OpenRouter's newest enterprise pitch is that AI policy can become a 403 response: its guardrails release says workspaces can set budget limits, enforce zero data retention, restrict models and providers, detect prompt injection, and block data loss before a request reaches a model provider. [1]

That is governance as plumbing, not governance as memo, because a company can cap a user's daily spend, assign separate limits to API keys, reject providers that retain data, or block a prompt-injection pattern before it leaves the workspace. [1]

The June release spotlight folds those controls into a larger enterprise stack of private models, bring-your-own-key management, observability destinations, provider-level zero-data-retention settings and IP allowlist enforcement. [2]

The homepage sells the same layer more simply as one interface with 60-plus providers, 400-plus models and custom data policies, which is exactly why the router becomes the policy surface instead of merely a convenience layer for model shopping and enterprise compliance control. [3]

The caveat is source quality: these are vendor-authored claims, not customer implementation receipts, but they still mark the important shift from asking which model answers best to asking which router can say no.

-- DAVID CHEN, Beijing