Skip to main content

Guardrails Examples and Best Practices

Explore practical examples of guardrails configurations and learn best practices for writing effective security rules.

Prerequisites

  • Understanding of basic guardrails (see "Configuring Custom Guardrails")

Estimated time: 10 minutes

1

Example: Preventing Data Leakage

Configure guardrails to prevent your AI from accidentally sharing sensitive internal information with users. **Post-Execution Guardrail Examples:** • Never share internal database schemas or table names • Do not reveal API endpoints or internal URLs • Redact any internal ticket or issue numbers • Never mention specific employee names or contact info

Step 1: Example: Preventing Data Leakage
Tip:

Data leakage prevention is critical for customer-facing agents.

2

Example: Competitive Intelligence Protection

Prevent users from extracting competitive information or comparing your products unfavorably to competitors. **Pre-Execution Guardrail Examples:** • Block requests asking to compare with competitor products • Flag requests asking about our competitive advantages • Reject requests for internal market research data

Step 2: Example: Competitive Intelligence Protection
3

Example: Role-Based Access Control

Use guardrails to enforce data access based on user roles. Customers should only see their own data, while staff may have broader access. **Pre-Execution Guardrail Examples:** • For customers: Block requests to view other users' orders • For customers: Reject requests to access admin functions • Flag any attempts to impersonate staff or admins

Step 3: Example: Role-Based Access Control
Tip:

Combine guardrails with your system instructions for comprehensive access control.

4

Best Practice: Be Specific

Write guardrails rules that are specific and actionable. Vague rules may not trigger when needed or may trigger false positives. **Good Examples:** • Block requests that mention "CompetitorX" or "RivalCorp" • Flag requests asking for "all users" or "everyone's data" **Avoid Vague Rules Like:** • "Block bad requests" (too vague) • "Don't share secrets" (not specific enough)

Step 4: Best Practice: Be Specific
Tip:

Good: "Block requests mentioning CompetitorX" | Bad: "Block competitor mentions"

5

Best Practice: Test Your Guardrails

After setting up guardrails, test them with example messages to ensure they work as expected. Check the audit logs to verify rules are triggering correctly.

Step 5: Best Practice: Test Your Guardrails
Tip:

Review your audit logs regularly to identify false positives or missed violations.