Introduction: The Growing Need for AI Security
Large Language Models (LLMs) are rapidly becoming integral to production applications across industries. From customer service chatbots to automated content generation systems, these models handle sensitive data and make autonomous decisions at scale. However, this widespread adoption brings significant security challenges. LLM applications remain vulnerable to sophisticated attacks including prompt injection, jailbreaking, and data leakage that can compromise both system integrity and user privacy.
OpenGuardrails addresses these challenges as a developer-first, open-source AI security platform built specifically for protecting LLM applications. Released under the permissive Apache 2.0 license with growing community adoption (80+ GitHub stars), it represents a comprehensive approach to AI application security.
The platform distinguishes itself through several key capabilities:
- Works with any LLM provider including OpenAI, Anthropic, Claude, and custom models
- Supports multi-cloud deployments across AWS Bedrock, Azure OpenAI, and GCP Vertex AI
- Integrates seamlessly with popular agentic frameworks such as LangChain, LangGraph, CrewAI, and AutoGen
- Provides flexible deployment options from cloud-hosted to fully self-hosted solutions
- Offers production-ready monitoring and management through comprehensive dashboard
Whether building simple chatbot applications or complex multi-agent systems, OpenGuardrails provides the security infrastructure needed for enterprise-grade AI deployments.
What is OpenGuardrails?
OpenGuardrails is a production-ready security platform designed to detect and prevent threats in AI-powered applications. Unlike simple content filters, it provides context-aware protection across three critical dimensions:
Three Pillars of Protection
-
Security Protection
- Jailbreak attack detection
- Prompt injection prevention
- Malicious instruction filtering
-
Compliance Protection
- Toxic content detection (insults, profanity, hate speech)
- Political sensitivity screening
- Illegal content blocking
-
Data Security
- PII detection and desensitization (SSN, credit cards, emails)
- Chinese national ID and phone number protection
- Automated data masking
Key Features That Set OpenGuardrails Apart
Multi-LLM and Multi-Cloud Support
OpenGuardrails is model-agnostic and works with:
- OpenAI (GPT-4, GPT-3.5, etc.)
- Anthropic (Claude models)
- Open-source models (Llama, Mistral, etc.)
- Custom LLMs (your own fine-tuned models)
- Cloud platforms: AWS Bedrock, Azure OpenAI, GCP Vertex AI
- On-premise deployments: Self-hosted models
This flexibility means you're never locked into a single provider. Switch between models while maintaining consistent security.
Context-Aware Multi-Turn Detection
Unlike traditional static filters, OpenGuardrails understands conversation context. It can detect sophisticated attacks that span multiple interactions - where an attacker gradually builds up to a malicious goal across several messages.
# Example: Multi-turn conversation analysis
{
"messages": [
{"role": "user", "content": "Tell me about security systems"},
{"role": "assistant", "content": "I can help explain security concepts..."},
{"role": "user", "content": "How would one bypass such systems?"}
],
"enable_security": true
}
OpenGuardrails will analyze the entire conversation thread to detect emerging threats.
Three Flexible Integration Modes
OpenGuardrails offers three deployment modes to fit different architectures:
1. Security Gateway Mode (Transparent Proxy)
The easiest way to get started - replace your OpenAI API endpoint with OpenGuardrails' proxy:
from openai import OpenAI
client = OpenAI(
api_key="sk-xxai-your-api-key",
base_url="https://api.openguardrails.com/proxy/v1"
)
# Your existing code works without changes!
response = client.chat.completions.create(
model="gpt-4",
messages=[{"role": "user", "content": "Hello"}]
)
Security is automatic - no code changes required.
2. API Call Mode (Active Detection)
For more control, call the detection API directly:
import requests
response = requests.post(
"https://api.openguardrails.com/v1/guardrails",
headers={"Authorization": "Bearer sk-xxai-your-api-key"},
json={
"model": "OpenGuardrails-Text",
"messages": [{"role": "user", "content": "User input to check"}],
"enable_security": True,
"enable_compliance": True,
"enable_data_security": True
}
)
result = response.json()
if result["action"] == "pass":
# Safe to proceed
call_your_llm()
elif result["action"] == "block":
# Threat detected - use safe response
return result["response"]
3. Self-Hosted Deployment
For enterprises requiring complete data sovereignty:
# Clone and deploy locally
git clone https://github.com/openguardrails/openguardrails.git
cd openguardrails
./scripts/setup.sh
Perfect for sensitive industries like healthcare, finance, and government.
Open-Source Model: OpenGuardrails-Text
At the heart of the platform is OpenGuardrails-Text-2510, a 3.3B parameter model that achieves SOTA (state-of-the-art) performance:
- 119 languages supported
- Open-sourced on HuggingFace
- Specialized for safety detection
- Low latency (~100ms response time)
This means you're not relying on black-box APIs - you can inspect, audit, and even fine-tune the model for your specific needs.
Production-Ready Architecture
OpenGuardrails uses a three-service architecture optimized for different workloads:
┌──────────────────┐
│ Admin Service │ Port 5000 - Web UI & Management (2 workers)
└────────┬─────────┘
│
┌────────┴─────────┐
│ Detection Service│ Port 5001 - High-concurrency API (32 workers)
└────────┬─────────┘
│
┌────────┴─────────┐
│ Proxy Service │ Port 5002 - OpenAI-compatible gateway (24 workers)
└──────────────────┘
This separation ensures that high-volume detection requests don't impact your management interface.
Multi-Language SDK Support
OpenGuardrails provides official SDKs for:
- Python - Perfect for data science and ML workflows
- Node.js/TypeScript - For web applications and serverless
- Java - Enterprise applications
- Go - High-performance microservices
This makes integration straightforward regardless of your tech stack.
Real-World Use Cases
1. Customer Service Chatbots
Challenge: A customer service bot shouldn't respond to attempts to extract training data or discuss unrelated topics.
Solution: Deploy OpenGuardrails proxy to automatically filter:
- Off-topic conversations
- Data extraction attempts
- Jailbreak attempts ("Ignore previous instructions...")
# Before: Vulnerable to attacks
response = openai.chat.completions.create(...)
# After: Protected automatically
client = OpenAI(base_url="https://api.openguardrails.com/proxy/v1")
response = client.chat.completions.create(...) # Same code, now protected
2. Content Generation Platforms
Challenge: User-generated prompts might try to create illegal, toxic, or branded content.
Solution: Use API mode to pre-screen prompts:
# Check user prompt before generation
check_result = openguardrails.check(user_prompt)
if check_result.action == "block":
return "This prompt violates our content policy"
# Safe to generate
generated_content = your_llm.generate(user_prompt)
# Also check output before publishing
output_check = openguardrails.check(generated_content)
3. Enterprise RAG (Retrieval-Augmented Generation) Systems
Challenge: Prevent prompt injection through uploaded documents or retrieved context.
Solution: Check both user queries and retrieved documents:
# 1. Check user query
query_check = openguardrails.check(user_query)
if query_check.action == "block":
return safe_response
# 2. Retrieve documents
docs = vector_db.search(user_query)
# 3. Check retrieved content
for doc in docs:
doc_check = openguardrails.check(doc.content)
if doc_check.action == "block":
docs.remove(doc)
# 4. Generate with clean context
response = llm.generate(query=user_query, context=docs)
4. n8n Workflow Automation
Bonus: OpenGuardrails has a dedicated n8n community node for no-code integration:
# Install in n8n
n8n-nodes-openguardrails
Create workflows like:
- Webhook → OpenGuardrails Check → ChatGPT → Response
- Email Received → Content Moderation → Auto-Reply
- Form Submission → PII Detection → Database Storage
Using OpenGuardrails with Different LLM Providers
OpenGuardrails is truly provider-agnostic. Here's how to use it with various LLM providers:
With OpenAI
from openai import OpenAI
# Method 1: Via proxy (automatic protection)
client = OpenAI(
api_key="sk-xxai-your-guardrails-key",
base_url="https://api.openguardrails.com/proxy/v1"
)
response = client.chat.completions.create(
model="gpt-4",
messages=[{"role": "user", "content": "Your query"}]
)
With Anthropic Claude
import anthropic
from openguardrails import OpenGuardrails
guardrails = OpenGuardrails(api_key="sk-xxai-your-key")
claude = anthropic.Anthropic(api_key="your-anthropic-key")
# Check input
user_message = "User query here"
check = guardrails.check(messages=[{"role": "user", "content": user_message}])
if check.action == "pass":
# Safe to call Claude
response = claude.messages.create(
model="claude-3-opus-20240229",
messages=[{"role": "user", "content": user_message}]
)
# Check output
output_check = guardrails.check(
messages=[{"role": "assistant", "content": response.content[0].text}]
)
if output_check.action == "pass":
print(response.content[0].text)
else:
print(output_check.response) # Safe response
else:
print(check.response) # Blocked with safe response
With AWS Bedrock
import boto3
from openguardrails import OpenGuardrails
guardrails = OpenGuardrails(api_key="sk-xxai-your-key")
bedrock = boto3.client('bedrock-runtime', region_name='us-east-1')
def secure_bedrock_call(prompt, model_id="anthropic.claude-v2"):
# Input check
check = guardrails.check(messages=[{"role": "user", "content": prompt}])
if check.action == "block":
return check.response
# Call Bedrock
response = bedrock.invoke_model(
modelId=model_id,
body=json.dumps({"prompt": prompt, "max_tokens": 500})
)
result = json.loads(response['body'].read())
# Output check
output_check = guardrails.check(
messages=[{"role": "assistant", "content": result['completion']}]
)
return result['completion'] if output_check.action == "pass" else output_check.response
# Use it
response = secure_bedrock_call("Your prompt here")
With Azure OpenAI
from openai import AzureOpenAI
from openguardrails import OpenGuardrails
guardrails = OpenGuardrails(api_key="sk-xxai-your-key")
client = AzureOpenAI(
api_key="your-azure-key",
api_version="2024-02-01",
azure_endpoint="https://your-resource.openai.azure.com"
)
def secure_azure_call(messages):
# Check all user messages
for msg in messages:
if msg["role"] == "user":
check = guardrails.check(messages=[msg])
if check.action == "block":
return check.response
# Call Azure OpenAI
response = client.chat.completions.create(
model="gpt-4",
messages=messages
)
# Check output
output = response.choices[0].message.content
output_check = guardrails.check(
messages=[{"role": "assistant", "content": output}]
)
return output if output_check.action == "pass" else output_check.response
With Open-Source Models (Ollama/Local)
import requests
from openguardrails import OpenGuardrails
guardrails = OpenGuardrails(api_key="sk-xxai-your-key")
def secure_local_llm_call(prompt, model="llama2"):
# Input check
check = guardrails.check(messages=[{"role": "user", "content": prompt}])
if check.action == "block":
return check.response
# Call local model (e.g., via Ollama)
response = requests.post('http://localhost:11434/api/generate', json={
"model": model,
"prompt": prompt
})
output = response.json()['response']
# Output check
output_check = guardrails.check(
messages=[{"role": "assistant", "content": output}]
)
return output if output_check.action == "pass" else output_check.response
# Use with Llama, Mistral, or any local model
response = secure_local_llm_call("Your prompt", model="mistral")
With Google Gemini
import google.generativeai as genai
from openguardrails import OpenGuardrails
guardrails = OpenGuardrails(api_key="sk-xxai-your-key")
genai.configure(api_key="your-google-api-key")
def secure_gemini_call(prompt):
# Input check
check = guardrails.check(messages=[{"role": "user", "content": prompt}])
if check.action == "block":
return check.response
# Call Gemini
model = genai.GenerativeModel('gemini-pro')
response = model.generate_content(prompt)
# Output check
output_check = guardrails.check(
messages=[{"role": "assistant", "content": response.text}]
)
return response.text if output_check.action == "pass" else output_check.response
Universal Pattern for Any LLM
from openguardrails import OpenGuardrails
class SecureLLMWrapper:
"""Universal wrapper for any LLM provider"""
def __init__(self, llm_client, guardrails_api_key):
self.llm = llm_client
self.guardrails = OpenGuardrails(api_key=guardrails_api_key)
def generate(self, prompt, **kwargs):
# 1. Check input
input_check = self.guardrails.check(
messages=[{"role": "user", "content": prompt}]
)
if input_check.action == "block":
return input_check.response
# 2. Call your LLM (adapt this to your provider's API)
output = self.llm.generate(prompt, **kwargs)
# 3. Check output
output_check = self.guardrails.check(
messages=[{"role": "assistant", "content": output}]
)
return output if output_check.action == "pass" else output_check.response
# Use with any LLM
secure_llm = SecureLLMWrapper(your_llm_client, "sk-xxai-your-key")
response = secure_llm.generate("User prompt")
Integration with Agentic Frameworks
One of OpenGuardrails' strongest features is its compatibility with modern AI agent frameworks. Whether you're building with LangChain, LangGraph, CrewAI, or AutoGen, OpenGuardrails can secure your agentic workflows.
LangChain Integration
LangChain is the most popular framework for building LLM applications. Integrate OpenGuardrails in two ways:
Method 1: Using the Proxy (Easiest)
from langchain_openai import ChatOpenAI
from langchain.chains import ConversationChain
# Simply point to OpenGuardrails proxy
llm = ChatOpenAI(
model="gpt-4",
openai_api_key="sk-xxai-your-key",
openai_api_base="https://api.openguardrails.com/proxy/v1"
)
# All LangChain features work normally with automatic security
chain = ConversationChain(llm=llm)
response = chain.run("Your user input")
Method 2: Custom Callback Handler (More Control)
from langchain.callbacks.base import BaseCallbackHandler
from openguardrails import OpenGuardrails
class OpenGuardrailsCallback(BaseCallbackHandler):
def __init__(self):
self.client = OpenGuardrails(api_key="sk-xxai-your-key")
def on_llm_start(self, serialized, prompts, **kwargs):
"""Check inputs before sending to LLM"""
for prompt in prompts:
result = self.client.check(messages=[
{"role": "user", "content": prompt}
])
if result.action == "block":
raise ValueError(f"Security violation: {result.reason}")
def on_llm_end(self, response, **kwargs):
"""Check outputs before returning to user"""
for generation in response.generations:
for gen in generation:
result = self.client.check(messages=[
{"role": "assistant", "content": gen.text}
])
if result.action == "block":
gen.text = result.response # Replace with safe response
# Use with any LangChain chain
from langchain.chains import LLMChain
chain = LLMChain(
llm=llm,
callbacks=[OpenGuardrailsCallback()]
)
LangGraph Integration
LangGraph enables building stateful, multi-agent workflows. Add guardrails as nodes in your graph:
from langgraph.graph import StateGraph, END
from openguardrails import OpenGuardrails
guardrails = OpenGuardrails(api_key="sk-xxai-your-key")
def input_guard(state):
"""Guard node for input validation"""
result = guardrails.check(
messages=[{"role": "user", "content": state["user_input"]}]
)
if result.action == "block":
return {"output": result.response, "blocked": True}
return {"input_validated": True, "blocked": False}
def call_llm(state):
"""Your LLM call"""
if state.get("blocked"):
return state
# ... your LLM logic
return {"llm_output": response}
def output_guard(state):
"""Guard node for output validation"""
if state.get("blocked"):
return state
result = guardrails.check(
messages=[{"role": "assistant", "content": state["llm_output"]}]
)
if result.action == "block":
return {"output": result.response}
return {"output": state["llm_output"]}
# Build the graph
workflow = StateGraph()
workflow.add_node("input_guard", input_guard)
workflow.add_node("llm", call_llm)
workflow.add_node("output_guard", output_guard)
workflow.set_entry_point("input_guard")
workflow.add_edge("input_guard", "llm")
workflow.add_edge("llm", "output_guard")
workflow.add_edge("output_guard", END)
app = workflow.compile()
CrewAI Integration
CrewAI enables building teams of AI agents. Secure agent-to-agent communication:
from crewai import Agent, Task, Crew
from openguardrails import OpenGuardrails
guardrails = OpenGuardrails(api_key="sk-xxai-your-key")
class SecureAgent(Agent):
def execute_task(self, task):
# Check task before execution
check = guardrails.check(
messages=[{"role": "user", "content": task.description}]
)
if check.action == "block":
return check.response
# Execute normally
result = super().execute_task(task)
# Check output
output_check = guardrails.check(
messages=[{"role": "assistant", "content": result}]
)
if output_check.action == "block":
return output_check.response
return result
# Use secure agents in your crew
researcher = SecureAgent(
role="Researcher",
goal="Research information safely",
backstory="You research topics while respecting safety guidelines"
)
crew = Crew(
agents=[researcher],
tasks=[task1, task2]
)
AutoGen Integration
Microsoft's AutoGen enables multi-agent conversations:
import autogen
from openguardrails import OpenGuardrails
guardrails = OpenGuardrails(api_key="sk-xxai-your-key")
# Create a custom message filter
def message_filter(sender, message, recipient, silent):
"""Filter messages through OpenGuardrails"""
check = guardrails.check(
messages=[{"role": "user", "content": message}]
)
if check.action == "block":
return check.response
return message
# Configure agents with filter
config_list = [{
"model": "gpt-4",
"api_key": "your-openai-key",
}]
user_proxy = autogen.UserProxyAgent(
name="user",
message_filter=message_filter
)
assistant = autogen.AssistantAgent(
name="assistant",
llm_config={"config_list": config_list},
message_filter=message_filter
)
General Pattern for Any Framework
If your framework isn't listed, follow this pattern:
from openguardrails import OpenGuardrails
guardrails = OpenGuardrails(api_key="sk-xxai-your-key")
def secure_wrapper(your_llm_function):
"""Wrap any LLM function with guardrails"""
def wrapper(input_text, *args, **kwargs):
# 1. Check input
input_check = guardrails.check(
messages=[{"role": "user", "content": input_text}]
)
if input_check.action == "block":
return input_check.response
# 2. Call your LLM
output = your_llm_function(input_text, *args, **kwargs)
# 3. Check output
output_check = guardrails.check(
messages=[{"role": "assistant", "content": output}]
)
if output_check.action == "block":
return output_check.response
return output
return wrapper
# Use with any LLM call
@secure_wrapper
def my_agent_function(prompt):
# Your existing code
return llm.generate(prompt)
Framework Compatibility Matrix
| Framework | Proxy Mode | API Mode | Custom Integration | Status |
|---|---|---|---|---|
| LangChain | ✅ Full support | ✅ Full support | ✅ Callback handlers | Production-ready |
| LangGraph | ✅ Full support | ✅ Full support | ✅ Guard nodes | Production-ready |
| CrewAI | ⚠️ Via base_url | ✅ Full support | ✅ Agent wrappers | Community-tested |
| AutoGen | ⚠️ Via config | ✅ Full support | ✅ Message filters | Community-tested |
| Haystack | ⚠️ Via base_url | ✅ Full support | ✅ Custom nodes | Community-tested |
| Semantic Kernel | ✅ Full support | ✅ Full support | ✅ Filters | Community-tested |
| Custom agents | ✅ Full support | ✅ Full support | ✅ SDK wrappers | Production-ready |
Legend:
- ✅ Full support - Official or well-documented integration
- ⚠️ Via base_url/config - Works by changing API endpoint
- 🔧 Requires custom - Need to implement wrapper
How Does It Compare to Alternatives?
| Feature | OpenGuardrails | Lakera Guard | NVIDIA NeMo Guardrails | LLM Guard |
|---|---|---|---|---|
| Open Source | ✅ Apache 2.0 | ❌ Proprietary | ✅ Apache 2.0 | ✅ MIT |
| Self-Hosted | ✅ Full control | ❌ Cloud only | ✅ Yes | ✅ Yes |
| Cloud API | ✅ Available | ✅ Primary | ❌ No | ❌ No |
| Multi-LLM Support | ✅ OpenAI, Anthropic, custom | ⚠️ Major providers | ✅ Any LLM | ⚠️ Limited |
| Multi-Cloud | ✅ AWS, Azure, GCP | ❌ No | ✅ Yes | ❌ No |
| OpenAI Proxy Mode | ✅ Drop-in replacement | ❌ No | ❌ No | ❌ No |
| Multi-turn Context | ✅ Yes | ✅ Yes | ⚠️ Limited | ❌ No |
| Multi-language | ✅ 119 languages | ⚠️ Major languages | ⚠️ Major languages | ✅ Many |
| PII Detection | ✅ Built-in | ✅ Yes | ❌ Manual config | ✅ Built-in |
| LangChain Integration | ✅ Full support | ⚠️ Manual | ✅ Full support | ⚠️ Manual |
| Agentic Frameworks | ✅ LangGraph, CrewAI, AutoGen | ⚠️ Limited | ✅ LangChain/Graph | ❌ No |
| n8n Integration | ✅ Community node | ❌ No | ❌ No | ❌ No |
| Web Dashboard | ✅ Full UI | ✅ Yes | ❌ No | ❌ No |
| Model Size | 3.3B params | Undisclosed | Configurable | Various |
| Response Time | ~100ms | ~200ms | Varies | Varies |
| SDKs | Python, Node.js, Java, Go | Python, JS | Python | Python |
Why Choose OpenGuardrails?
Choose OpenGuardrails if you:
- Need both cloud and self-hosted options
- Want a drop-in OpenAI proxy replacement
- Use multiple LLM providers (OpenAI, Anthropic, custom models)
- Building with agentic frameworks (LangChain, LangGraph, CrewAI, AutoGen)
- Require multi-language support (especially Asian languages - 119 languages)
- Need a production-ready UI for monitoring
- Want an open-source model you can audit/fine-tune
- Are building n8n workflows or automation
- Need multi-cloud support (AWS, Azure, GCP)
- Want SDKs in multiple languages (Python, Node.js, Java, Go)
Consider alternatives if you:
- Need only basic content filtering (LLM Guard is simpler)
- Want highly customizable rule-based guards (NeMo Guardrails)
- Prefer a pure SaaS solution (Lakera Guard)
- Have a very simple use case without multi-turn conversations
Getting Started: 5-Minute Setup
Option 1: Cloud API (Fastest)
# 1. Sign up at https://openguardrails.com
# 2. Get your API key
# 3. Install the SDK
pip install openguardrails-sdk
# 4. Start protecting
from openguardrails import OpenGuardrails
client = OpenGuardrails(api_key="sk-xxai-your-key")
result = client.check(
messages=[{"role": "user", "content": "Your user input"}],
enable_all=True # Enable all protections
)
if result.action == "pass":
# Safe to proceed
pass
else:
# Use the safe response
print(result.response)
Option 2: Self-Hosted (Full Control)
# 1. Clone the repository
git clone https://github.com/openguardrails/openguardrails.git
cd openguardrails
# 2. Run setup script
./scripts/setup.sh
# 3. Configure environment
cp .env.example .env
# Edit .env with your settings
# 4. Start services
docker-compose up -d
# 5. Access dashboard
open http://localhost:5000
Advanced Features
Custom Blacklist/Whitelist
# Add domain-specific rules
client.blacklist.add(
pattern="internal project codename",
category="confidential",
action="block"
)
client.whitelist.add(
pattern="public product name",
category="allowed_terms"
)
Custom Response Templates
# Configure brand-appropriate responses
client.templates.create(
name="polite_block",
content="I'm here to help with product questions. Could you rephrase your request?",
categories=["off_topic", "jailbreak"]
)
Webhook Notifications
# Get real-time alerts on threats
client.webhooks.create(
url="https://your-domain.com/security-alerts",
events=["jailbreak_detected", "high_risk_prompt"],
severity_threshold="high"
)
Performance Considerations
Based on community reports and documentation:
- Latency: ~100ms added per request
- Throughput: 32 concurrent workers for detection service
- Scalability: Horizontal scaling supported via load balancer
- Caching: Results cached for identical inputs (configurable TTL)
For high-traffic applications:
# Use async for better performance
import asyncio
from openguardrails import AsyncOpenGuardrails
client = AsyncOpenGuardrails(api_key="sk-xxai-your-key")
async def check_multiple(prompts):
tasks = [client.check(p) for p in prompts]
return await asyncio.gather(*tasks)
# Process 100 prompts in parallel
results = await check_multiple(user_prompts)
Enterprise Features
For production deployments, OpenGuardrails offers:
Model Fine-Tuning Services
- Industry-specific customization (finance, healthcare, legal)
- Scenario optimization for your use cases
- Continuous improvement based on your data
Enterprise Support
- 24/7 professional technical support
- 99.9% SLA guarantee
- Private deployment consultation
Custom Development
- Custom API interfaces
- White-label UI customization
- Deep integration services
Contact: thomas@openguardrails.com
The Open-Source Advantage
Being open-source under Apache 2.0 means:
- Transparency: Audit the entire codebase and model
- No Vendor Lock-in: Self-host anywhere, anytime
- Community-Driven: 70+ commits, active development
- Customizable: Fork and modify for your needs
- Cost-Effective: Free for self-hosting, fair pricing for cloud
The project is actively maintained with regular updates (see changelog).
Security Best Practices
When deploying OpenGuardrails:
1. Layer Your Defenses
# Don't rely on a single check
user_check = check_input(user_prompt)
context_check = check_input(retrieved_context)
output_check = check_output(llm_response)
2. Configure Appropriate Thresholds
# Adjust sensitivity based on your use case
client.configure(
security_threshold=0.7, # Higher = more strict
compliance_threshold=0.8,
data_security_threshold=0.9 # Most strict for PII
)
3. Monitor and Iterate
# Use the dashboard to track:
# - False positive rates
# - Attack patterns
# - Performance metrics
# Adjust rules based on real data
4. Combine with Other Security Measures
- Rate limiting on your API
- Authentication and authorization
- Input length limits
- Output sanitization
Limitations and Considerations
Like any security tool, OpenGuardrails isn't perfect:
- False Positives: May occasionally flag benign content
- Latency: Adds ~100ms to each request
- Adversarial Evolution: Attackers constantly develop new techniques
- Language Coverage: While supporting 119 languages, accuracy varies
- Context Window: Multi-turn detection has practical limits
Mitigation:
- Use the whitelist for known false positives
- Implement caching for repeated inputs
- Keep the model updated (check for new versions)
- Combine with other security measures
Conclusion: Building Safer AI Applications
As LLMs become more powerful and ubiquitous, security can no longer be an afterthought. OpenGuardrails provides a production-ready, developer-friendly solution that makes AI security accessible to teams of any size.
Key Takeaways
- Open-source with a permissive Apache 2.0 license
- Multiple deployment options including cloud, self-hosted, and proxy modes
- Multi-LLM support works with OpenAI, Anthropic, Claude, and custom models
- Multi-cloud compatible across AWS Bedrock, Azure OpenAI, and GCP Vertex AI
- Agentic framework ready with native LangChain, LangGraph, CrewAI, and AutoGen integration
- Context-aware protection across security, compliance, and data privacy dimensions
- Production-ready with optimized architecture and comprehensive monitoring
- Multi-language SDKs available for Python, Node.js, Java, and Go
- Active development with enterprise support available
Getting Started
- Try the cloud API: Sign up at openguardrails.com
- Star the repo: github.com/openguardrails/openguardrails
- Read the docs: Full API reference and guides available
- Join the community: Connect with other users and contributors
Resources
Disclaimer: This blog post is based on publicly available information from the OpenGuardrails GitHub repository, official website, and web research conducted in November 2024. OpenGuardrails supports multiple LLM providers (OpenAI, Anthropic, custom models) and can be integrated with popular agentic frameworks like LangChain, LangGraph, CrewAI, and AutoGen through its flexible API and SDKs. Always test thoroughly in your specific use case before production deployment.
Citation
@misc{openguardrails,
title={OpenGuardrails: An Open-Source Context-Aware AI Guardrails Platform},
author={Thomas Wang and Haowen Li},
year={2025},
url={https://arxiv.org/abs/2510.19169},
}
Top comments (0)