Guardrails

Guardrails are a separate layer from the model itself. The model handles the interesting work; the guardrails decide whether to let a request reach the model and whether to let a response reach the user. Implementations range from simple regex blocklists to dedicated classifier models running in parallel with the main LLM. Common guardrail systems in 2026 include NVIDIA NeMo Guardrails (programmable rails defined in Colang), Llama Guard (Meta's open-weight content classifier), AWS Bedrock Guardrails, and Azure AI Content Safety. Anthropic's Constitutional AI bakes some guardrail-like principles directly into the base model, but most production stacks still wrap a separate filter on top. Open-source options like Guardrails AI and NeMo handle structural validation (JSON schema enforcement, PII redaction) too. The trade-off is the standard precision/recall one. Tight guardrails block more attacks but also block legitimate requests, frustrating users and breaking flows. Loose guardrails let attacks through. Most teams end up with layered defense: cheap regex first, then a small classifier, then the main model with its own alignment training, then output filtering. Don't rely on the base model's safety training alone for high-stakes apps — that's a single point of failure.