Lombard Odier is one of Switzerland’s oldest and most respected private banks, founded in 1796. In addition to private banking and asset management, Lombard Odier also serves as a technology provider, offering “banking-as-a-service” solutions to other financial institutions. Its core banking platform includes over 800 components and has been undergoing a large-scale modernization over the past four years leveraging a modern stack built on technologies such as OpenShift, Kong, Kafka, Vault, and Consul.

As part of this modernization, Lombard Odier is exploring how to integrate artificial intelligence (AI) into its operations while maintaining the highest standards for security, privacy, and compliance.

With the rise of AI across financial services, from fraud detection to client onboarding and portfolio optimization, Lombard Odier needed a way to support AI adoption securely and at scale. As a highly regulated organization, they had to ensure their use of AI models aligned with strict requirements around data protection, auditability, and accountability.

AI posed several key risks. The use of external models increased the bank’s attack surface, and inconsistencies in model behavior introduced reliability and transparency concerns. There was also the challenge of scaling AI services for internal use while protecting sensitive customer data. The bank needed a solution that could enforce access controls, provide full observability into AI interactions, and protect against the accidental exposure of personally identifiable information (PII).

To address these challenges, Lombard Odier implemented Kong’s AI Gateway—a solution that allowed the bank to securely manage, monitor, and scale access to external AI services.

By deploying Kong in Kubernetes with Kong Ingress Controller, the team enabled decentralized, self-service access to AI services, eliminating the need for manual setup by a central team. They established strict network controls using an egress IP and Kubernetes network policies to limit access to AI services only through the AI Gateway.

Instead of distributing API keys across applications, Lombard Odier centralized authentication at the gateway, leveraging OAuth and OIDC to grant secure access while maintaining separation of concerns. They also introduced traffic management policies to control usage at the application level, ensuring fair and efficient resource consumption.

One of the most innovative aspects of the solution was a custom-built AI Privacy Guardian plugin. This plugin detects and classifies PII in outgoing prompts, and depending on the data classification, it can tokenize sensitive fields before reaching external models or block the request entirely. When tokenization is used, the plugin re-maps the response to its original form, preserving the user experience while safeguarding privacy. The bank also used Kong’s AI prompt injection to inform models that tokens were present, ensuring the integrity of the interaction.

With full integration into OpenTelemetry, Kong gave Lombard Odier comprehensive observability into all AI traffic. This made it possible to track usage metrics such as token counts and response reasons within their existing monitoring ecosystem.

Kong’s AI Gateway has enabled Lombard Odier to securely embrace AI without compromising on governance or compliance. The bank now benefits from greater control and visibility over its AI traffic, with clearly defined access permissions and detailed usage insights.

The ability to tokenize or block sensitive data has significantly reduced privacy and reputational risks. Development teams can now integrate AI services through a secure, scalable, and compliant pathway helping the organization innovate faster while remaining aligned with regulatory standards.

Looking ahead, Lombard Odier is exploring the integration of more advanced AI applications involving vector databases and multi-model workflows. With Kong’s AI Gateway in place, the bank is well-positioned to support this next wave of innovation in a safe and structured manner.