AI Guardrails in Enterprise: Ensuring Safe Innovation

PII Detection and Transformation Guardrails

TrueFoundry’s PII guardrails automatically identify and handle personally identifiable information in both incoming prompts and outgoing responses, protecting sensitive data from exposure. By configuring input_guardrails and output_guardrails with type pii, you can choose to either validate or transform detected entities based on your compliance needs.

Supported PII Types

The guardrail engine recognizes a comprehensive set of PII categories, including but not limited to email addresses, phone numbers, social security numbers, credit card details, physical addresses, and government-issued identifiers (passports, driver’s licenses, tax IDs). TrueFoundry also supports regional variants such as UK NHS numbers, Indian Aadhaar ID, and Australian TFNs, ensuring broad coverage across global deployments.

Configuration Options

Within each PII guardrail rule, the options block specifies which entity types to target. 

input_guardrails:
  - type: pii
    action: transform
    options:
      entity_types:
        - email
        - phone
        - ssn

Setting action: transform replaces detected entities with anonymized placeholders before they reach the model. Alternatively, action: validate will reject requests containing disallowed PII, returning an error instead of forwarding the prompt.

Benefits of Transformation

• Privacy Assurance: Users’ personal data is never stored or processed in clear text, reducing the risk of data breaches.
  
• Regulatory Compliance: Automatic redaction helps meet GDPR, HIPAA, and other privacy regulations without manual intervention.
  
• Auditability: Each redaction is logged, providing a clear record of which requests were modified and why.

By leveraging PII guardrails, enterprises can confidently deploy LLMs in customer-facing applications, internal analytics, and collaborative workflows, knowing that sensitive information is consistently detected and handled according to policy.

Topic Filtering Guardrails for Content Compliance

Topic filtering guardrails enforce semantic rules that prevent an AI from discussing disallowed subjects. By inspecting both incoming prompts and outgoing responses against a configurable list of banned topics, enterprises can ensure every interaction stays within defined content boundaries, protecting brand reputation and maintaining regulatory compliance.

You decide which subject areas to block. Common use cases include:

• Medical advice
• Legal counsel
• Profanity
• Hate speech
• Violence
• Sensitive political or financial guidance
  

Configuration Options

Under each topic's guardrail, you specify two main parameters in the options block:

• denied_topics: an array of topic strings you want to disallow.
  
• Threshold: a float between 0.0 and 1.0 that sets classifier sensitivity. A higher value means only highly relevant content is flagged; a lower value casts a wider net to catch borderline mentions.
  

Example Configuration

input_guardrails:
  - type: topics
    action: validate
    options:
      threshold: 0.75
      denied_topics:
        - medical advice
        - profanity

output_guardrails:
  - type: topics
    action: validate
    options:
      threshold: 0.85
      denied_topics:
        - medical advice
        - profanity

Benefits

• Fail-Fast Protection: Requests or responses that cross the threshold are immediately blocked, preventing any disallowed content from reaching users.
  
• Centralized Governance: Apply consistent topic policies across all LLM deployments without modifying application code.
  
• Customizable Sensitivity: Fine-tune thresholds to balance false positives versus false negatives based on risk profiles.
  
• Auditability: Every block event is logged, creating a clear trail for audits, compliance reviews, and policy tuning.
  

By embedding topic filters at the gateway layer, TrueFoundry makes it easy to enforce strict content standards while preserving a seamless user experience.

Word Filtering Guardrails for Custom Blocklists

TrueFoundry’s word filtering guardrails give you precise control over every word or phrase that passes through your AI Gateway. By defining a custom blocklist, you can detect and handle proprietary terms, profanity, or any sensitive language both before it reaches the model and after it’s generated. This ensures that your LLM-driven applications never expose unauthorized terminology or slip into off-brand language.

Under each word_filter guardrail, you specify the word_list, case_sensitive, whole_words_only, and replacement options to tailor filtering behavior. The word_list is an array of terms or phrases you want to detect. Setting case_sensitive: false makes matching ignore letter case, while whole_words_only: true ensures only standalone words are flagged, avoiding unintended matches inside longer words. The replacement field defines the placeholder text, for example “[REMOVED]”, used when action: transform is selected. Alternatively, choosing action: validate will reject any request containing blocklisted words, returning an error instead of forwarding content to the model.

Here is a sample configuration that applies word filtering to both inputs and outputs, targeting GPT-4 deployments with a proprietary term blocklist:

name: word-filter-guardrails
type: word-filter-guardrails-config
guardrails_service_url: https://word-filter-service.company.com
rules:
  - id: block-proprietary-terms
    when:
      models:
        - openai/gpt-4
    input_guardrails:
      - type: word_filter
        action: transform
        options:
          word_list:
            - "secretProject"
            - "betaFeature"
          case_sensitive: false
          whole_words_only: true
          replacement: "[REMOVED]"
    output_guardrails:
      - type: word_filter
        action: transform
        options:
          word_list:
            - "secretProject"
            - "betaFeature"
          case_sensitive: false
          whole_words_only: true
          replacement: "[REMOVED]"

Every time a word filter fires, TrueFoundry logs the event with details on which rule triggered, the original and transformed text, and the user or service context. These audit logs help security and compliance teams review incidents, tune blocklists and demonstrate adherence to internal policies or industry regulations. Centralizing word filtering at the gateway means developers never have to litter application code with ad hoc checks; your policies live in one place, are easy to update, and apply consistently across all LLM workloads.

Best Practices for Crafting Effective Guardrails

Guardrails work best when they align closely with your organization’s risk profile and use cases. Start by clearly defining what you need to protect, whether it’s sensitive data, regulatory compliance, or brand voice, and map each requirement to specific guardrail types such as PII, topic, or word filters. Involve stakeholders from legal, compliance, and product teams early to ensure policies reflect real-world constraints and don’t inadvertently block critical workflows.

Next, keep your rules as focused as possible. Broad “deny everything” lists can lead to excessive false positives that frustrate users. Instead, group related policies into separate rules scoped by context, using the when block to target specific models, teams or metadata. For example, apply strict PII redaction only to customer-facing bots while allowing more narrative freedom in internal analytics assistants. This modular approach makes it easier to maintain and evolve your guardrails over time.

Threshold tuning is another key practice. Start with conservative sensitivity levels in non-critical environments to observe how often rules fire and adjust thresholds downward or upward based on real usage. Use the logs of each guardrail event to identify patterns of false positives or missed violations, then iterate on your settings. Automated test suites that inject known policy violations into prompts and expected responses can help validate rule coverage before pushing updates to production.

Documentation and observability are essential. Maintain a central repository of your guardrail configurations with clear descriptions of each rule’s purpose and scope. Ensure your logging captures which rule triggered, the matched content, and any transformations applied. Integrate these logs with your monitoring tools to alert when rule-firing rates spike unexpectedly, signaling potential misuse or changes in user behavior.

Finally, establish a feedback loop with users and developers. Provide mechanisms for end users or application teams to report over-blocking or missing policies. Regularly review feedback, usage metrics, and security audit findings to refine your guardrails. By blending clear objectives, targeted rules, iterative tuning, and strong observability, you’ll build a guardrail framework that protects your enterprise without hindering innovation.

Conclusion 

Guardrails transform powerful yet unpredictable LLMs into reliable, enterprise-grade services by enforcing clear, context-aware policies at every interaction. By defining concise input and output rules, such as masking sensitive PII, blocking disallowed topics, or filtering proprietary terms, you maintain data privacy, uphold brand voice, and meet regulatory requirements without touching application code. Modular rules scoped via the when block let you tailor enforcement per model, team, or workflow, while threshold tuning and robust logging ensure a balance between protection and usability. With TrueFoundry’s guardrails, you gain centralized control, continuous auditability, and the confidence to deploy AI at scale, knowing every request and response aligns with your governance standards.