July 11, 2026
Achieving Zero-Downtime AI for Security Research: Guide to Setting Up 9Router
If you are using LLMs to accelerate red teaming work, you’ve likely ran into the rate limiting problem.

By Gurnita Pradnya Dipa
2 min read
We can somewhat circumvent this problem by utilizing 9Router — a local, self-hosted AI API gateway designed to sit between your automated security tools and your chosen providers.
Step 1: Deploying 9Router Locally
9Router (https://9router.com/) operates as a local proxy server that exposes an OpenAI-compatible endpoint. You can spin it up via npm or run it via Docker if you prefer an isolated container environment.
To install and launch it globally via Node.js, execute the following commands in your terminal:
# Install 9router globally
npm install -g 9router
# Spin up the proxy gateway
9router .# Install 9router globally
npm install -g 9router
# Spin up the proxy gateway
9router .Once initialized, 9Router will spin up its local proxy server at http://localhost:20128/v1 and automatically open its web management dashboard at [http://localhost:20128](http://localhost:20128.).
Step 2: Populating Your Provider Pools
Once you access the 9Router dashboard, your first task is connecting your LLM providers. Because pentesting requires high availability, you want a diverse mix of elite models and unlimited fallback options.
- Navigate to the Providers tab in the dashboard.
- Connect your premium accounts (e.g., Anthropic Claude, OpenAI, or OpenRouter) by inputting your API keys.
- Maximize your free tiers: Enable built-in, no-signup free providers like Kiro AI or OpenCode Free.
If you possess multiple accounts for a single provider to bypass strict free-tier limits, input all of them. 9Router supports Round-Robin Scheduling and automatic token-swapping pools, meaning it will rotate through your keys transparently whenever a 429 error occurs.
Step 3: Architecting the Zero-Downtime Fallback Combo
To ensure your scripts never fail mid-task, you must define a Combo. A Combo is a custom routing chain that acts as a single, virtual model endpoint.
- Go to Dashboard → Combos → Create New Combo.
- Give your combo a distinct identifier, such as
sec-research-stack. - Arrange your fallback chain in priority order. For a balance of raw intelligence and zero-downtime reliability, configure it as follows (example):
- Primary Tier (Subscription/Paid):
claude-3-5-sonnet(For precise vulnerability identification and exploit generation). - Secondary Tier (Cheap/Fast):
deepseekorglm-4(For rapid parsing of large log volumes). - Tertiary Tier (Free Unlimited):
kr/claude-sonnetvia Kiro AI.
Save your changes. 9Router now exposes this chain under the unified model name: combo/sec-research-stack.
Step 4: Hooking 9Router into Your Security Tools
Because 9Router outputs a standard, OpenAI-compatible syntax, integrating it into your existing workflow requires changing only two variables in your scripts or CLI tools: the Base URL and the Model Name.
Example: Integrating with Hermes Agent
If you use hermes agents to do deep security research and analysis for pentesting and red teaming, adjust their settings to point locally:
- Endpoint / Base URL: http://localhost:20128/v1
- API Key: (Copy your unique 9Router token from the dashboard settings)
- Model:
combo/sec-research-stack
The Verdict: Seamless Exploitation Workflows
By abstracting your API layer behind 9Router, you somewhat ensure uptime as long as you rotate providers using combos, If your primary API key gets throttled while iterating through a dense payload list, 9Router fall back silently and swaps the backend provider providing zero downtime for you.
Feel free to experiment, there are alot of this to explore such as deploying 9router publicly so that you can access the endpoint through many devices and provides even less downtime.