Back to glossary

Term

Guardrails

Guardrails are protective layers around a language model that inspect inputs and outputs to catch unwanted behaviour — off-topic answers, PII leaks, unsafe actions.

Guardrails — explained in more detail

Unlike the safety rules trained into the model itself, guardrails are external layers that a developer team builds around the LLM call. They run before the model (input filters: PII detection, prompt-injection detection, topic allowlists), alongside it (tool allowlists, rate limits), or after it (output classifiers, JSON validation, toxicity filters). The idea: whatever the base model cannot guarantee gets handled by deterministic logic on top.

Example / Practical context

A support bot should only answer product questions. One guardrail classifies the user question and rejects anything off-topic before the model is even called. A second guardrail scans the response for credit-card numbers or email addresses and redacts them. Frameworks such as NeMo Guardrails, Guardrails AI, or Llama Guard provide building blocks for this; often plain regex and classifier logic is enough.

System prompts are instructions inside the model context and can be ignored or bypassed by the model — guardrails are deterministic code outside the model. Constitutional AI pushes the protection back into the training process itself. The approaches complement each other: guardrails catch what the model lets slip through.

Entdecke mehr

Themenuebersicht