Skip to main content
BYOK is an enterprise-only feature. Contact your account team to enable it for your account.
BYOK (Bring Your Own Key) lets you plug your own LLM provider credentials into Neo. Every model call runs under your account and bills directly to you at the provider’s published rates. You pay Neo separately for the agentic platform, orchestration, and security workflows.

When to use BYOK

BYOK is designed for organizations with an existing provider relationship that needs to be preserved:
  • Existing commercial agreement: You hold committed spend, negotiated pricing, or prepaid tokens with a supported provider. BYOK applies that entitlement to all inference Neo runs on your behalf.
  • Specialized contractual arrangements: You have sovereign or government cloud deployments, jurisdiction-specific data residency requirements, or bespoke provisions negotiated directly with the provider. Because requests run under your account, those arrangements apply automatically.

Key considerations

Cyber use must be enabled

Neo runs security and offensive-security workflows. Most LLM providers gate this behind a separate policy or allowlist (often called “cyber use” or equivalent). You must ensure cyber use is enabled for every model you intend to use on your provider account. If it is not enabled, the provider may block or throttle requests and Neo cannot work around this.

Rate limits and availability

When BYOK is active, your experience is bounded by your provider account:
  • Rate limits are enforced by the provider on your account. If you hit your limit, Neo requests fail until it resets or is raised.
  • Timeouts and model uptime are governed by the provider’s infrastructure, regional incidents, and model deprecations.
Neo’s credit-based offering mitigates these issues with fallback models, automatic retry logic, and higher pooled rate limits. BYOK trades some of that resilience for direct control over your provider relationship and spend.

Zero Data Retention

Neo operates with Zero Data Retention. Prompts, completions, and intermediate inference data are not stored or retained by Neo beyond what is needed to fulfill the immediate request. This applies to both credit-based and BYOK usage. For BYOK specifically: Neo does not log or persist inference call content made with your keys. Your API keys are stored encrypted and are never returned in logs, error traces, or API responses after creation. Data residency for inference content is governed by the provider you choose.

Supported providers

ProviderWhat you get
Azure AI FoundryAzure-hosted models via your Azure subscription
Google Vertex AIGemini plus Claude, Llama, Mistral, and others from your GCP project
Amazon BedrockClaude, Llama, Mistral, Cohere, Nova, and others from your AWS account
OpenRouterOne key, access to most major models across providers
AnthropicClaude models direct
OpenAIGPT and o-series models
GoogleGemini via Google AI Studio
xAIGrok
Vercel AI GatewayMulti-provider routing with caching and observability

Enabling BYOK

1

Get your provider credentials

Generate an API key or service credentials from the provider’s console.
2

Open BYOK settings

In Neo, go to Settings → BYOK.
3

Configure your providers

Under Providers, click Configure next to the provider you want to add and paste the credential. Repeat for any additional providers.
4

Enable BYOK

Once at least one provider is configured, toggle on Bring your own API keys at the top of the page. Neo will route inference through your configured provider keys from that point on.

Security and key management

  • All stored provider credentials are encrypted at rest.
  • Keys are never returned in logs, error traces, or API responses after creation.
  • Only account Admins and Owners can view, rotate, or delete provider credentials.