AI Guardrails
Runtime controls that sit between an application and an AI model, validating inputs and outputs against safety, security, and compliance policies, and blocking or modifying anything that violates them.
Also known as: guardrails · AI safety controls · runtime guardrails · AI safety layer
What is AI Guardrails?
AI guardrails are runtime controls that sit between an application and an AI model, validating inputs and outputs against safety, security, and compliance policies. When a user query arrives, the input guardrail checks for prompt injection, PII leakage, jailbreak attempts, or off-topic content before the model sees it. When the model responds, the output guardrail checks for hallucination, policy violations, unsafe instructions, or compliance breaches before the response reaches the user. Guardrails produce audit trails for regulators and security teams, and they apply regardless of which foundation model the agent is using. In 2026 they are the standard production defense for any AI agent making consequential decisions or processing regulated data.
Christos Papadimitriou, theagency47 · Updated May 18, 2026Why guardrails matter
Foundation models like Claude and GPT have their own built-in safety training, but in production that is not enough. The model’s safety training is designed for general consumer use; your business has specific policies the model has never seen. A finance agent must refuse to give investment advice; a healthcare agent must refuse to diagnose; a sales agent must follow your discount-approval matrix. Guardrails are how those business policies become enforceable at runtime.
Guardrails also create the audit trail regulators expect. The EU AI Act, GDPR, and sector-specific regulations (financial services, healthcare) increasingly require demonstrable controls on AI decisions. A guardrail layer produces those records by design.
How theagency47 builds guardrails into agent deployments
Across Workforce Starter, Workforce Pro, and Enterprise engagements, every agent ships with at least three guardrails:
- Input guardrail. Filters incoming queries for prompt injection, PII the agent should not retain, and off-policy topics. Triggered guardrails route to an escalation rule.
- Output guardrail. Validates the agent’s draft response against policy before delivery, no investment advice, no medical diagnoses, no off-brand language, no hallucinated citations.
- Action guardrail. Wraps every tool call (especially destructive ones, delete, send, transfer, refund) in a policy check, with high-stakes actions requiring explicit human approval per bounded autonomy rules.
Enterprise builds add a fourth: a compliance log layer that records every guardrail decision (passed, blocked, modified, escalated) with timestamps and reasoning, retained for the duration agreed in the engagement DPA.
FAQ
Are guardrails the same as the model’s built-in safety?
No. The model’s built-in safety covers general harms (illegal activity, hate speech, dangerous instructions). Guardrails are your business’s specific policies and your industry’s specific regulations, they exist outside the model and apply regardless of which model is running underneath.
Can guardrails be bypassed?
A guardrail can be evaded by a sufficiently sophisticated prompt injection on its input layer. Defense in depth is the working posture: input guardrail, model safety training, output guardrail, action guardrail, audit log. Each layer raises the cost of a successful attack.
Do guardrails slow down the agent?
Slightly, usually 100-300ms per request for input + output checks. For most business workflows the latency is invisible. The trade-off is that without them, the agent is one prompt-injection away from a regulator complaint or a public-facing incident.
Related terms
Bounded Autonomy
The engineering pattern of giving an AI agent specific permissioned actions and explicit escalation rules, letting it act independently within tight, defined boundaries.
Escalation Rule
A configured condition that hands an agent task off to a human when the agent is uncertain, out of scope, or facing high-stakes input.
Prompt Injection
A class of attacks where malicious instructions are smuggled into an AI agent's input, causing it to ignore its system prompt and follow the attacker's directions instead.