Glossary

BYOK (Bring Your Own Key)

BYOK lets your AI vendor route every prompt through your own LLM provider (OpenAI, Anthropic, Bedrock, Azure). Compliance, cost, and residency benefits without the vendor seeing your data.

Bring-your-own-key is the architectural pattern where an AI product accepts your inference provider's API key and routes every prompt through it. Your data hits your provider, your provider bills you, the AI vendor never sees the inference traffic.

Why customers ask for it

Three reasons, in order of how often they come up. Data residency: 'we don't want our prompts to touch your inference provider'. Compliance: 'our SOC 2 / HIPAA / FedRAMP posture is easier with one provider in the loop, not two'. Cost arbitrage: 'we already negotiated a rate; we want the savings'.

Why it's harder to build than it looks

BYOK isn't a feature flag. It's a different shape of system. Keys must never enter logs or background workers' memory. Provider adapters need a clean interface so adding a new provider doesn't touch six files. Background ingestion (embedding, indexing) has to use the customer's key too, not a fallback. Per-provider quirks (Azure deployment names, Bedrock SigV4) add real engineering time.

What Cognia supports

On Business and Enterprise plans, Cognia routes every inference call through the customer's choice of OpenAI, Anthropic, Azure OpenAI, or AWS Bedrock. Keys are encrypted at rest, decrypted in-memory only at request time, and never written to logs. Background indexing uses the customer's key too.

© 2026 Cognia, Inc.
TermsPrivacyDPASubprocessorsSecurity
BYOK LLM: routing prompts through your own provider — Cognia · Cognia