In the world of growing AI popularity, we are increasingly building our own agents, chatbots, and automations. However, as they develop, a key question arises: how do we protect user data?
One of the most important mechanisms worth implementing are the so-called guardrails.
What are guardrails in AI?
Guardrails are a set of security mechanisms that control data entering an AI system.
Their main goals are:
- filtering unwanted content,
- protecting sensitive data (GDPR),
- ensuring regulatory compliance (e.g. GDPR),
- increasing user safety.
Why are guardrails so important?
The fundamental problem in AI systems is the possibility of processing personal data, known as PII (Personally Identifiable Information).
This is data that allows a specific person to be identified, for example:
- full name,
- email address,
- phone number,
- national ID number,
- home address.
Without proper safeguards, such information can reach the AI model, which:
- violates privacy,
- can lead to data leaks,
- is non-compliant with legal regulations.
How do guardrails work in practice?
Guardrails are placed between the user input (e.g. a chat) and our AI agent.
The flow looks like this:
- The user types a message
- The message goes to the guardrails module
- The data is analyzed and filtered
- Only the "sanitized" version reaches the AI
Two types of guardrails
In practice, we encounter two main approaches:
1. Validation mode
- the system only detects sensitive data,
- notifies us of its presence,
- does not modify the content.
2. Sanitization mode
- automatically removes or masks the data,
- e.g. replaces a phone number with ***,
- allows data to be safely passed further down the pipeline.
In most cases, sanitization is the best choice, as it works automatically and minimizes the risk of human error.
How to implement guardrails in your agent?
The implementation process is relatively straightforward:
- Add the guardrails module to your workflow
- Connect it between the user input and the AI
- Point it to the text field (e.g. chat input)
- Choose the protection type – e.g. Personal Data Information
- Set the operating mode (recommended: sanitized text)
This way, every message will pass through the filter before reaching the model.
Best practices
For guardrails to work effectively:
✅ always filter user input
✅ use automatic sanitization
✅ test various scenarios (e.g. entries containing a phone number)
✅ update your rules as the system evolves
❌ don't assume users "won't enter anything sensitive"
Sample test texts for Guardrails (used in the video)
Example 1
User contact details: Full name: John Wick Email address: john@wick.com
Sample bank account number (fictional, for testing): PL12 3456 7890 1234 5678 9012 3456
Sample credit card number (fictional, for testing): 4111 1111 1111 1111 Expiry date: 12/30 CVV: 123
Example 2
User contact details: Full name: Jan Kowalski Email address: piotr@sikora.com
Sample bank account number (fictional, for testing): PL12345678901234567890123456
Sample credit card number (fictional, for testing): 4111 1111 1111 1111 Expiry date: 12/30 CVV: 123
Summary
Guardrails are not an add-on – they are the foundation of a secure AI system.
If you are building chatbots or agents, by using them you:
- protect your users,
- secure your project,
- operate in compliance with regulations.
In practice, one well-configured safeguard can save you from serious problems.
Comments