Detection and redaction of PII, secrets, and sensitive records in AI prompts, responses, and tool calls before data leaves the organization. For banks, the stakes are concrete: AI systems handle account numbers, IBANs, card data, KYC documents, and transaction histories.
LGPD applies to AI data use; the PL 2338/2023 AI bill advances a risk-based framework. Guardrails deployed in Brazil must also work in Portuguese, not just English.
Frameworks to satisfy: DORA (EU) · PCI DSS · Basel/EBA model-risk guidance
LGPD applies to AI data use; the PL 2338/2023 AI bill advances a risk-based framework.
Language coverage matters: primary business language — Portuguese. Ask vendors for measured accuracy per language, not a supported-language list.
Safeguards and guard models are configured for the use case — and updated or fine-tuned for your domain when needed.
Every command, tool call, and data access is observable in one place — across models, frameworks, and MCP servers.
Policies apply inline as agents act — block, redact, or require approval before the action executes, not after.
A preserved audit trail of every agent action — evidence you can hand to auditors, regulators, and incident responders.
PII and secrets detected and redacted in tool-call payloads and MCP traffic before data leaves your org.
GuardionAI builds its own guard models and publishes the benchmarks — the numbers below come from the public guard models guide. Independent alternatives are listed right after this section.
Guard models are natively trained on 8 languages (English, Spanish, Italian, Portuguese, Russian, Chinese, Hindi, Arabic) — including Portuguese — extended to 100+ languages, and evaluated across 1,000+ languages — including historical and dead languages — with graceful post-training decay.
Precision 0.98 • FPR 0.02
Recall 0.99 • aligned with the NVIDIA Aegis (Nemotron) content-safety taxonomy
Precision 1.00 • FPR 0.004
PII groups
Person name · Contact · Address · Government ID · Payment · Digital ID · Company
Secrets
AWS access & secret keys · GitHub tokens · Google API keys · Slack tokens · Stripe keys · Private keys & JWTs · npm tokens · Seed phrases · Generic API keys, secrets & passwords
Policy engine decisions return in under 130ms — 20× faster than cloud provider guardrails. Benchmarks: sensitivity L1–L4, methodology in the docs.
Request a demoIndependently listed from the Runtime Guardrails & AI Firewall category of the index — each with its own analysis page.
Google Cloud's GA service for screening LLM prompts and responses for prompt injection, jailbreaks, harmful content, malicious URLs, and sensitive data leakage. Model-agnostic (works with Gemini, OpenAI, Anthropic, Llama over REST) and integrated with Apigee, Vertex AI, Agent Gateway, and Security Command Center, with org-wide floor settings for baseline enforcement.
For banks: check Google Cloud Model Armor's coverage of DORA (EU) and PCI DSS requirements and its handling of account numbers before committing.
AWS lets teams attach six configurable safeguard policies — content filters, denied topics, word filters, PII redaction, contextual grounding, and Automated Reasoning checks — to model calls. Automated Reasoning uses formal logic to validate outputs against policies, and the standalone ApplyGuardrail API extends coverage to third-party and self-hosted models; cross-account safeguards went GA in 2026.
For banks: check Amazon Bedrock Guardrails's coverage of DORA (EU) and PCI DSS requirements and its handling of account numbers before committing.
API-based security services for AI applications, led by AI Guard (prompt injection and data-leak filtering) and AI Detection & Response for visibility into enterprise AI usage. CrowdStrike agreed to acquire Pangea for $260M in September 2025; by 2026 its technology anchors CrowdStrike's Falcon AIDR while the developer APIs continue to operate.
For banks: check Pangea (CrowdStrike)'s coverage of DORA (EU) and PCI DSS requirements and its handling of account numbers before committing.
GuardionAI covers the full ai data loss prevention stack (prompt defense F1 0.95, moderation F1 0.98, PII/DLP F1 0.97), and strong alternatives include Google Cloud Model Armor, Amazon Bedrock Guardrails, Pangea (CrowdStrike) — compared in detail on this page.
Detection and redaction of PII, secrets, and sensitive records in AI prompts, responses, and tool calls before data leaves the organization.
Banks route account numbers, IBANs, card data, KYC documents, and transaction histories through AI systems, so the top risks are prompt-injection-driven fraud in customer chat; PII and account-data leakage to model providers; unauthorized agent actions on core banking systems. Relevant frameworks: DORA (EU), PCI DSS, Basel/EBA model-risk guidance.
LGPD applies to AI data use; the PL 2338/2023 AI bill advances a risk-based framework. Banks additionally answer to DORA (EU), PCI DSS, Basel/EBA model-risk guidance.
Yes — Guardion's guard models are natively trained on Portuguese (one of 8 training languages), extended to 100+ languages, and evaluated across 1,000+ languages — including historical and dead languages — with graceful post-training decay. Verify language coverage explicitly when evaluating any vendor.
Published benchmarks report precision/recall/F1 and false-positive rate per model family. Guardion publishes its methodology and per-sensitivity results (L1–L4) in the guard models guide: https://guardion.ai/docs/guides/guard-models.