Inline defenses that inspect prompts, responses, and context in real time — prompt injection defense, content safety, and policy enforcement.
28 solutions listed • part of the Guardion AI Security Index
GuardionAI builds its own guard models and publishes the benchmarks — the numbers below come from the public guard models guide. Independent alternatives are listed right after this section.
Guard models are natively trained on 8 languages (English, Spanish, Italian, Portuguese, Russian, Chinese, Hindi, Arabic) extended to 100+ languages, and evaluated across 1,000+ languages — including historical and dead languages — with graceful post-training decay.
Precision 0.98 • FPR 0.02
Recall 0.99 • aligned with the NVIDIA Aegis (Nemotron) content-safety taxonomy
Precision 1.00 • FPR 0.004
PII groups
Person name · Contact · Address · Government ID · Payment · Digital ID · Company
Secrets
AWS access & secret keys · GitHub tokens · Google API keys · Slack tokens · Stripe keys · Private keys & JWTs · npm tokens · Seed phrases · Generic API keys, secrets & passwords
Policy engine decisions return in under 130ms — 20× faster than cloud provider guardrails. Benchmarks: sensitivity L1–L4, methodology in the docs.
Request a demoA focused runtime security layer protecting against prompt injection, PII leakage, and hallucinations via API. Acquired by Check Point in late 2025 (~$300M reported); Lakera Guard and Lakera Red remain live products and anchor Check Point's Center of Excellence for AI Security.
A set of LLM safeguards designed to detect violating content across multiple use cases. Model-based guardrail.
Secures the entire lifecycle of Generative AI, protecting employees from risky AI use and developers from insecure model integrations. Acquired by SentinelOne in September 2025 (~$250M reported) and integrated into the Singularity platform for prompt injection, data leakage, and shadow AI protection.
Robust Intelligence pioneered the AI firewall and automated model assessment. Acquired by Cisco in 2024, its technology now ships as Cisco AI Defense — runtime protection, model validation, and AI visibility integrated with the Cisco security stack.
Microsoft's cloud service for detecting harmful content, with Prompt Shields as its real-time API for blocking jailbreaks and indirect prompt injection from documents. By 2026 it also spans groundedness detection, protected-material detection, and a task-adherence API for agent tool misuse, feeding runtime signals into Microsoft Defender for AI.
Comprehensive open-source toolkit to fortify LLM security, offering sanitization, detection, and prevention of attacks. Originally by Laiyer.ai, now maintained under Protect AI.
Google Cloud's GA service for screening LLM prompts and responses for prompt injection, jailbreaks, harmful content, malicious URLs, and sensitive data leakage. Model-agnostic (works with Gemini, OpenAI, Anthropic, Llama over REST) and integrated with Apigee, Vertex AI, Agent Gateway, and Security Command Center, with org-wide floor settings for baseline enforcement.
AWS lets teams attach six configurable safeguard policies — content filters, denied topics, word filters, PII redaction, contextual grounding, and Automated Reasoning checks — to model calls. Automated Reasoning uses formal logic to validate outputs against policies, and the standalone ApplyGuardrail API extends coverage to third-party and self-hosted models; cross-account safeguards went GA in 2026.
Security and orchestration platform allowing enterprises to safely use public and private LLMs with rigorous policy enforcement. Acquired by F5 in September 2025 ($180M); its inference-layer guardrails are integrated into F5's Application Delivery and Security Platform.
Multi-layered defense against prompt injection attacks using heuristics, vector DBs, and LLM analysis.
API-based security services for AI applications, led by AI Guard (prompt injection and data-leak filtering) and AI Detection & Response for visibility into enterprise AI usage. CrowdStrike agreed to acquire Pangea for $260M in September 2025; by 2026 its technology anchors CrowdStrike's Falcon AIDR while the developer APIs continue to operate.
Meta's open-source (MIT) guardrail framework within the Purple Llama project, orchestrating layered scanners across chat and multi-step agent workflows: PromptGuard 2 (lightweight injection classifier), AlignmentCheck (chain-of-thought auditing for goal hijacking), CodeShield (static analysis of generated code), and custom regex scanners.
Observability and guardrails platform that ensures AI reliability by detecting hallucinations and enforcing policies in real-time. Acquired by Coralogix in late 2024 and offered as Coralogix AI observability.
End-to-end platform for automated security testing, runtime protection, and governance controls (Probe & Guard).
Extends Cloudflare's WAF to inspect LLM prompts inline at the edge, discovering LLM endpoints and flagging prompt injection, PII in prompts, and unsafe topics that can drive WAF rules. Pairs with AI Gateway Guardrails, which run moderation models on Workers AI to flag or block prompts and responses across providers; the WAF detections are an Enterprise add-on as of 2026.
Founded in 2024 by professors Bo Li, Dawn Song, Sanmi Koyejo, and Carlos Guestrin, Virtue AI offers VirtueRed (continuous algorithmic red teaming, 600+ attack vectors) and VirtueGuard (real-time multimodal guardrails), plus AgentSuite for agentic systems including MCP Guard. Raised $30M in combined seed and Series A in April 2025.
IBM's family of Apache 2.0 guardrail models that judge prompts and responses of any LLM for jailbreaks, harmful content, social bias, RAG groundedness failures, and agentic risks like function-calling hallucination. The 4.x generation shipped in 2026 aligned to IBM's AI Risk Atlas; the models rank near the top of the GuardBench leaderboard and power guardrails inside watsonx.governance.
Detects prompt injections and other LLM attacks. Can be used as a library or proxy.
End-to-end AI security platform offering AI Firewall, Usage Control, Agentic AI Security, and Automated Red Teaming for LLMs and Computer Vision.
Protects enterprises from novel threats like indirect prompt injection and data exfiltration.
Provides '3D Runtime Defense' for modern stacks, protecting AI models and APIs in real-time without requiring code instrumentation.
An open-source guard agent for AI agent runtime security, spanning personal to enterprise use. Promotes the AI-RSMS standard.
Unified AI security layer providing visibility and guardrails across the organization.
Provides a control layer to govern, secure, and monitor the use of LLMs within the enterprise, ensuring data privacy and compliance.
Provides runtime guardrails for RAG, LLMs, and AI agents, enforcing safety and privacy policies.
Scans outbound response traffic in real time for undesirable content and confidential data at layer 4.
A toolkit for adding programmable guardrails to LLM-based conversational systems.
A Python library for validating structures and data from Large Language Models. Excellent for ensuring JSON output.