> ## Documentation Index
> Fetch the complete documentation index at: https://docs.requesty.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Guardrails

> Enterprise-grade security filters that automatically detect and block sensitive information in AI requests and responses

Guardrails provide organization-level security filters that automatically detect and mask sensitive information in AI requests and responses, acting as a protective layer to prevent data leaks and maintain compliance.

<Note>
  **[Configure guardrails](https://app.requesty.ai/guardrails)** in the Requesty Console.
</Note>

## Overview

Guardrails offer enterprise-grade data protection that automatically prevents sensitive information from being exposed through AI interactions. This bidirectional security system scans both incoming requests and outgoing responses to ensure compliance and data safety.

### What Guardrails Protect

<CardGroup cols={2}>
  <Card title="Data Security" icon="shield-check">
    Automatically detect and mask sensitive data before it reaches AI models
  </Card>

  <Card title="Compliance" icon="file-shield">
    Meet GDPR, PCI DSS, SOC 2, and other regulatory requirements
  </Card>

  <Card title="Risk Management" icon="exclamation-triangle">
    Prevent accidental exposure of credentials, financial data, and personal information
  </Card>

  <Card title="Organization-Wide" icon="building">
    Apply consistent security policies across all API keys and models
  </Card>
</CardGroup>

## Available Guardrail Types

### Security Categories

<Tabs>
  <Tab title="Personal Data">
    **PII (Personally Identifiable Information)**

    * Social Security Numbers
    * Email addresses and phone numbers
    * Names and personal identifiers
    * GDPR compliance protection
  </Tab>

  <Tab title="Credentials & Secrets">
    **Secret Keys Detection**

    * API keys and tokens
    * Database credentials
    * Authentication secrets
    * Service account keys
  </Tab>

  <Tab title="Financial Information">
    **PCI (Payment Card Information)**

    * Credit card numbers
    * Card verification codes
    * Cardholder data

    **Banking Information**

    * Account numbers
    * Routing numbers
    * Bank identifiers

    **Financial Data**

    * Investment details
    * Financial statements
    * Trading information
  </Tab>
</Tabs>

## How Guardrails Work

### Security Flow Process

```mermaid theme={"dark"}
graph TD
    A[User API Request] --> B[Input Scanning]
    B --> C{Sensitive Data<br/>Detected?}
    C -->|Yes| D[Mask Sensitive Data]
    C -->|No| E[Forward to AI Model]
    D --> E
    E --> F[AI Response]
    F --> G[Output Scanning]
    G --> H{Response Contains<br/>Sensitive Data?}
    H -->|Yes| I[Mask Response Data]
    H -->|No| J[Return Clean Response]
    I --> J
```

### Processing Steps

<Steps>
  <Step title="Request Received">User makes API request through any organization API key</Step>
  <Step title="Input Scanning">Guardrails scan request content for sensitive data patterns</Step>
  <Step title="Data Masking">If sensitive data detected, it's automatically masked before processing</Step>
  <Step title="Model Processing">Requests with masked data proceed to AI model for processing</Step>
  <Step title="Output Scanning">Guardrails scan AI response for any sensitive information</Step>
  <Step title="Response Masking">Sensitive data in responses is masked before returning to user</Step>
</Steps>

## Admin Management

### Guardrail Configuration

**Access Control:**

* Navigate to Admin Panel → Guardrails tab
* Real-time toggle switches for each guardrail type
* Immediate organization-wide application
* Success/error feedback for configuration changes

**Available Controls:**

<AccordionGroup>
  <Accordion title="PII Protection">
    **Toggle to Enable/Disable:**

    * Personally Identifiable Information detection
    * Email addresses, phone numbers, SSNs
    * GDPR compliance scanning
    * Personal name and identifier blocking
  </Accordion>

  <Accordion title="Secret Keys Protection">
    **Toggle to Enable/Disable:**

    * API key and token detection
    * Database credential scanning
    * Service account key protection
    * Authentication secret blocking
  </Accordion>

  <Accordion title="Financial Data Protection">
    **PCI Compliance:**

    * Credit card number detection
    * Payment card verification codes
    * Cardholder data protection

    **Banking Information:**

    * Account number scanning
    * Routing number detection
    * Bank identifier protection

    **General Financial:**

    * Investment data blocking
    * Financial statement protection
    * Trading information security
  </Accordion>
</AccordionGroup>

### Configuration Management

**Real-Time Updates:**

* Changes apply organization-wide immediately
* No restart or downtime required
* Instant activation/deactivation of security rules
* Visual confirmation of configuration changes

## Protection Scope

### Comprehensive Coverage

**All API Keys:**

* Guardrails apply across every API key in the organization
* No exceptions or bypass mechanisms
* Consistent security regardless of key configuration

**All Models:**

* Works with any approved model (OpenAI, Anthropic, Azure, etc.)
* Provider-agnostic security implementation
* Universal protection across model types

**All Endpoints:**

* Chat completion requests
* Text generation endpoints
* Streaming responses
* Any AI interaction endpoint

**Bidirectional Security:**

* Incoming request scanning
* Outgoing response filtering
* Complete data flow protection

## Compliance & Use Cases

### Regulatory Compliance

<CardGroup cols={3}>
  <Card title="GDPR Compliance" icon="globe">
    PII detection ensures European data protection regulation compliance
  </Card>

  <Card title="PCI DSS" icon="credit-card">
    Payment card data protection meets financial industry standards
  </Card>

  <Card title="SOC 2" icon="shield">
    Security controls support SOC 2 Type II requirements
  </Card>
</CardGroup>

### Enterprise Protection Scenarios

**Data Leak Prevention:**

* Automatic detection and masking without manual review
* Prevent accidental credential exposure in AI prompts
* Mask financial data to protect it from model training
* Protect customer personal information in support interactions

**Risk Management:**

* Organization-wide policy enforcement
* Consistent security across all teams and projects
* Audit trail for compliance reporting
* Automatic threat detection and response

**Operational Security:**

* Real-time protection during AI interactions
* No impact on legitimate use cases
* Transparent security that doesn't disrupt workflows
* Scalable protection for growing organizations

## Integration with Enterprise Features

### Works with Other Systems

**User Management Integration:**

* Guardrails apply to all organization users
* Individual user activity protected automatically
* No per-user configuration required

**Group-Based Protection:**

* All group members receive same security protection
* Group API keys inherit guardrail settings
* Consistent security across team structures

**Approved Models Compatibility:**

* Guardrails work with any approved model
* Security maintained regardless of model selection
* Protection spans entire approved model catalog

### API Key Policy Integration

```mermaid theme={"dark"}
graph LR
    A[Guardrails] --> B[API Key]
    B --> C[Approved Models]
    C --> D[User Groups]
    D --> E[Protected Output]

    F[Security Scan] --> A
    G[Compliance Rules] --> A
```

**Security Layering:**

* Guardrails provide base-level organization security
* API key policies add feature-specific controls
* User/group permissions manage access levels
* Combined system ensures comprehensive protection

## Best Practices

### Configuration Strategy

<CardGroup cols={2}>
  <Card title="Start Comprehensive" icon="shield-alt">
    Enable all relevant guardrails from the beginning to establish strong security baseline
  </Card>

  <Card title="Monitor Patterns" icon="chart-line">
    Review blocked requests to understand common security issues and adjust policies
  </Card>

  <Card title="Compliance Alignment" icon="balance-scale">
    Match guardrail configuration to your industry's specific compliance requirements
  </Card>

  <Card title="Regular Review" icon="sync">
    Periodically review and update guardrail settings as business needs evolve
  </Card>
</CardGroup>

### Implementation Guidelines

**Rollout Strategy:**

1. Enable guardrails in testing environment first
2. Monitor for false positives with sample data
3. Adjust detection sensitivity if needed
4. Deploy to production with monitoring
5. Train teams on security error handling

**Ongoing Management:**

* Regular compliance audits
* Security incident response procedures
* Team training on data handling best practices
* Integration with existing security workflows

## Error Handling & User Experience

### When Guardrails Trigger

**Current Implementation (Data Masking):**

* Sensitive data automatically replaced with masked placeholders
* Seamless processing with protected information
* No workflow interruption for users
* Audit logging for security team review

**Future Features:**

* **Request Blocking**: Option to completely block requests containing sensitive data
* **Reverse Mapping**: Ability to unmask data when appropriate for authorized users
* **Advanced Filtering**: More granular control over masking vs blocking behavior
* **Custom Masking Patterns**: Organization-specific masking rules and formats

<Warning>
  Guardrails are designed to err on the side of caution. Some legitimate data may be masked if it contains patterns similar to sensitive
  information. Organizations should review masking patterns to ensure optimal balance between security and functionality.
</Warning>

<Note>
  Guardrails provide the foundation for enterprise AI security, automatically protecting your organization's most sensitive data without
  requiring manual oversight or complex configuration.
</Note>

The Guardrails system ensures your organization can leverage AI capabilities while maintaining the highest standards of data protection and regulatory compliance.