Guardrails & Compliance
Budget limits, PII redaction, prompt injection detection, and compliance profiles for enterprise-grade AI safety.
Overview
AllRoutes Guardrails provide a policy layer between your application and upstream AI providers. Guardrails enforce budget limits, filter harmful content, redact sensitive data, and ensure compliance with regulatory frameworks -- all without modifying your application code.
Budget Guardrails
Prevent runaway costs with per-key and per-organization spending controls:
- Daily budget -- maximum spend per calendar day
- Monthly budget -- maximum spend per calendar month
- Per-request cost cap -- reject requests estimated to exceed a cost threshold
Budget limits are configured on API keys or at the organization level in the dashboard.
When a budget is exhausted, the API returns 402 Payment Required with a descriptive error message.
Model and Provider Allowlists
Restrict which models and providers your keys can access:
{
"allowed_models": ["gpt-4o", "claude-sonnet-4-20250514"],
"blocked_providers": ["xai"],
"require_byok": true
}
allowed_models-- whitelist specific model IDsblocked_providers-- blacklist entire providersrequire_byok-- only allow requests through your own provider keys (Zero Data Retention)
Zero Data Retention (ZDR)
When ZDR is enforced, AllRoutes ensures:
- No request or response data is logged or stored
- Only BYOK provider keys are used (providers with ZDR agreements)
- Cache is disabled for ZDR requests
- Broadcast destinations receive metadata only (no prompt/response content)
Enable ZDR at the organization level or per-key.
PII Redaction
AllRoutes can automatically detect and redact Personally Identifiable Information in both requests and responses:
Bidirectional Redaction
- Inbound: PII is detected in user messages and replaced with placeholders before sending to the provider
- Outbound: Placeholders are restored with the original values in the response returned to your application
This means the provider never sees actual PII, while your application receives the complete response with real data.
Detected PII Types
| Type | Example | Placeholder |
|---|---|---|
| Email addresses | john@example.com | [EMAIL_1] |
| Phone numbers | +1-555-0123 | [PHONE_1] |
| Social Security Numbers | 123-45-6789 | [SSN_1] |
| Credit card numbers | 4111-1111-1111-1111 | [CARD_1] |
| IP addresses | 192.168.1.1 | [IP_1] |
| Names (detected via NER) | John Smith | [NAME_1] |
| Physical addresses | 123 Main St, NYC | [ADDRESS_1] |
Enable PII redaction via the plugins array or as an organization default:
{
"model": "gpt-4o",
"messages": [{"role": "user", "content": "My email is john@example.com"}],
"plugins": [{"id": "pii-redactor"}]
}
Prompt Injection Detection
AllRoutes scans incoming messages for prompt injection attempts -- malicious instructions designed to override the system prompt or extract sensitive information.
When an injection is detected:
- The request is blocked with a
400response - An alert is sent to your configured webhook
- The attempt is logged for security review
Enable via plugins:
{
"plugins": [{"id": "injection-detector"}]
}
Detection covers common injection patterns: ignore-previous-instructions, role-play jailbreaks, encoding-based bypasses, and delimiter injection.
Toxicity Filtering
Filter harmful, offensive, or inappropriate content in both prompts and responses:
{
"plugins": [{"id": "toxicity-filter"}]
}
The toxicity filter scores content across categories (hate speech, harassment, self-harm, sexual content, violence) and blocks requests or responses that exceed configurable thresholds.
Compliance Profiles
AllRoutes offers pre-built compliance profiles that bundle multiple guardrails into a single configuration:
| Profile | Includes |
|---|---|
| HIPAA | ZDR, PII redaction, audit logging, US-region routing, encrypted transit |
| SOC 2 | Audit logging, access controls, encryption, incident alerting |
| GDPR | EU-region routing, PII redaction, data minimization, right-to-erasure support |
| EU AI Act | Model transparency, risk classification, human oversight hooks |
| PCI-DSS | Credit card redaction, ZDR, encrypted transit, access logging |
| FERPA | Student data redaction, ZDR, audit logging, US-region routing |
Apply a compliance profile per request:
{
"model": "gpt-4o",
"messages": [{"role": "user", "content": "..."}],
"guardrail": "hipaa"
}
Or set a default compliance profile for your organization in the dashboard under Settings > Compliance.
Guardrail Response Headers
| Header | Description |
|---|---|
X-AllRoutes-Guardrail | Active guardrail profile |
X-AllRoutes-PII-Redacted | Number of PII entities redacted |
X-AllRoutes-Injection-Score | Injection detection confidence (0-1) |
X-AllRoutes-Toxicity-Score | Toxicity score (0-1) |
Best Practices
- Start with budget guardrails -- always set daily/monthly limits on production keys
- Enable PII redaction for any user-facing application handling personal data
- Use compliance profiles to simplify regulatory adherence
- Monitor guardrail metrics in the dashboard for false-positive tuning
- Layer guardrails -- combine multiple protections for defense in depth
See Also
- Plugins -- the underlying plugin contract for PII, injection, and toxicity
- API Keys -- where to set per-key budgets and model allowlists
- Webhooks -- alerts when guardrails trip
- Broadcast -- privacy-mode broadcast for ZDR-compliant tracing
- Observability -- monitor guardrail false-positives in Langfuse/Datadog