Enterprise capability

Enterprise Guardrails

Block prompt injection, PII, and secrets before they hit the model

Enterprise Guardrails sit in the request path between your application and the LLM. Every prompt is screened for prompt injection attempts, jailbreak patterns, sensitive PII (PHI, financial data, identifiers), API keys, AWS credentials, and policy-violating content. Detections are configurable — block hard, redact, or pass-through with an audit annotation. Rules are managed centrally by your security team and inherited by every project. When something is blocked, the event lands in Enterprise Audit Logs with the matched rule, redaction diff, and original payload (encrypted, accessible only to authorized reviewers).

Why teams turn it on

Prompt injection + jailbreak detection

Pretrained detectors flag the well-known attack patterns; custom regex/semantic rules cover your edge cases.

PII + secrets redaction

Detect and redact PHI, financial data, government IDs, AWS keys, GitHub tokens, JWTs, and 40+ other classes before they leave your perimeter.

Three enforcement modes

Per-rule: block, redact-and-forward, or pass-through-with-flag. Tune false-positive tolerance per project.

Centrally managed, project-scoped

Your security team owns the rule set at the org level; project owners can opt in to stricter rules, never weaker ones.

How it works

From decision to deployed in three short steps

  1. 01

    Pick your baseline

    Start with a curated baseline — Healthcare, Finance, Engineering, or Custom — and override individual rules.

  2. 02

    Tune per project

    Enable stricter detection for high-risk projects (customer-facing, regulated data) without slowing down internal tools.

  3. 03

    Monitor + iterate

    Every detection lands in [[audit-logs]]. Review false positives, tune thresholds, and ship updates without code changes.

Real-world use cases

Why customers actually adopt this

01

PHI protection for healthcare

Auto-redact patient identifiers and clinical data before any request reaches a non-BAA model.

02

Source-code secret scanning

Catch AWS keys and database URLs in code-assist prompts before they're logged anywhere downstream.

03

Customer support chatbot hardening

Block prompt-injection attempts disguised as customer messages and audit every detection for tuning.

Frequently asked

Does this add latency to every request?
Detection runs in parallel with provider routing and typically adds 8–18ms p50. Heavy semantic checks can be opted-in per-project.
Can guardrails be bypassed?
No — they run server-side at the gateway, not in your SDK. There's no client-side toggle. Even an org owner enabling pass-through mode creates an audit-log entry.

More enterprise capabilities

The rest of the enterprise stack

Organization-Wide Analytics

Cost, requests, and tokens totaled across every project, with breakdowns by model, project, API key, and member. Built on pre-aggregated rollups, so any date range stays fast.

Per-Member Budgets & Developer Role

Per-member spend caps enforced at request time, org-wide default developer limits, and a project-scoped Developer role. An over-budget request is rejected before it ever reaches a provider.

Enterprise Audit Logs

Tamper-evident audit trails for SOC 2, HIPAA, ISO 27001, and internal investigations. Every config change, key rotation, and admin action — captured, attributed, exportable.

Per-Project Routing Overrides

Override global routing rules at the project level — region, provider order, fallback chain, and cost ceilings. Production stays pinned; experimental teams stay flexible.

Discord & Slack Alerts

Native webhook integrations for Discord and Slack. Get the enterprise contact-sales form, billing events, guardrail trips, and SLA breaches in the channels your team already monitors.

Single Sign-On (SAML / OIDC)

SAML 2.0 and OIDC SSO with SCIM provisioning, group-based role mapping, and enforced-only access. No local credentials, no shared passkeys, no off-boarding gaps.

White-Label Chat & Playground

Embed or stand up a fully white-labeled chat app and playground under your own domain. Customize branding, default models, system prompts, and feature toggles.

Provider Compliance Policies

Define the certifications and data policies your providers must meet — SOC 2, ISO 27001, GDPR, no prompt training, no prompt logging — and the gateway refuses to route to anything that doesn't qualify.

See enterprise guardrails on your real workloads

Bring a sample workload to a 30-minute call. We'll wire it up live and show you the actual experience your team will get.