[ WHAT ARE GUARDRAILS ]
Real-Time Validation for LLM Safety and Compliance
Rules decide what to check and when to check it. Profiles decide how to check it and which provider runs the check. Configure both once and apply them anywhere.
Two-Tier Architecture: Rules + Profiles
Rules: When to validate
Define validation logic using Common Expression Language (CEL). Rules specify whether to check inputs, outputs, or both, and can reference multiple profiles for defense-in-depth.
Example: Apply PII detection + content moderation to customer-facing endpoints
Profiles: How to validate
Configure external guardrail providers with credentials, thresholds, and detection parameters. Reusable profiles eliminate redundant configuration across rules.
Example: AWS Bedrock profile with high-sensitivity PII detection
[ SUPPORTED PROVIDERS ]
Enterprise-Grade Guardrail Providers
Bifrost integrates with leading guardrail providers, enabling defense-in-depth strategies and provider-specific capabilities for comprehensive protection.
AWS Bedrock Guardrails
Comprehensive protection with content filtering, PII detection, and image analysis
Key Capabilities
- 50+ PII entity types detected
- Prompt injection detection
- Image content analysis
- 13 AWS regions supported
Azure Content Safety
Severity-based filtering with multi-category detection and custom blocklists
Key Capabilities
- 4-level severity filtering
- Prompt Shield for jailbreaks
- Protected material detection
- Custom blocklists
GraySwan Cygnal
Natural language rule definition with continuous violation scoring
Key Capabilities
- No-code rule definition
- 0-1 violation scoring
- Mutation detection
- 3 reasoning modes
Patronus AI
LLM-specific risk detection with hallucination and toxicity screening
Key Capabilities
- Hallucination detection
- Context-aware evaluation
- Multi-turn analysis
- Toxicity screening
[ DETECTION CAPABILITIES ]
Comprehensive Protection Across Attack Vectors
From PII leakage to prompt injection attacks, Bifrost detects and prevents a wide range of security and compliance risks in real-time.
PII leakage prevention
Detect and redact 50+ types of sensitive information including SSNs, credit cards, addresses, medical records, and device identifiers before they reach or leave the model.
50+ PII typesContent safety filtering
Block or redact hate speech, sexual content, violence, self-harm, and profanity across inputs and outputs. Severity-based thresholds enable fine-grained control.
Multi-categoryPrompt injection defense
Protect against direct and indirect prompt attacks, jailbreaks, and mutation attempts. Multiple providers offer layered defense against evolving attack vectors.
Multi-layeredHallucination detection
Identify when models generate factually incorrect or unsupported information. Patronus AI provides context-aware evaluation for high-stakes applications.
Context-awareProtected material screening
Azure Content Safety detects copyrighted content and protected intellectual property in model outputs, helping organizations avoid legal exposure.
Copyright detectionCustom organizational policies
Define business-specific rules in natural language (GraySwan) or through configuration. Enforce brand safety, regulatory requirements, and internal compliance policies.
No-code rules[ IMPLEMENTATION ]
Three Steps to Production Guardrails
Configure providers, define rules, and attach to requests. Full validation in minutes.
Configure guardrail providers
Set up guardrail provider profiles through the dashboard or API. Configure credentials, detection thresholds, and category filters for each provider.
# Via dashboard: Guardrails > Providers
# Or via config.json
{
"guardrail_providers": [{
"id": "bedrock-prod",
"type": "aws_bedrock",
"region": "us-east-1",
"guardrail_id": "your-guardrail-id",
"version": "DRAFT"
}]
}Create validation rules
Define when and how to validate requests using CEL expressions. Rules can apply to specific routes, models, virtual keys, or user attributes.
# Via dashboard: Guardrails > Configuration
# Or via config.json
{
"guardrail_rules": [{
"id": "customer-safety",
"condition": "request.path.startsWith('/v1/chat')",
"input_profiles": ["bedrock-prod"],
"output_profiles": ["patronus-ai"],
"action": "BLOCK"
}]
}Attach to requests
Apply guardrails via request headers or inline configuration. Bifrost validates inputs before sending to the model and outputs before returning to the client.
curl https://your-gateway/v1/chat/completions \
-H "x-bf-guardrail-id: customer-safety" \
-H "Authorization: Bearer vk-..." \
-d '{
"model": "gpt-4",
"messages": [{"role": "user", "content": "..."}]
}'[ RESPONSE HANDLING ]
Validation Outcomes
Bifrost returns distinct HTTP status codes for pass, block, or warning responses with detailed violation metadata.
Pass
HTTP 200
Validation succeeded. Request processed normally with detailed guardrail metadata including processing times and rule results.
Block
HTTP 446
Violations detected and request blocked. Response includes violation details, severity levels, and affected content excerpts for audit trails.
Warning
HTTP 246
Violations detected but content modified (PII redacted) rather than blocked. Includes redaction counts and modification details.
[ ENTERPRISE FEATURES ]
Production-Grade Guardrail Controls
Advanced features for performance optimization, compliance, and operational flexibility.
Sampling control
Apply guardrails to a percentage of requests for performance optimization while maintaining statistical confidence.
Async processing
Choose synchronous or asynchronous validation modes. Async reduces latency for non-critical checks.
Defense-in-depth
Link multiple provider profiles to single rules for sequential validation and comprehensive protection.
Comprehensive logging
Detailed audit trails capture every validation with timestamps, results, and violation details for compliance.
Timeout configuration
Set maximum execution duration per rule to prevent guardrail latency from impacting user experience.
Multi-region support
Deploy guardrails across 13 AWS regions. Azure Content Safety profiles can target region-specific endpoints for data residency compliance.
[ USE CASES ]
Real-World Guardrail Deployments
Healthcare HIPAA compliance
Prevent PHI leakage in patient-facing chatbots. AWS Bedrock detects medical record numbers, health plan IDs, and clinical notes before they leave the model.
Financial PII protection
Block credit card numbers, SSNs, and account details in banking applications. Multi-provider validation ensures no sensitive data escapes detection.
Prompt injection defense
Protect against adversarial inputs attempting to override system instructions. GraySwan and Azure Prompt Shield detect mutation attempts and indirect attacks.
Content moderation for UGC
Filter user-generated content in social platforms. Severity-based thresholds allow nuanced handling of hate speech, violence, and sexual content.
Hallucination prevention
Validate factual accuracy in high-stakes applications like legal research or medical advice. Patronus AI detects unsupported claims and inconsistencies.
Brand safety enforcement
Define custom organizational policies in natural language. Ensure model outputs align with brand voice, values, and regulatory requirements.
[ COMPLIANCE FRAMEWORKS ]
Built for Regulatory Compliance
Bifrost Guardrails help organizations meet regulatory requirements with automated detection, redaction, and comprehensive audit trails.
SOC 2 Type II
Comprehensive audit trails and access controls for guardrail enforcement
GDPR
Personal data protection and right-to-erasure compliance
ISO 27001
Information security management and certification alignment
HIPAA
PHI detection and redaction for healthcare applications
[ BIFROST FEATURES ]
Open Source & Enterprise
Everything you need to run AI in production, from free open source to enterprise-grade features.
01 Governance
SAML support for SSO and Role-based access control and policy enforcement for team collaboration.
02 Adaptive Load Balancing
Automatically optimizes traffic distribution across provider keys and models based on real-time performance metrics.
03 Cluster Mode
High availability deployment with automatic failover and load balancing. Peer-to-peer clustering where every instance is equal.
04 Alerts
Real-time notifications for budget limits, failures, and performance issues on Email, Slack, PagerDuty, Teams, Webhook and more.
05 Log Exports
Export and analyze request logs, traces, and telemetry data from Bifrost with enterprise-grade data export capabilities for compliance, monitoring, and analytics.
06 Audit Logs
Comprehensive logging and audit trails for compliance and debugging.
07 Vault Support
Secure API key management with HashiCorp Vault, AWS Secrets Manager, Google Secret Manager, and Azure Key Vault integration.
08 VPC Deployment
Deploy Bifrost within your private cloud infrastructure with VPC isolation, custom networking, and enhanced security controls.
09 Guardrails
Automatically detect and block unsafe model outputs with real-time policy enforcement and content moderation across all agents.
[ SHIP RELIABLE AI ]
Try Bifrost Enterprise with a 14-day Free Trial
Drop-in replacement for any AI SDK
Change just one line of code. Works with OpenAI, Anthropic, Vercel AI SDK, LangChain, and more.
[ FREQUENTLY ASKED QUESTIONS ]
Common Questions
How do Bifrost Guardrails differ from provider-native safety features?
Bifrost aggregates multiple guardrail providers (AWS Bedrock, Azure, GraySwan, Patronus) into a unified interface with cross-provider rules. This enables defense-in-depth, provider failover, and centralized policy management across all LLM providers, not just the model provider you are using. Read more about Guardrails.
Do guardrails add latency to LLM requests?
Guardrails add 50-500ms depending on provider and validation complexity. Bifrost offers sampling (validate X% of requests), async processing (validate in background), and timeout controls to balance security and performance.
Can I use multiple guardrail providers for the same request?
Yes. Bifrost supports defense-in-depth by linking multiple provider profiles to a single rule. For example, use AWS Bedrock for PII detection + Azure for content moderation + Patronus for hallucination detection on the same request.
How are custom organizational policies defined?
GraySwan Cygnal allows natural language rule definition without code (e.g., "Block financial advice"). AWS Bedrock and Azure support custom blocklists and topic filters. All providers support CEL-based conditional logic for when rules apply.
Are guardrails required for all requests or can I selectively apply them?
Guardrails are optional and selective. Use CEL expressions to apply rules based on request path, model, virtual key, user attributes, or content. For example, only validate customer-facing endpoints while skipping internal testing traffic.