The Autoridade Nacional de Proteção de Dados (ANPD) has officially released the final results for its pioneering AI Regulatory Sandbox. We are thrilled to announce that Metatext Inteligência Artificial Ltda.—the company behind GuardionAI—has been selected in first place, achieving the highest score (17.24) among all applicants.
This selection marks a watershed moment for AI governance in Brazil. The sandbox initiative, which will run through December 2026, focuses on the intersection of artificial intelligence, algorithmic transparency, and personal data protection under the Lei Geral de Proteção de Dados (LGPD).
In this post, we will break down what the ANPD sandbox entails, why securing autonomous AI agents requires a fundamental shift in architecture, and how GuardionAI's network-level security gateway provides the exact observability and redaction capabilities needed to satisfy these emerging regulatory requirements.
Understanding the ANPD AI Regulatory Sandbox
The ANPD Regulatory Sandbox is a controlled experimental environment that allows selected organizations to test innovative AI technologies under the direct supervision of Brazil's data protection authority.
As artificial intelligence rapidly evolves—moving from simple chatbots to autonomous agents utilizing the Model Context Protocol (MCP) to access production databases and APIs—regulators face a complex challenge: how to foster technological innovation without compromising the privacy rights guaranteed by the LGPD.
The sandbox is structured into several critical phases:
- Leveling and Training: Ensuring all participants have a unified understanding of AI ethics, data protection laws, and experimental regulatory frameworks.
- Practical Testing: Deploying and evaluating AI systems in supervised environments to measure their impact and compliance.
- Continuous Evaluation: Generating comprehensive reports and extracting lessons learned to inform future public policy and regulatory guidelines in Brazil and potentially worldwide.
For GuardionAI, this initiative is the perfect environment to demonstrate how infrastructure-level security can solve the most pressing compliance challenges associated with enterprise AI adoption.
The Technical Challenge of AI Compliance
When organizations deploy AI agents, they quickly realize that existing security tools—such as legacy Data Loss Prevention (DLP) systems, Web Application Firewalls (WAF), and traditional SIEMs—are fundamentally blind to AI-specific workflows.
An AI agent often operates autonomously, making decisions, fetching data via custom tools or MCPs, and generating dynamic prompts based on context. If an agent is granted access to a customer database to resolve support tickets, how do you guarantee it won't accidentally leak a customer's CPF (Brazilian taxpayer registry), financial records, or credentials in its output?
Traditional middleware SDKs or application-level libraries are insufficient because they require constant code changes and are easily bypassed by determined attackers or rogue agents. Moreover, evaluating compliance requires observing the full execution path of an agent, which is often a black box. You need a system that can intercept, inspect, and enforce policies on every single AI request and response without degrading performance or introducing massive latency bottlenecks.
GuardionAI: The Agent and MCP Security Gateway
To meet the stringent transparency and data protection requirements championed by the ANPD, organizations need a robust enforcement mechanism. GuardionAI was built precisely for this purpose.
GuardionAI is not a middleware SDK or a code package you install within your application. It is an AI Security Gateway—a drop-in network proxy that sits directly between your AI agents (or MCP servers) and the LLM providers (like OpenAI, Anthropic, or Gemini). Engineered by former Apple Siri runtime security engineers, it provides sub-millisecond AI security and observability without requiring code changes.
By routing all AI traffic through the GuardionAI Gateway, enterprises gain four critical layers of protection that align perfectly with LGPD principles and the sandbox's goals:
- Observe (Agent Action Tracing): Every tool call, data access request, and autonomous decision is captured and traced in real-time. This eliminates the "black box" problem, providing the exact algorithmic transparency regulators demand.
- Protect (Rogue Agent Prevention): The gateway detects prompt injection, unauthorized API calls, and capability drift the moment they happen, protecting the agent against malicious inputs before they can execute.
- Redact (Automatic PII & Secrets Redaction): Before any data leaves the enterprise perimeter to reach an external LLM, GuardionAI automatically strips SSNs, CPFs, API keys, and other sensitive credentials from the payloads.
- Enforce (Adaptive Guardrails): Organizations can apply both prompt-based and behavior-based guardrails tailored to their specific risk appetite and compliance mandates.
Concrete Example: Enforcing PII Redaction at the Network Layer
To understand how this addresses the ANPD's focus on data protection, let's look at a concrete technical scenario.
Imagine an internal HR assistant agent built using LangChain. An employee asks the agent to summarize the performance review of a colleague. The agent retrieves the document via an MCP tool, but the document inadvertently contains the colleague's CPF and home address.
Without a security gateway, this sensitive PII would be sent directly to the LLM provider in the prompt, creating a severe LGPD violation and exposing the company to massive fines and reputational damage.
With GuardionAI acting as the network proxy, the traffic is intercepted at the perimeter. The gateway's ultra-fast redaction engine scans the payload.
Here is a simplified view of how the gateway processes the raw JSON payload in real-time:
// 1. Intercepted outbound payload from the Agent
{
"model": "gpt-4o",
"messages": [
{
"role": "system",
"content": "You are an HR assistant. Summarize the following document."
},
{
"role": "user",
"content": "Employee: João Silva, CPF: 123.456.789-00, Address: Rua das Flores, 123. Performance: Excellent."
}
]
}
The gateway identifies the sensitive Brazilian CPF and address, applying the configured redaction policy before the request ever leaves your network:
// 2. GuardionAI Gateway applies the PII Redaction Guardrail
// 3. Mutated payload sent to the LLM Provider
{
"model": "gpt-4o",
"messages": [
{
"role": "system",
"content": "You are an HR assistant. Summarize the following document."
},
{
"role": "user",
"content": "Employee: João Silva, CPF: [REDACTED_CPF], Address: [REDACTED_ADDRESS]. Performance: Excellent."
}
]
}
This entire inspection and mutation process happens with a P99 latency overhead of under 20 milliseconds. The LLM provider never sees the sensitive data, the LGPD requirements are completely satisfied, and the application requires zero code changes to implement this control. Furthermore, the original event is securely logged and can be exported to the organization's SIEM for compliance audit purposes.
Protecting Against the OWASP LLM Top 10
The ANPD sandbox isn't just about privacy; it is about the broader security and reliability of AI systems. GuardionAI provides protection against 10 critical threat categories mapped directly to the OWASP LLM Top 10 and OWASP Agentic AI frameworks.
Whether defending against Prompt Injection (where attackers manipulate the model's instructions) or MCP Tool Poisoning (where a compromised data source forces the agent to execute malicious actions), GuardionAI enforces a true zero-trust architecture. Because all traffic must pass through the encrypted gateway, security teams have a centralized choke point to govern AI behavior across the entire enterprise ecosystem.
This level of control ensures that AI agents operate safely within defined boundaries, drastically reducing the risk of unauthorized access, off-topic drift, or malicious code execution.
Looking Ahead: Shaping the Future of AI Regulation
Being selected in first place for the ANPD AI Regulatory Sandbox is a tremendous honor and a profound validation of our architectural approach to AI security. Over the next two years, we look forward to working closely with the ANPD, industry peers, and the broader cybersecurity community.
Our participation will focus on demonstrating how network-level security proxies can provide the definitive technical solution for AI compliance and risk management. We will share our findings, contribute to the development of robust AI governance frameworks in Brazil, and help prove that technological innovation and strict data protection can go hand-in-hand when the right infrastructure is in place.
As AI agents continue to handle increasingly sensitive tasks and integrate deeper into critical business operations, relying on implicit trust is no longer sufficient. You need verifiable, enforceable controls in the execution path. GuardionAI is proud to lead this effort, providing unified security for AI agents and MCPs.