Product

Runtime governance controls
for enterprise AI.

RAGuard combines prompt and context risk detection, data protection, policy-as-code enforcement, and agent integrity signals into one runtime layer. The goal is not only safer outputs, but governed AI behaviour in production.

01

Prompt Injection Detection

The most common and most dangerous AI attack vector. RAGuard's two-tier detection pipeline catches injection attempts that single-layer approaches miss.

Layer 1 — Regex fast path: Thousands of known injection patterns evaluated in under 1ms. Known attack strings, encoded payloads, and common jailbreak formats.

Layer 2 — ML classifier: Meta Prompt Guard 2 evaluates borderline cases semantically. Catches novel injection patterns that regex can't anticipate. Configurable confidence threshold per tenant.

Meta Prompt Guard 2Regex engineConfigurable thresholdsNovel pattern detection

What gets caught

  • Direct instruction override attempts
  • Encoded / obfuscated injection payloads
  • Role-playing jailbreak attempts
  • Adversarial inputs in retrieved documents (RAG)
  • Tool output injection (MCP server responses)

Entities detected and redacted

  • Email addresses, phone numbers, SSNs
  • Credit card numbers, bank account details
  • Person names, organisation names, locations
  • API keys, tokens, private keys, passwords
  • Medical record numbers, patient identifiers
02

Deep Data Loss Prevention

Bi-directional data protection — scanning both what users send to your model and what your model sends back. Standard DLP tools scan files. RAGuard scans the semantic content of AI interactions in real time.

Named Entity Recognition: ML-based detection of unstructured PII entities — names, organisations, locations — that pattern matching alone would miss.

Secret scanning: Detects API keys, private keys, tokens, and credential patterns in both user inputs and model-generated code output.

NER enginePattern matchingSecret scanningBi-directional
05

Policy-as-Code with OPA

Open Policy Agent (OPA) with Rego is the same policy framework used by Kubernetes, Envoy, and major cloud providers. Enterprise security teams already know it. Now it governs your AI.

Every tenant gets its own policy context. Rules are version-controlled in Git, reviewed as code, and deployed instantly without restart or downtime. Roll back a bad policy update in seconds.

Forbidden actions are deterministically enforced — not evaluated probabilistically. When your policy says block, it blocks. Every time.

Open Policy AgentRego DSLMulti-tenantVersion controlledDeterministic
tenant_policy.rego
package raguard.tenant.acme
 
# Block high-confidence injections
deny["injection"] {
input.injection_score > 0.9
}
 
# Redact all email entities
redact[entity] {
entity := input.pii_entities[_]
entity.type == "EMAIL"
}
 
# No violence content for this product
deny["content_safety"] {
input.safety.violence > 0.7
}
Coming Soon

JudgeLLM — Autonomous Agent Integrity

Built for teams worried about instruction provenance, authority accumulation, and stateful agent misuse across tools, memory, and workflow state.

Explore Agent Integrity →

See every capability in action.

Start free with 1 million protected requests. Every capability, no limits.