Guardrails provide organization-level security filters that automatically detect and mask sensitive information in AI requests and responses, acting as a protective layer to prevent data leaks and maintain compliance.

Overview

Guardrails offer enterprise-grade data protection that automatically prevents sensitive information from being exposed through AI interactions. This bidirectional security system scans both incoming requests and outgoing responses to ensure compliance and data safety.

What Guardrails Protect

Data Security

Automatically detect and mask sensitive data before it reaches AI models

Compliance

Meet GDPR, PCI DSS, SOC 2, and other regulatory requirements

Risk Management

Prevent accidental exposure of credentials, financial data, and personal information

Organization-Wide

Apply consistent security policies across all API keys and models

Available Guardrail Types

Security Categories

PII (Personally Identifiable Information)
  • Social Security Numbers
  • Email addresses and phone numbers
  • Names and personal identifiers
  • GDPR compliance protection

How Guardrails Work

Security Flow Process

Processing Steps

1

Request Received

User makes API request through any organization API key
2

Input Scanning

Guardrails scan request content for sensitive data patterns
3

Data Masking

If sensitive data detected, it’s automatically masked before processing
4

Model Processing

Requests with masked data proceed to AI model for processing
5

Output Scanning

Guardrails scan AI response for any sensitive information
6

Response Masking

Sensitive data in responses is masked before returning to user

Admin Management

Guardrail Configuration

Access Control:
  • Navigate to Admin Panel → Guardrails tab
  • Real-time toggle switches for each guardrail type
  • Immediate organization-wide application
  • Success/error feedback for configuration changes
Available Controls:

Configuration Management

Real-Time Updates:
  • Changes apply organization-wide immediately
  • No restart or downtime required
  • Instant activation/deactivation of security rules
  • Visual confirmation of configuration changes

Protection Scope

Comprehensive Coverage

All API Keys:
  • Guardrails apply across every API key in the organization
  • No exceptions or bypass mechanisms
  • Consistent security regardless of key configuration
All Models:
  • Works with any approved model (OpenAI, Anthropic, Azure, etc.)
  • Provider-agnostic security implementation
  • Universal protection across model types
All Endpoints:
  • Chat completion requests
  • Text generation endpoints
  • Streaming responses
  • Any AI interaction endpoint
Bidirectional Security:
  • Incoming request scanning
  • Outgoing response filtering
  • Complete data flow protection

Compliance & Use Cases

Regulatory Compliance

GDPR Compliance

PII detection ensures European data protection regulation compliance

PCI DSS

Payment card data protection meets financial industry standards

SOC 2

Security controls support SOC 2 Type II requirements

Enterprise Protection Scenarios

Data Leak Prevention:
  • Automatic detection and masking without manual review
  • Prevent accidental credential exposure in AI prompts
  • Mask financial data to protect it from model training
  • Protect customer personal information in support interactions
Risk Management:
  • Organization-wide policy enforcement
  • Consistent security across all teams and projects
  • Audit trail for compliance reporting
  • Automatic threat detection and response
Operational Security:
  • Real-time protection during AI interactions
  • No impact on legitimate use cases
  • Transparent security that doesn’t disrupt workflows
  • Scalable protection for growing organizations

Integration with Enterprise Features

Works with Other Systems

User Management Integration:
  • Guardrails apply to all organization users
  • Individual user activity protected automatically
  • No per-user configuration required
Group-Based Protection:
  • All group members receive same security protection
  • Group API keys inherit guardrail settings
  • Consistent security across team structures
Approved Models Compatibility:
  • Guardrails work with any approved model
  • Security maintained regardless of model selection
  • Protection spans entire approved model catalog

API Key Policy Integration

Security Layering:
  • Guardrails provide base-level organization security
  • API key policies add feature-specific controls
  • User/group permissions manage access levels
  • Combined system ensures comprehensive protection

Best Practices

Configuration Strategy

Start Comprehensive

Enable all relevant guardrails from the beginning to establish strong security baseline

Monitor Patterns

Review blocked requests to understand common security issues and adjust policies

Compliance Alignment

Match guardrail configuration to your industry’s specific compliance requirements

Regular Review

Periodically review and update guardrail settings as business needs evolve

Implementation Guidelines

Rollout Strategy:
  1. Enable guardrails in testing environment first
  2. Monitor for false positives with sample data
  3. Adjust detection sensitivity if needed
  4. Deploy to production with monitoring
  5. Train teams on security error handling
Ongoing Management:
  • Regular compliance audits
  • Security incident response procedures
  • Team training on data handling best practices
  • Integration with existing security workflows

Error Handling & User Experience

When Guardrails Trigger

Current Implementation (Data Masking):
  • Sensitive data automatically replaced with masked placeholders
  • Seamless processing with protected information
  • No workflow interruption for users
  • Audit logging for security team review
Future Features:
  • Request Blocking: Option to completely block requests containing sensitive data
  • Reverse Mapping: Ability to unmask data when appropriate for authorized users
  • Advanced Filtering: More granular control over masking vs blocking behavior
  • Custom Masking Patterns: Organization-specific masking rules and formats
Guardrails are designed to err on the side of caution. Some legitimate data may be masked if it contains patterns similar to sensitive information. Organizations should review masking patterns to ensure optimal balance between security and functionality.
Guardrails provide the foundation for enterprise AI security, automatically protecting your organization’s most sensitive data without requiring manual oversight or complex configuration.
The Guardrails system ensures your organization can leverage AI capabilities while maintaining the highest standards of data protection and regulatory compliance.