← Blog

Vercel AI Gateway Alternatives: When Zero-Markup Routing Is Not the Layer You Need

Vercel AI Gateway went GA in August 2025 as a zero-markup unified endpoint welded to the Vercel AI SDK, with default zero data retention, provider allowlists, and failover. Its identity model is team and project scoped, and it runs only as Vercel-hosted SaaS. This piece covers who genuinely needs an alternative, from self-hosting to identity-bound audit, and maps the alternative set by what each option actually enforces.

ByParminder Singh· Founder & CEO, DeepInspect Inc.
Comparisons & Alternativesai-gatewaycomparisonarchitectureidentity-and-authorizationauditai-security
Vercel AI Gateway Alternatives: When Zero-Markup Routing Is Not the Layer You Need

Vercel AI Gateway went generally available in August 2025. It is a hosted unified API that fronts hundreds of models through one endpoint at https://ai-gateway.vercel.sh/v1, with budgets, usage monitoring, load balancing, and automatic failover. Its defining feature is integration: with the Vercel AI SDK, a bare model string like anthropic/claude-opus-4.7 auto-routes through the gateway, and it charges zero markup on tokens, including when you bring your own key. For a team already building on Vercel, it is the path of least resistance, and the developer experience is genuinely good.

The reason a team searches for an alternative is rarely that Vercel AI Gateway is bad at what it does. It is that the layer they need sits somewhere Vercel AI Gateway does not reach: off Vercel's hosting, inside a VPC, or at an identity-bound enforcement point that produces regulatory evidence. I want to be precise about who those teams are, and what the honest alternative set looks like.

What Vercel AI Gateway is, and what it does not do

Start with the governance it does have, because a fair comparison names it. Zero data retention is on by default, deleting prompts and responses after the request completes. You can restrict routing to verified zero-retention providers per request or per team, disallow prompt training, and configure a Provider Allowlist on Pro and Enterprise. Authentication uses dashboard API keys, which deactivate when the creating team member leaves, and Vercel OIDC tokens tied to a Vercel project with a twelve-hour validity.

Now the boundary of that model. Authentication is team and project scoped, so the gateway knows which project or key made a call, without an end-user identity propagated into a policy decision. There is no prompt-level classification across regulated data types. There is no signed, tamper-evident per-decision audit record. The Custom Reporting feature that attaches tags and user IDs is a paid add-on billed per write and per query, and it is spend attribution rather than an audit artifact. And the whole thing runs as Vercel-hosted SaaS, with no self-hosted deployment.

Who genuinely needs an alternative

Four situations, each concrete.

The team runs workloads off Vercel. The OIDC path assumes Vercel projects, so a multi-cloud or non-Vercel deployment loses the part that made the gateway convenient and is left routing prompts to a third-party endpoint.

The data is regulated and has to stay in a controlled environment. Vercel AI Gateway has no self-hosted or in-VPC mode. A workload under HIPAA, DORA, or a data-residency mandate that cannot send prompts to a Vercel-hosted endpoint needs a layer it can run itself.

The team needs identity-bound per-request policy. Project-scoped keys answer which project called. A regulated deployment often needs to answer which verified person or agent called, under which policy, which is a different primitive.

The team needs independent audit evidence. Default zero retention is a strong privacy posture, and it means the gateway is not the place a signed decision record lives. A workload that has to prove what each AI call did needs that record produced somewhere.

The alternative set, by what it lets you run

Because the reason to leave Vercel AI Gateway is usually about where the layer runs and what it proves, I have sorted the alternatives by deployment and enforcement rather than by model count.

| Product | Runs where | Honest one-liner | Enforcement depth | |---|---|---|---| | TrueFoundry | Self-hosted in your VPC | Kubernetes-native AI platform, gateway as one module; adopt the platform to get the gateway. | RBAC, budgets, guardrails, self-hosted control plane. | | Envoy AI Gateway | Self-hosted, Kubernetes | 1.0 shipped June 23, 2026, Tetrate-led on CNCF Envoy Gateway; infrastructure-grade routing you own. | 16-provider routing, MCP gateway, quota-aware multi-tenancy, upstream auth. See the full comparison. | | Kong AI Gateway | Self-hosted or managed | Enterprise API platform extended to AI; heavyweight governance. | PII sanitization, prompt guards, RBAC, quotas, audit. | | LiteLLM Proxy | Self-hosted or Cloud | Widely used OSS router; had a rough 2026 CVE year on the proxy, now hardening. | Virtual keys, budgets, guardrails, management-plane audit (enterprise). | | agentgateway | Self-hosted, OSS | The project formerly pitched as Gloo AI Gateway; Solo.io donated it to the Linux Foundation in August 2025. | A2A and MCP authorization, observability for agent traffic. | | Cloudflare AI Gateway | Hosted (edge) | Broad, cheap edge observability; another SaaS, policy depth still Beta. | Analytics, caching, rate limiting; DLP and Guardrails Beta. | | OpenRouter | Hosted SaaS | Largest hosted marketplace, real key-bound guardrails; still a third-party in the path. | PII and injection guardrails, budgets, allowlists. | | Bifrost (Maxim) | Self-hosted, OSS | Go-based performance play; benchmarks are the pitch. | Load balancing, virtual keys, budgets, guardrails, MCP. |

If the reason you are leaving Vercel AI Gateway is hosting or data residency, the self-hosted rows are the real candidates. If the reason is convenience or price, another hosted SaaS trades one dependency for another.

The layer none of these fully covers

Every product above routes traffic, and several enforce content policy. What none of them centers is the combination a regulated workload actually needs at the AI request boundary: per-request policy bound to a verified identity, prompt classification across PII, PHI, MNPI, and jurisdictional categories, a signed per-decision audit record held independently of the application, and fail-closed behavior on error. A gateway that binds identity into the decision and produces an independent record is a different layer than a router, even when both are called gateways.

DeepInspect

This is the gap DeepInspect closes, and it composes with a router rather than replacing one. A team leaving Vercel AI Gateway for a self-hosted stack can put a router like Envoy AI Gateway or LiteLLM in the traffic path and DeepInspect at the AI request boundary in front of it.

DeepInspect is a stateless proxy you deploy inside your own environment. It binds each call to the natural-person or agent identity your application supplies, classifies the prompt content against the regulated categories your sector recognizes, applies per-route and per-role policy, and commits a signed per-decision audit record before the response returns, on a write path the application never holds. Deterministic, fail-closed, model-agnostic. That produces the two things Vercel AI Gateway's hosted, project-scoped model does not: identity-bound policy tied to your own identity provider, and an independent audit record that lives on infrastructure you control. If you are moving a regulated workload off a hosted gateway and you are facing the August EU AI Act deadline, book an audit at deepinspect.ai.

Frequently asked questions

When did Vercel AI Gateway become generally available?

Vercel AI Gateway reached general availability in August 2025. It is a hosted unified endpoint that fronts hundreds of models, welded to the Vercel AI SDK, with zero markup on tokens including bring-your-own-key, default zero data retention, provider allowlists on paid tiers, and automatic failover. It is strong for teams building on Vercel and is the default inference path for Vercel's own SDK.

Does Vercel AI Gateway keep an audit trail?

Its default posture is zero data retention, deleting prompts and responses after the request completes, which is a privacy stance rather than an audit stance. Its Custom Reporting add-on attaches tags and user IDs and is billed per write and per query, giving spend attribution rather than a tamper-evident decision record. There is no signed, independent per-decision audit record. A workload that has to prove what each AI call did needs that record produced by a layer built for it.

Can I self-host Vercel AI Gateway?

No. Vercel AI Gateway runs only as Vercel-hosted SaaS, and its OIDC authentication path assumes Vercel projects. Teams that need an in-VPC or on-prem deployment for regulated data, or that run workloads off Vercel, are the clearest candidates for an alternative, and the self-hostable options are TrueFoundry, Envoy AI Gateway, Kong, LiteLLM, agentgateway, and Bifrost.

What is the best alternative for regulated data?

For regulated data the deciding factors are where the layer runs and what it proves. A self-hosted router such as Envoy AI Gateway or Kong keeps traffic in your environment, and an identity-bound enforcement layer in front of it produces the classification and the signed per-decision record a regulator inspects. Another hosted SaaS gateway solves the routing question while keeping a third party in the path of every prompt, which is usually the thing a regulated team is trying to remove.

Do I have to replace Vercel AI Gateway completely?

Not always. If your objection is only identity and audit, and you can keep routing where it is, you can add an enforcement layer at the AI request boundary while leaving your routing in place. If your objection is hosting or data residency, then the routing layer itself has to move to something self-hostable, and the enforcement layer runs in front of it. The two decisions, where routing runs and where enforcement runs, are separable.