I security-audited my own AI gateway and added WASM plugin support. Here's what I found.

I ' ve been building AegisFlow , an open - source AI gateway in Go . It sits between your apps and LLM providers ( OpenAI , Anthropic , Ollama , etc . ) and handles routing , security , rate limiting , and observability . Yesterday I sat down and did a proper security audit of the whole thing . Found more issues than I ' d like to admit . The security stuff Timing attacks on API key validation . The tenant key lookup was using plain string comparison . An attacker could measure response times to progressively guess keys character by character . Switched to SHA - 256 hashing both sides and comparing with subtle . ConstantTimeCompare . Also iterates all tenants on every check so there ' s no early - exit timing leak . inputHash := sha256 . Sum256 ([] byte ( apiKey )) var match * TenantConfig for i := range c . Tenants { for _ , key := range c . Tenants [ i ] . APIKeys { keyHash := sha256 . Sum256 ([] byte ( key )) if subtle . ConstantTimeCompare ( inputHash [ : ], keyHash [ : ]) == 1 { m

I security-audited my own AI gateway and added WASM plugin support. Here's what I found.

Related Articles

Rob Pike’s 5 Rules: The Secret to Building Systems That Actually Survive Production

Bipolar and Sleep Deprivation: What Actually Happens

Learn how to develop like a pro for free

I didn't have to drill these renter-friendly smart lights into my wall - and I love them for it

How to Create and Use Checkboxes in Figma

Related Articles

How-To
Rob Pike’s 5 Rules: The Secret to Building Systems That Actually Survive Production
Medium Programming • 57m ago

How-To
Bipolar and Sleep Deprivation: What Actually Happens
Dev.to • 1h ago

How-To
Learn how to develop like a pro for free
Medium Programming • 2h ago

How-To
I didn't have to drill these renter-friendly smart lights into my wall - and I love them for it
ZDNet • 3h ago

How-To
How to Create and Use Checkboxes in Figma
FreeCodeCamp • 4h ago