Guardrails

Protect every request. Secure every response.

Pluggable security filters that plug into four stages of the request lifecycle — pre-call, post-call, parallel, or log-time. One config. Every provider. Every agent.

Live · acme-corp/production
last 30d
148M
requests scanned
last 30d
2.1M
PII tokens masked
pre_call
31.4k
injections blocked
threat-classifier
482
compliance hits
flagged for review
99.7%
allow rate
clean traffic
See it work

Every request, scrubbed on the way in.

detected  ·  masked
user input
raw
Hey — please update my profile. My email is john.doe@acme.com, phone +1 (415) 555-0142 and card ending 4242-4242-4242-4242. SSN is 123-45-6789.
pre_call · presidio
what the LLM sees
masked · 4 entities
Hey — please update my profile. My email is [EMAIL_ADDRESS], phone [PHONE_NUMBER] and card ending [CREDIT_CARD]. SSN is [SSN].
full lifecycle
01
pre_call
mask · validate · block
02
LLM call
provider routes here
03
post_call
scan · detect · redact
04
response
delivered clean
during_call runs in parallel with step 02 — zero latency impact logging_only runs offline before data reaches storage
Decision guide

Which mode do you need?

A guardrail can run in one or more modes. Pick based on whether you need to block or just observe.

Mode Timing Blocks? Latency Best for
pre_call
Before the LLM call yes · synchronous +20–50ms PII masking · prompt-injection blocking · compliance gates
post_call
After the LLM responds yes · synchronous +30–80ms Output validation · hallucinated PII scan · toxic-content detection
during_call
Parallel to the LLM call no · async 0ms Background threat monitoring · anomaly alerts · audit telemetry
logging_only
Before data hits storage no · async 0ms Log redaction · analytics PII scrub · chargeback compliance
Catalog

Pre-built guardrails, grouped by what they protect.

Plug any item into any execution mode. Mix and match — most teams run 2–3 in production.

PII & Data Protection

2
Presidio
available
by Microsoft
~35ms

Detect and mask personally identifiable information — open-source, self-hosted, OSS MIT.

PERSONEMAILPHONECREDIT_CARDSSNIP_ADDRESS
Microsoft Purview
planned
by Microsoft
~80ms

Enterprise data-loss prevention. Surfaces protected content based on your tenant's sensitivity labels.

CONFIDENTIALHIGHLY_CONFIDENTIALPIIPHI

Prompt Security

2
Lakera Guard
coming soon
by Lakera AI
~40ms

Real-time detection of prompt injection, jailbreaks, and data leakage. Purpose-built for LLM threats.

Prompt InjectionJailbreakData Leakage
Robust Intelligence
planned
by Robust Intelligence
~60ms

Fine-tuned classifiers for adversarial inputs, supply-chain attacks, and known-bad prompt patterns.

AdversarialKnown-BadAnomalous

Content Moderation

2
OpenAI Moderation
coming soon
by OpenAI
~90ms

OpenAI's moderation API for content policy violations across standard safety categories.

HateViolenceSelf-HarmSexualHarassment
Perspective API
planned
by Jigsaw / Google
~120ms

Toxicity scoring across ~20 languages. Useful for moderation and trust & safety workflows.

ToxicitySevere ToxicityInsultThreat

Enterprise Policy

2
Aporia
coming soon
by Aporia
~70ms

ML security and compliance platform. Hallucination detection, bias scoring, org policy enforcement.

HallucinationBiasPolicyCompliance
WhyLabs
planned
by WhyLabs
~50ms

Behavioral drift detection and prompt-output profiling. Flags when traffic looks off-spec.

DriftAnomalyProfile
Configuration

A few lines of YAML. No code.

Enable guardrails by adding them to your config.yaml. Same guardrail, multiple modes — no duplication.

yaml
guardrails:
  enabled: true
  guardrails:
    # Pre-call: Mask PII before it reaches the model
    - guardrail_name: "presidio-pii"
      provider: "presidio"
      mode: ["pre_call", "logging_only"]
      enabled: true
      config:
        analyzer_url: "http://presidio-analyzer:3000"
        entities: [PERSON, EMAIL_ADDRESS, PHONE_NUMBER, CREDIT_CARD, SSN]
        threshold: 0.7
        mask_pii: true

    # Post-call: Scan model output for leaked PII
    - guardrail_name: "presidio-response-scan"
      provider: "presidio"
      mode: ["post_call"]
      enabled: true
      config:
        threshold: 0.8
Build your own

Bring your own guardrail.

Have an internal compliance service, a custom ML classifier, or a niche third-party provider? Implement a simple HTTP interface and pLLM plugs it into the same pipeline as the built-ins.

Single HTTP endpoint
POST /check → { action, entities }
Any mode
Pre-call, post-call, during-call, logging-only
Same telemetry
Prometheus metrics and audit trail included
Custom connector guide

Keep exploring

All platform pillars

MCP Gateway

Registry, lifecycle & per-tool policy

Registry

Agents, skills & prompts as artifacts

Governance

AD-group policies & audit

Routing

Latency-aware routing & failover