Scan Performance & Degradation
The security scan sits in the hot path, so it is built to stay fast and to fail safe under load.
Features
Concurrent Detectors
The AI-backed detectors — input embedding, semantic analysis, attack-corpus similarity, and the CloudVera classifier — run concurrently rather than one after another, so per-request scan latency stays low even with the full stack enabled.
Scan-Time Budget
Each scan runs under a wall-clock budget. If a slow model or classifier backend blows the budget, the scan returns its partial verdict and flags the request as degraded instead of stalling — so a slow scan never becomes a client timeout.
Moderation Fast-Path
Calls to a moderation / guard model (e.g. Llama Guard) skip the redundant content-interpretation scan — the guard model is itself the scan — while cost / denial-of-wallet protection still applies.
Fail-Closed Option
By default degradation is fail-open (the partial verdict is honored) to preserve availability. Security-first tenants can enable Fail-Closed on Scan Degradation on the Security Policies page to block any request whose scan could not finish in budget instead.