Scan Performance & Degradation

The security scan sits in the hot path, so it is built to stay fast and to fail safe under load.

Features

Concurrent Detectors

The AI-backed detectors — input embedding, semantic analysis, attack-corpus similarity, and the CloudVera classifier — run concurrently rather than one after another, so per-request scan latency stays low even with the full stack enabled.

Scan-Time Budget

Each scan runs under a wall-clock budget. If a slow model or classifier backend blows the budget, the scan returns its partial verdict and flags the request as degraded instead of stalling — so a slow scan never becomes a client timeout.

Moderation Fast-Path

Calls to a moderation / guard model (e.g. Llama Guard) skip the redundant content-interpretation scan — the guard model is itself the scan — while cost / denial-of-wallet protection still applies.

Fail-Closed Option

By default degradation is fail-open (the partial verdict is honored) to preserve availability. Security-first tenants can enable Fail-Closed on Scan Degradation on the Security Policies page to block any request whose scan could not finish in budget instead.