{"slug": "team-wide-provider-allowlist-on-ai-gateway", "title": "Team-wide provider allowlist on AI Gateway", "summary": "AI Gateway has launched a team-wide provider allowlist that restricts which AI providers can serve requests, enforcing approved-vendor routing at the gateway level for all traffic including BYOK. The feature blocks unapproved providers even when developers or coding agents modify request-level filters, with only team owners able to modify the list. New providers are disabled by default once the allowlist is activated, ensuring regulated teams maintain centralized control over their approved vendor set.", "body_md": "AI Gateway now supports a team-wide provider allowlist. Teams can restrict which providers can serve requests, so traffic only routes to approved providers. The allowlist applies to every request through AI Gateway, including Bring Your Own Key (BYOK) traffic.\n\nRegulated teams typically vet AI providers across multiple dimensions with security and legal sign-off, ending up with a vendor set that reflects the specific requirements of their org. The allowlist turns that approved-vendor list into a routing guarantee:\n\nEnforcement happens at the gateway level, not at the request level. A developer on the team cannot route traffic to a provider the org hasn't approved.\n\nThis restriction also applies to coding agents. Even if an agent omits or modifies request-level provider filters, AI Gateway still blocks unapproved providers.\n\nOnly team owners can modify the provider allowlist, keeping control centralized and auditable.\n\nNew providers are disabled by default once the allowlist is on, so the approved set doesn't silently expand when AI Gateway integrates a new vendor.\n\nToggle on **Provider Allowlist** in the AI Gateway [ Settings](https://vercel.com/d?to=%2F%5Bteam%5D%2F%7E%2Fai-gateway%2Fsettings&title=AI+Gateway+Settings) tab. All current providers are allowed by default, so existing traffic is unaffected. Disable any providers your team shouldn't use.\n\nThe allowlist filters by provider, not by model. AI Gateway falls back to other allowed providers for the same model if the initial provider fails. The allowlist also functions as an `and`\n\nwith other restrictions applied to the team, like Zero Data Retention (ZDR) or request-level filtering.\n\nFor example, if a team has disabled DeepSeek in their allowlist and a request pins routing to only the DeepSeek provider:\n\nSince DeepSeek is not in the allowlist, AI Gateway rejects the request.\n\nProvider Allowlist works across every API format supported by AI Gateway, including AI SDK, OpenAI Chat Completions API, and Anthropic Messages API.\n\nRead the [provider allowlist documentation](https://vercel.com/docs/ai-gateway/capabilities/provider-allowlist) for more information. For other account-level security and compliance functionality, check the [Zero Data Retention](https://vercel.com/docs/ai-gateway/capabilities/zdr) and [Disallow Prompt Training](https://vercel.com/docs/ai-gateway/capabilities/disallow-prompt-training) documentation.", "url": "https://wpnews.pro/news/team-wide-provider-allowlist-on-ai-gateway", "canonical_source": "https://vercel.com/changelog/team-wide-provider-allowlist-on-ai-gateway", "published_at": "2026-05-28 00:00:00+00:00", "updated_at": "2026-05-29 00:45:32.878575+00:00", "lang": "en", "topics": ["ai-products", "ai-infrastructure", "ai-tools", "ai-safety", "ai-policy"], "entities": ["AI Gateway", "Vercel", "Bring Your Own Key", "BYOK"], "alternates": {"html": "https://wpnews.pro/news/team-wide-provider-allowlist-on-ai-gateway", "markdown": "https://wpnews.pro/news/team-wide-provider-allowlist-on-ai-gateway.md", "text": "https://wpnews.pro/news/team-wide-provider-allowlist-on-ai-gateway.txt", "jsonld": "https://wpnews.pro/news/team-wide-provider-allowlist-on-ai-gateway.jsonld"}}