Product Updates - May 1st, 2025

Prompt Guard Efficacy Tool​

We’ve open-sourced a test harness to evaluate Prompt Guard’s detection accuracy. It supports JSON, CSV, and text inputs, and provides metrics such as accuracy, precision, recall, F1 score, and specificity. Use it to validate configurations or compare analyzer performance across datasets. Compatible with both cloud and edge deployments.

AI Guard & Prompt Guard GA​

AI Guard and Prompt Guard are GA and ready for you to secure your AI applications. AI Guard checks prompt inputs, responses, and data ingestion from external sources for malicious content to protect LLMs and users from threatening content. Prompt Guard utilizes a deep understanding of prompt templates, heuristics, and trained models to detect direct or indirect prompt injection attacks and jailbreak attempts. The two services combined help your team easily maintain a set of guardrails specific to your AI applications.

AuthZ​

AuthZ, a place to design and build your authorization policy outside of any particular framework or database, is now supercharged with ABAC, permission inheritance, and more!

Multipass​

Building authorization structures that are distributed across many systems, represented differently between those systems, and rebuilding them creates a management nightmare. The solution? We'll check the source.

Pangea Multipass normalizes the interfaces for the underlying services - Google Drive, Confluence, Slack, Github, and more at launch - to abstract the credentials, the interaction, and the response for authorization.

Whether you need to check authorization at ingestion or inference, Multipass can help. Learn more about how to use Multipass from our blog post.

ABAC​

Attribute-based Access Control (ABAC) is an authorization model that applies fine-grained access policies based on attributes of the user, resource, and environment - such as location, time of day, or a user’s department. Unlike role-based approaches, ABAC evaluates these attributes at runtime, allowing policies to adapt dynamically to the current context. This makes it especially useful in complex organizations where access decisions depend on non-standard or frequently changing information. We've written a guide to help you get started with ABAC.

Inherited permissions​

Designing authorization is fundamentally a challenge. Not only do you have to understand your problem and domain fully, but you also need to understand the limits of your tools. For example, a healthcare organization may have these rules:

• A hospital facility has numerous units (Emergency Room, Intensive Care Unit, etc), and each unit has rooms.
• A patient is assigned to a room and has numerous medical records.
• A nurse is assigned a unit and therefore inherits access to patients and their records through the room assignment.

With inheritance, we can automatically apply parent resource permissions to its child resources without maintaining and syncing permissions for each individual item. Check out our blog post on inherited permissions to get started today.

Expiring tuples​

There are often cases where we may want to grant an actor access to a resource for a finite amount of time. This could be a share link expiration, or it could behave as a TTL for access to an external resource. Getting started with expiring tuples is easy: add an expires_at property to your request (or use the corresponding field in the SDK) and AuthZ will take care of the rest.

AuthN​

Groups​

In many applications, users are often grouped together with specific roles. Managing each user's permissions individually can add complexity and overhead. To solve for this, we've built groups into AuthN.

Create groups and add users to those groups to reduce authorization service lookups by governing access at the authentication layer. These groups can represent various types of role-based access control (RBAC), such as teams, or regions (such as North America), or other types of access based on a user's attributes.

OAuth custom scopes and claims​

Create custom OAuth scopes with AuthN to allow clients to grant specific permissions, such as writing to a specific database or reading a list of items from an inventory. You can now create custom scopes in AuthN for AuthN clients.

Impossible travel​

In some applications, it is expected that a user cannot log in from two locations at the same time. With AuthN's impossible travel settings, you can enforce this policy. By blocking subsequent logins that are too far apart physically, or 'traveling' too fast, you can defend against bad actors who may be trying to use stolen credentials.

Private Cloud​

Early Access​

We’ve released an early-access alpha of Pangea Private Cloud. It gives you full control by hosting the control and data planes within your environment. This deployment is ideal for regulated industries with strict data sovereignty and compliance requirements. Contact info@pangea.cloud to learn more about onboarding.