly with an API key. No FQDN is required. The application makes the final allow/deny decision based on the risk score returned by Protector Plus.
SettingDescription
Runtime LLM URLPseudo-URL (e.g., appname.pseudo-domain.local).
Origin Server IP127.0.0.1
Origin ProtocolHTTP
Origin Protocol TCP port80
LLM Block Messagedefault
After saving the profile, generate the API key from Overview → Gear icon → Download API Key.
The API key is shown once at generation. Store it securely. If lost, generate a new one.

Per-application isolation in practice

The diagram below shows two GenAI applications bound to two separate security profiles on the same Protector Plus instance. Each application is routed via a unique FQDN; Protector Plus applies the bound profile before forwarding to the corresponding LLM endpoint.
Per-application profiles
Use per-application isolation to:

Tighten regulated apps

Apply stricter PII rules to customer-facing applications handling SG NRIC/FIN.

Per-domain thresholds

Tune prompt-injection thresholds higher for apps wired to sensitive tools.

Sandbox isolation

Run research apps at Level 1–2 in Monitor mode without blocking.

Multi-tenant control

Assign different profiles per tenant in shared-platform deployments.

Switching between profiles

The dashboard view is scoped to the currently selected profile. To view alerts and guardrail settings for a different profile, navigate to Overview and click Select this Runtime LLM beneath the LLM you wish to manage.

Removing a profile

Navigate to Overview and click Delete under the LLM. Bindings and alert history for that profile are removed; in-flight traffic falls back to the default profile until a new binding is created.

Profile administration is Super-Admin only

Application-to-security-profile binding is restricted to Super Admin users. App-bound users cannot modify the binding of their own application — see Account Management for the full access matrix.