User guideAI GatewayGuardrails
AI Gateway

Guardrails

Configure PII detection and content filtering rules to protect AI requests.

Overview

Guardrails scan every AI request before it reaches the LLM provider. They catch personal data (PII detection) and prohibited content (content filter). Rules apply globally to all endpoints. Scanning runs within your gateway infrastructure (the AI Gateway FastAPI service); no data leaves your network for scanning.

PII detection

PII detection identifies personal data in user messages using pattern recognition and natural language processing. Supported entity types include:

Entity typeExampleCoverage
Email addressjohn@example.comAll standard formats
Phone number+1 555-123-4567US, international
Credit card4111-1111-1111-1111Visa, Mastercard, Amex
Person nameJohn SmithEnglish names (NLP-based)
IBANDE89370400440532013000All countries
Turkish TCKN1234567890111-digit national ID
EU phone+33 1 42 68 53 00FR, DE, UK, TR, and more
US SSN123-45-6789Standard format
IP address192.168.1.1IPv4
LocationBerlin, GermanyCities, countries (NLP-based)
Date/timeMarch 14, 2026Common date formats
NRPCatholic, RepublicanNationality, religion, politics
Medical licenseDEA# AB1234567US medical license numbers

Creating a PII rule

  1. On the Guardrails page, click "Add PII rule"
  2. Enter a rule name (e.g., "Block credit cards")
  3. Select the entity type to detect
  4. Choose an action: Block (reject the request) or Mask (replace with a placeholder)
  5. Click "Add rule"
Masking on input
When you choose "Mask" for input scanning, the detected personal data is replaced with a placeholder (e.g., "<EMAIL_ADDRESS>") before sending to the LLM. The model receives the modified text, so the response may be less relevant. Consider using "Block" for input scanning instead.

Content filter

Content filters block or mask specific keywords and patterns in user messages. Two match types are available:

  • Keyword: Exact word matching with word boundaries. "kill" matches "kill" but not "skilled". Multi-word phrases use substring matching.
  • Regex: Custom regular expressions for format-based detection. Useful for internal project codes (e.g., "PROJECT-\d{6}"), employee IDs, API keys, or internal URLs.

Creating a content filter rule

  1. Click "Add filter rule"
  2. Enter a rule name (e.g., "Block competitor names")
  3. Select the match type: Keyword or Regex
  4. Enter the keyword or regex pattern
  5. Choose an action: Block or Mask
  6. Click "Add rule"
Regex validation
Regex patterns are validated when you save the rule. Invalid patterns are rejected with an error message. Patterns are compiled once and cached for performance.

Block vs mask

ActionBehaviorBest for
BlockRejects the request immediately with HTTP 422. The LLM never sees the message.Sensitive data that must never leave your network (credit cards, SSNs, confidential terms)
MaskReplaces matched text with a placeholder and forwards the modified message to the LLM.Data that can be redacted without breaking the request (names, emails in output)

Testing guardrails

Click "Test guardrails" at the top of the page to open the test modal. Paste sample text and click "Run test" to see what your active rules would catch, without sending anything to an LLM. The test shows:

  • Whether the text would be blocked
  • Each detection with the matched text and entity type
  • A masked preview showing what the LLM would receive
  • Execution time in milliseconds

Enabling and disabling rules

Each rule has a toggle switch. Disabled rules aren't evaluated during request processing. You can temporarily disable a rule without deleting it, which is handy when investigating false positives.

Change history

Every change to a guardrail rule (name, action, config, toggle) is recorded in the change history. The same applies to endpoint changes. This audit trail tracks who changed what and when, supporting ISO 42001 Clause 10 (improvement) requirements.

Compliance mapping

Guardrails map to these compliance requirements:

  • EU AI Act Art. 9: Guardrails are risk mitigation measures that identify and control risks per request.
  • EU AI Act Art. 10: PII scanning blocks personal data before it reaches the model (data minimization).
  • EU AI Act Art. 12: Every detection is logged with timestamp, entity type, action, and matched text.
  • ISO 42001 A.2: Guardrail rules are AI policies that are enforced, not just documented.

Related articles

Settings

Configure error behavior, replacement text, and log retention for guardrails.

Analytics

View blocked and masked request counts in the guardrails activity section.

Logs

Inspect individual requests that were blocked or masked by guardrail rules.

Endpoints

Guardrail rules apply globally to all endpoints listed here.

PreviousPlayground
NextGateway settings
Guardrails - AI Gateway - VerifyWise User Guide