Protecto is now integrated with Citrix NetScaler AI Gateway

Citrix launched NetScaler AI Gateway this week, a new AI governance layer built directly into the NetScaler platform. Protecto is one of two security vendors named in the official announcement as a built-in integration partner.

Here’s what the integration does and why it matters for enterprise security teams.

What NetScaler AI Gateway is

NetScaler has been enterprise application delivery infrastructure for years. The AI Gateway extends that foundation to LLM traffic: token-based rate limiting, load balancing across inference backends, prompt management, and security integrations. The goal is to let enterprises manage AI applications with the same operational controls they apply to other mission-critical services, running through infrastructure they already trust.

Where Protecto fits in

Protecto connects as an inline PII protection layer via HTTP callout. The flow is straightforward:

1. An end user or application sends a request through NetScaler toward an LLM inference service
2. Before the request reaches the model, NetScaler fires an HTTP callout to Protecto
3. Protecto scans the prompt, detects sensitive data using context-aware classification, and masks or blocks it
4. The de-identified request continues to the LLM. The model responds based on clean data.
5. NetScaler’s responder policy handles the return to the end user

The difference from standard redaction comes down to context awareness. Pattern matching misses identifiers that don’t look like PII on the surface: a patient reference, an account nickname, an internal code that maps to a person. Protecto’s detection picks up implicit identifiers that regex-based tools skip. It also preserves semantic meaning in the masked output so the LLM can still reason accurately on what it receives. Stripping data blind produces broken responses. Masking with context preserved does not.

Why this matters for enterprise deployments

Enterprise AI has a well-known tension: move fast and risk data exposure, or enforce controls and slow down the teams building on AI. The NetScaler integration resolves this at the infrastructure layer rather than the application layer. Security enforcement happens in the gateway, applied consistently across every LLM request, without requiring individual application teams to build their own compliance logic from scratch.

Amar Kanagaraj, Protecto Founder and CEO, quoted in the Citrix launch announcement:

“Every enterprise racing to deploy AI faces the same dilemma: move fast and risk exposing customer data, or slow down and lose competitive ground. That trade-off shouldn’t exist. Protecto’s agentic data classification catches what traditional AI security tools miss, and integrates directly with NetScaler AI Gateway to block or mask sensitive data before it ever reaches AI systems — without losing the context AI needs to function accurately.”

Read the full technical walkthrough

The Citrix TechZone team published a detailed breakdown including architecture and deployment guidance.

Read it on Citrix TechZone →

Official Citrix press release →