Five guardrails fire on every NemoRouter request from day one. PII redaction, prompt-injection detection, secret scanning, abuse blocking, response scanning — sub-50ms overhead, free on every tier, configurable per org/team/key.
Pre-call scan trigger
PII, injection, secrets, abuse, response
Runs in parallel with request prep
Active on every tier from day one
Org > Team > Key with override
The five built-ins ship configured for every new org — plus a custom webhook layer for domain-specific rules. Toggle any off, override per-request, or layer them in any combination.
Names, emails, phone numbers, SSNs, credit cards, addresses — detected and replaced with safe placeholders before the prompt ever reaches the model.
Heuristic detection across six attack categories — instruction override, role switching, prompt extraction, delimiter injection, encoding tricks, DAN-style jailbreaks.
Scans every prompt for OpenAI, Anthropic, AWS, GitHub, and generic credential patterns. Redacts them before the LLM sees the message — your users’ secrets never leave your perimeter.
Blocks violence, weapons, drug synthesis, CSAM, and self-harm keywords with leet-speak normalization. Pre-call by default, post-call for response sweeps.
Post-call scan of model output before delivery. Sexual content, jailbreak echoes, leaked system prompts, and PII in completions are caught after the LLM responds but before the client receives it.
Plug your own classifier into the request path. Send the prompt to any HTTPS endpoint, await a verdict, then allow / block / redact based on the response. Latency-budgeted, fail-open or fail-closed.
Guardrails are assigned at any of three scopes. Lower scopes inherit higher-scope guardrails by default, and can override them only if the parent permits. The result: a security policy you can trust to hold across thousands of keys.
Inheritance
organization_id is the same value in your Bearer key, in the Frontend session, and in every guardrail assignment row. There is no mapping table to drift, no sync layer to compromise — just a clean inheritance chain that resolves at request time.
Effective guardrail set
In path
Every guardrail runs inside the Nemo Backend request path — between auth and the in-process Nemo Intelligent Proxy Router hop. No sidecar to scale, no extra HTTP call to your code, no SDK changes for your team. Pre-call rules fire before the model; post-call rules buffer the response.
Live guardrail traffic
Redact patient SSNs and medical-record numbers before they reach the model. Block responses that could constitute medical advice via post-call scanning.
Prevent credit-card numbers from reaching LLMs. Block unqualified financial advice in output. Custom webhook for domain-specific compliance rules.
Stop employees from pasting API keys into prompts. Block prompt-injection targeting internal tools. Per-team override for the security research team.
Protect end users from harmful LLM output via post-call scanning. Custom webhook callbacks for product-specific content policies.
Mix Microsoft Presidio for PII, regex + keyword filters for policy, and custom webhooks for your business logic — all from the same dashboard. Third-party providers ship next.
20+ models · 5 guardrails · 0 setup
Sign up, pick a tier, drop in your virtual key. Guardrails fire on the very first request — no flags to flip, no contracts to sign.