OpenRouter Release Notes

Product changes

Rankings percentage toggle -- Bar charts on the rankings page now have a menu button that lets you switch between percentage-normalized and raw token-volume views.

Activity deep links to individual messages -- You can now deep-link to a specific message inside the Activity prompt overlay by appending ?message=<n> to the URL, and the selected row stays in sync as you navigate with prev/next buttons. Docs

Fixed: media_resolution parameter silently dropped for Gemini models -- Sending media_resolution (e.g. MEDIA_RESOLUTION_MEDIUM) to Gemini models now correctly forwards the value to Gemini's generationConfig, changing image token counts as expected.

Fixed: image generation returning empty errors for some providers -- Image generation requests to providers that return non-streaming binary data (e.g. base64 images) now correctly deliver the generated image instead of an empty {} error.

New models

Microsoft: MAI-Voice-2

Microsoft: MAI-Transcribe 1.5

Microsoft: MAI-Image-2.5

Original source

Product changes

May Release Spotlight blog post -- Published the May Release Spotlight covering speech and transcription APIs, Model Fusion, private models, enterprise workspace controls, and new model launches.

Fixed: model-specific default parameters not shown on API tab -- The Parameters table on model detail pages now displays the model's actual default overrides (e.g. top_p: 0.95) instead of generic global defaults.

Docs

/llms.txt and /llms-full.txt now resolve at the domain root -- openrouter.ai/llms.txt and openrouter.ai/llms-full.txt now redirect to their generated equivalents under /docs/, following the llms.txt specification.

Fixed: verbosity parameter default in docs -- The verbosityparameter reference no longer lists medium as the default; the effective default varies by upstream provider.

Original source

We closed our $113M Series B (opens in new tab), and we're now routing 100 trillion tokens a month. Here's everything else that shipped in May.

Workspace Guardrails

Centralized security and governance for every request routed through your workspace. Set per-member and per-key spend limits, lock traffic to a model and provider allowlist, enforce zero data retention, block prompt injection against 30+ OWASP-derived patterns, and redact PII before it reaches a provider. Layer the rules into one guardrail, or scope them to specific API keys and members, with no code changes.

Docs (opens in new tab) · Announcement (opens in new tab)

Speech and Transcription APIs

Add voice to any application through the same API key you already use. Speech-to-text is live with Whisper, GPT-4o Mini Transcribe, and Voxtral; text-to-speech exposes supported_voices in the models API. Provider failover and upstream error passthrough are built into both.

Browse audio models (opens in new tab) · Announcement (opens in new tab)

Model Fusion

Route your prompt to multiple models in parallel and synthesize their responses into a single, higher-quality answer. Model Fusion is now available as an API plugin, a server tool, and in the chatroom composer. You get an ensemble of experts in a single call instead of relying on one model.

Try Model Fusion (opens in new tab) · Docs (opens in new tab)

Model Comparison

Compare up to five models side by side on pricing, context length, and benchmark scores. The rebuilt comparison page includes a "Highlight best" toggle, provider-coded benchmark charts for Intelligence, Coding, and Agentic metrics, and interactive slot cards to quickly add models.

Compare models (opens in new tab)

Private Models (Enterprise)

Route to your own custom, fine-tuned, or dedicated model endpoints through the standard completions and responses API. Your private models get the same guardrails, observability, and billing as any public model on the platform. Available exclusively on the Enterprise plan.

Docs (opens in new tab)

Pareto Code Router

Set min_coding_score and route to the cheapest code-capable model that clears your quality bar. Your coding agents stop overpaying for good-enough code. Configurable defaults per workspace in plugin settings.

Try it (opens in new tab)

Enterprise & Workspace Controls

A set of releases for teams running OpenRouter at scale:

• IP allowlist enforcement. API keys with an IP allowlist now actively block requests from unauthorized IPs with a 403, upgraded from observe-only mode.

  Docs (opens in new tab)

• BYOK management API. Programmatically list, create, update, and delete bring-your-own-key credentials across workspaces. Keys are now grouped by priority with drag-and-drop reordering and a one-click "Test Key" for failed requests.

  API docs (opens in new tab)

• Observability destinations API. CRUD endpoints for managing Datadog, Langfuse, LangSmith, and other observability integrations via management key.

  API docs (opens in new tab)

• Per-provider ZDR controls. Separate Zero Data Retention toggles for non-frontier, Anthropic, OpenAI, and Google providers, so you can meet compliance requirements per provider without restricting your entire model catalog.

• Copy guardrails across workspaces. Standardize safety policies across all workspaces in a few clicks via the "Copy to..." menu.

Also shipped this month

Presets API. Create or version a preset directly from an inference request body, now with Anthropic Messages and Responses skins, plus TypeScript and Python SDK support.

Docs (opens in new tab)

Human-in-the-loop tools. A new SDK tool type that pauses execution and waits for human input before returning results, for agents that need human judgment mid-task.

Blog post (opens in new tab)

Session-id provider stickiness. Requests sharing a session_id now route to the same provider and pin to the same concrete model across turns, improving cache hit rates for multi-turn agentic workflows.

Docs (opens in new tab)

Auto router cost_quality_tradeoff. A 0 to 10 integer replacing the old binary toggle for finer control over cost versus quality when using the auto router.

Docs (opens in new tab)

Redesigned model pages. New model page header, step-by-step API tab with /responses and /messages endpoints, full-screen model selector, and playground side panel for inline testing.

Requests tab in logs. Full request-level drill-down alongside generation logs, with request ID filtering and time picker shorthand (15min, 1h, 3d).

Logs (opens in new tab)

Improved coding agent attribution. Cursor, GitHub Copilot, Cline, RooCode, Kilo Code, Zed, and OpenCode are now properly identified in activity logs so you can see which tools drive your usage.

Usage & Budgets on API keys. Spend charts and budget progress by guardrail layer, directly on each API key.

Rankings daily dataset. GET /api/v1/datasets/rankings-daily returns top-50 models by daily token volume for programmatic analysis.

New models

20 models launched in May, spanning text, speech, image, video, and coding:

• Anthropic Claude Opus 4.8: Anthropic's latest Opus with mid-session system support, plus a fast variant
• Google Gemini 3.5 Flash: Google's newest Flash model
• xAI Grok 4.3: xAI's latest frontier model
• xAI Grok Imagine Video: Video generation from xAI
• xAI Grok Build 0.1: xAI's code generation model
• Qwen Qwen3.7 Max: Qwen's latest max-tier model
• Recraft V3, V4, V4 Pro: Three new image generation models
• Mistral Voxtral Mini Transcribe: Mistral's speech-to-text model

Plus: Gemini 3.1 Flash Lite, GPT Chat Latest, CoBuddy (free), Ring-2.6-1T (free), Perceptron Mk1, and more.

Everything above is live now.

Browse the full model catalog (opens in new tab), or tell us what's missing on Discord (opens in new tab).

Original source

Product changes

Fusion Router documentation and model page -- Added a dedicated Fusion Router documentation page and a model page describing the full panel → judge → synthesis pipeline, configuration options, and failure behavior.

MiniMax M3 reasoning support -- MiniMax M3 now supports the thinking parameter, enabling extended reasoning for complex tasks.

Fixed: Azure forbidden error mapping -- Azure provider responses with a forbidden status in server-sent events are now correctly surfaced as HTTP 403 instead of being misclassified.

New models

MiniMax: MiniMax M3

Original source

Product changes

Fallback errors in error metadata -- When all provider fallbacks fail, the error response metadata now includes a previous_errors array showing every attempted provider's error code, message, and name, making multi-provider failures easier to debug.

Fixed: 404 page layout -- The 404 page no longer displays visual artifacts (stray borders, duplicate footer, off-center content).

Fixed: multipart/form-data error code -- Sending multipart/form-data to JSON-only endpoints (e.g. speech-to-text) now returns a clear 400 Bad Request instead of a misleading 500 Internal Server Error.

Fixed: playground reasoning panel scroll -- Opening the reasoning panel in the playground now scrolls to the top instead of an arbitrary position.

Original source

OpenRouter workspaces have guardrails

OpenRouter workspaces have guardrails: a set of configurable security and governance tools for budget enforcement, zero data retention (ZDR), model and provider restrictions, prompt injection defense, and data loss prevention. Layer each of these rules into a guardrail to govern your entire workspace, or create customized guardrails for team member groups or API keys, all without changing your code.

Go to Workspaces > Guardrails (opens in new tab) in your home dashboard or use the management API (opens in new tab) to create guardrails. Read the docs (opens in new tab) for more detail.

Budget Enforcement

Set spending limits with daily, weekly, or monthly reset windows. Requests that exceed the limit for the time period will fail with a 403 response. Use it to cap spending per member or per key so a single runaway script can't burn the month's budget.

Guardrail budgets are per-entity, not shared. Assign a guardrail with a $50/day limit to three team members, and each one gets their own $50 budget. API key budgets layer independently on top of member budgets. If Audrey has a $100/day member limit and her key has a $30/day limit, the key caps at $30 and Audrey's total across all keys in the workspace caps at $100. Both are checked on every request.

Zero Data Retention (ZDR) and Model/Provider Restrictions

Disable all endpoints that retain or train on data in one-click, block individual models or providers, or restrict the workspace to a model/provider allowlist. Disallowed requests fail with a 403 response. Use it to keep traffic on providers you've vetted, off providers that retain or train on inputs, and on the model price tier each project should use.

Your account-wide privacy policies and provider restrictions (opens in new tab) are inherited by default. Guardrails can only be more restrictive.

Prompt Injection Defense

Scan inputs against a set of >30 regex patterns derived from the OWASP LLM Prompt Injection Prevention Cheat Sheet (opens in new tab) and other resources to identify prompt injection and jailbreak attempts. The detection system includes techniques to catch common evasion strategies: typoglycemia, encoding-based, and character-spaced evasion. It's deterministic and latency overhead is negligible.

Detection runs before the request is sent to the model provider, so blocked traffic never leaves OpenRouter. Use it to catch common injection and jailbreak patterns, especially for agents that pass user input verbatim.

Choose the action you want taken when a pattern is detected:

• Flag: The request passes through unmodified; the detection is recorded for observability, but no enforcement is applied. Useful for evaluating the impact on your traffic before switching to redact or block.
• Redact: Matched parts of the input are replaced with [PROMPT_INJECTION] and the sanitized request is sent to the model.
• Block: The entire request is rejected with a 403 before it reaches the model. The 403 response includes metadata about the type of pattern detected.

Read the prompt injection detection docs (opens in new tab).

Data Loss Prevention (DLP)

Detect and handle PII and other sensitive information in requests. Seven sensitive info types are built in. You can also add your own custom regex patterns for domain-specific data (internal project codenames, proprietary IP). Configure each to Redact the sensitive info or Block the request entirely. Blocked requests return a 403 response with information about the type of content detected. Use it to keep PII and sensitive identifiers out of vendor logs and in compliance with your data handling commitments.

Most built-in patterns and all custom patterns use regular expression matching. This is deterministic and adds negligible latency to requests. Names and addresses use Natural Language Processing (NLP) via Presidio (opens in new tab) and add latency proportional to input size.

Built-in pattern | Method | Redacted as
Email address | Regex | [EMAIL]
Phone number | Regex | [PHONE]
Social Security number | Regex | [SSN]
Credit card number | Regex | [CREDIT_CARD]
IP address | Regex | [IP_ADDRESS]
Person name | NLP | [PERSON_NAME]
Address | NLP | [ADDRESS]

Read the sensitive info protection docs (opens in new tab).

Assign to API keys or org members

You can assign a guardrail to multiple API keys or members. When assigned to members, the guardrail applies to all of their keys in the workspace.

Each workspace has a default guardrail you can configure that applies to every API key and member in the workspace. You can create additional guardrails to further restrict specific API keys or members. The workspace default guardrail sets the baseline; any additional guardrails layer on top.

Start using guardrails

Go to Workspaces > Guardrails (opens in new tab) in your home dashboard to configure your workspace guardrail or create guardrails for specific API keys or members.

Configure programmatically. The Management API supports every guardrail operation, including create, update, delete, list, and assign to keys or members, so you can automate provisioning during team onboarding or key rotation.

Example curl command to create a guardrail:

curl https://openrouter.ai/api/v1/guardrails \
  -H "Authorization: Bearer $OPENROUTER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-safety",
    "limit_usd": 100,
    "reset_interval": "daily",
    "allowed_models": [
      "anthropic/claude-sonnet-4.6",
      "openai/gpt-5.4",
      "google/gemini-3.1-pro-preview"
    ],
    "content_filter_builtins": [
      {"slug": "regex-prompt-injection", "action": "block"},
      {"slug": "email", "action": "redact"},
      {"slug": "credit-card", "action": "block"}
    ]
  }'

Guardrails docs overview (opens in new tab) · Guardrails API reference (opens in new tab)

Original source

Product changes

IP address filtering for enterprise plans -- Enterprise organizations can now restrict all API key usage to approved IP address ranges from Privacy settings, reducing the blast radius of leaked keys.

Negation filters in activity and logs -- Filters now support exclusion — click "is" on any filter chip to toggle it to "is not", letting you exclude specific models, providers, API keys, or workspaces from your view. Docs

Presets: Responses API support -- Creating presets from inference now supports the Responses API via POST /api/v1/presets/:slug/responses, and new documentation covers creating and updating presets directly from inference request bodies. Docs

Prompt caching: session_id sticky routing documentation -- Added docs on using session_id to control sticky provider routing, which activates on any successful request rather than requiring a cache hit. Docs

Anthropic thinking tokens in API responses -- API responses for Anthropic models now include output_tokens_details.thinking_tokens, providing precise reasoning token counts for Claude Opus 4.8 and later.

Fixed: Responses API streaming crashes in OpenAI SDKs -- Streaming keep-alive heartbeats on the Responses API no longer cause union_tag_invalid (Python) or invalid_union (TypeScript) validation errors in the OpenAI SDKs.

New models

Anthropic: Claude Opus 4.8

Anthropic: Claude Opus 4.8 (Fast)

StepFun: Step 3.7 Flash

Original source

Product changes

Series B announcement -- Published the $113M Series B announcement.

API tab redesign on model pages -- Each model's API tab now shows the /responses and /messages endpoint references alongside /chat/completions, making it easier to discover alternative request formats. Docs

Presets: Anthropic Messages API support -- Created presets from inference now support POST /api/v1/presets/:slug/messages, the Anthropic Messages counterpart to the existing chat/completions preset route. Docs

Stream inactivity timeout -- Streaming requests that produce no chunks for 30 seconds are now aborted immediately instead of waiting up to 5 minutes, catching dead connections and empty streams faster.

Guardrails API documentation -- Added a guide for updating your workspace default guardrail programmatically via the API. Docs

Fixed: EU routing for non-Google models on Vertex -- Non-Google models (Claude, Llama, DeepSeek, etc.) routed through eu.openrouter.ai now use the correct endpoint path, fixing 400 errors caused by a hostname/path mismatch.

Original source

Product changes

Model comparison page -- Compare up to five models side by side on pricing, context length, and benchmark scores with the new comparison tool, including a "Highlight best" toggle to call out the top value in each row.

Redesigned model detail API tab -- The API tab on each model page now walks you through numbered steps (get an API key, make a request, enable streaming) with an endpoint reference and interactive parameters table.

Rankings daily dataset endpoint -- A new GET /api/v1/datasets/rankings-daily endpoint returns the top-50 models by daily token volume, matching the data behind the public rankings chart. SDK reference

IP allowlist enforcement -- API keys configured with an IP allowlist now actively block requests from non-allowlisted IPs with a 403 response, upgrading the previous observe-only mode. Docs

Auto router cost_quality_tradeoff parameter -- The auto router now accepts a cost_quality_tradeoff integer (0–10) instead of the previous binary tradeoff, giving finer control over the cost-versus-quality balance when routing requests. Docs

Fixed: dashboard not refreshing on account switch -- Switching between accounts in the dashboard now correctly remounts the page so data reflects the selected account.

Fixed: Bedrock BYOK region prefix mismatch -- Bring-your-own-key Bedrock requests now normalize the inference profile region prefix to match the customer's configured region, fixing "invalid model identifier" errors when the endpoint and key regions differed.

Original source

Product changes

Activity and Logs in workspace sidebar -- Organizations with multiple workspaces now see Activity and Logs links directly in each workspace's sidebar, pre-filtered to that workspace.

API key links in activity logs -- The Activity page and generation detail pane now display the API key name as a clickable link to its detail page, with org-scoped access control.

Fixed: video playback errors in Logs -- Video generation results in Logs now show specific error messages based on the failure type (expired, codec unsupported, network error) and always provide a Download button as fallback.

Original source

Product changes

Profile link in navigation -- Added a Profile link to the user dropdown menu for quicker access to profile settings.

Compare page toolbar layout -- Moved the comparison controls to the left of model cards and the "Add model" button to the top-right title bar on the compare page.

Fixed: service_tier response normalization -- API responses now consistently return "default" instead of sometimes "standard" for the base service tier, and explicitly return null when no tier is present. Docs

Fixed: profile API keys scoping in organizations -- API keys on the profile page now correctly display only the current user's keys when viewing within an organization context.

Original source

Product changes

• Export all chats from playground -- Added an "Export All Chats" option to the chatroom sidebar menu to download all conversations as a single JSON file.
• Filter menu badge counts -- The activity filter menu now displays numeric badge counts for active selections per category and uses checkmarks instead of dots for selected items.
• API keys on profile page -- All API keys across workspaces are now visible on the user profile page with click-through navigation to each key's detail page.
• Improved coding agent attribution -- Requests from Cursor, GitHub Copilot, Cline, RooCode, Kilo Code, Zed, and OpenCode are now properly identified and labeled in activity logs.
• Fixed: chat export missing rooms -- Exporting chats now includes all rooms, including those not recently visited.

New models

• Qwen: Qwen3.7 Max

Original source