Guardrails

Guardrails are software components — operating before, during, or after LLM inference — that validate inputs and outputs against defined safety, quality, or policy criteria. Input guardrails screen user requests for harmful intent, prompt injection attempts, sensitive data exposure, or out-of-scope queries before they reach the model. Output guardrails evaluate model responses for hallucinations, toxic content, policy violations, or format errors before delivery to the end user. Together they provide a controllable safety layer that operates independently of the model's own internal alignment training.

Common guardrail implementations span a range of complexity: rule-based filters (regex patterns, keyword blocklists), lightweight classifier models specialized for toxicity or policy violation detection (e.g., Meta Llama Guard, Microsoft Azure Content Safety, Google's safety filters), LLM-as-judge pipelines that use a second model to evaluate outputs, and structured output parsers that enforce schema compliance and type safety. Dedicated orchestration frameworks such as Guardrails AI and NVIDIA NeMo Guardrails combine multiple check types into configurable pipelines.

Guardrails are especially critical in agentic systems where models can take real-world actions — sending emails, querying databases, executing code. In these contexts, guardrails often include permission checks, rate limits, and action confirmation gates in addition to content filters. A common production design pairs lightweight, low-latency input guardrails (fast keyword or classifier checks, under 50ms) with asynchronous output guardrails (LLM-as-judge) for post-delivery monitoring and compliance logging. Enterprise deployments require documented guardrail policies for legal liability and regulatory compliance sign-off.