Posted on Nov 18

OpenGuardrails: Production-Grade AI Security for LLMs and Agentic Frameworks

Introduction: The Growing Need for AI Security

Large Language Models (LLMs) are rapidly becoming integral to production applications across industries. From customer service chatbots to automated content generation systems, these models handle sensitive data and make autonomous decisions at scale. However, this widespread adoption brings significant security challenges. LLM applications remain vulnerable to sophisticated attacks including prompt injection, jailbreaking, and data leakage that can compromise both system integrity and user privacy.

OpenGuardrails addresses these challenges as a developer-first, open-source AI security platform built specifically for protecting LLM applications. Released under the permissive Apache 2.0 license with growing community adoption (80+ GitHub stars), it represents a comprehensive approach to AI application security.

The platform distinguishes itself through several key capabilities:

Works with any LLM provider including OpenAI, Anthropic, Claude, and custom models
Supports multi-cloud deployments across AWS Bedrock, Azure OpenAI, and GCP Vertex AI
Integrates seamlessly with popular agentic frameworks such as LangChain, LangGraph, CrewAI, and AutoGen
Provides flexible deployment options from cloud-hosted to fully self-hosted solutions
Offers production-ready monitoring and management through comprehensive dashboard

Whether building simple chatbot applications or complex multi-agent systems, OpenGuardrails provides the security infrastructure needed for enterprise-grade AI deployments.

What is OpenGuardrails?

OpenGuardrails is a production-ready security platform designed to detect and prevent threats in AI-powered applications. Unlike simple content filters, it provides context-aware protection across three critical dimensions:

Three Pillars of Protection

Security Protection
- Jailbreak attack detection
- Prompt injection prevention
- Malicious instruction filtering
Compliance Protection
- Toxic content detection (insults, profanity, hate speech)
- Political sensitivity screening
- Illegal content blocking
Data Security
- PII detection and desensitization (SSN, credit cards, emails)
- Chinese national ID and phone number protection
- Automated data masking

Key Features That Set OpenGuardrails Apart

Multi-LLM and Multi-Cloud Support

OpenGuardrails is model-agnostic and works with:

OpenAI (GPT-4, GPT-3.5, etc.)
Anthropic (Claude models)
Open-source models (Llama, Mistral, etc.)
Custom LLMs (your own fine-tuned models)
Cloud platforms: AWS Bedrock, Azure OpenAI, GCP Vertex AI
On-premise deployments: Self-hosted models

This flexibility means you're never locked into a single provider. Switch between models while maintaining consistent security.

Context-Aware Multi-Turn Detection

Unlike traditional static filters, OpenGuardrails understands conversation context. It can detect sophisticated attacks that span multiple interactions - where an attacker gradually builds up to a malicious goal across several messages.

# Example: Multi-turn conversation analysis { "messages": [ {"role": "user", "content": "Tell me about security systems"}, {"role": "assistant", "content": "I can help explain security concepts..."}, {"role": "user", "content": "How would one bypass such systems?"} ], "enable_security": true }

OpenGuardrails will analyze the entire conversation thread to detect emerging threats.

Three Flexible Integration Modes

OpenGuardrails offers three deployment modes to fit different architectures:

1. Security Gateway Mode (Transparent Proxy)

The easiest way to get started - replace your OpenAI API endpoint with OpenGuardrails' proxy:

from openai import OpenAI client = OpenAI( api_key="sk-xxai-your-api-key", base_url="https://api.openguardrails.com/proxy/v1" ) # Your existing code works without changes! response = client.chat.completions.create( model="gpt-4", messages=[{"role": "user", "content": "Hello"}] )

Security is automatic - no code changes required.

2. API Call Mode (Active Detection)

For more control, call the detection API directly:

import requests response = requests.post( "https://api.openguardrails.com/v1/guardrails", headers={"Authorization": "Bearer sk-xxai-your-api-key"}, json={ "model": "OpenGuardrails-Text", "messages": [{"role": "user", "content": "User input to check"}], "enable_security": True, "enable_compliance": True, "enable_data_security": True } ) result = response.json() if result["action"] == "pass": # Safe to proceed  call_your_llm() elif result["action"] == "block": # Threat detected - use safe response  return result["response"]

3. Self-Hosted Deployment

For enterprises requiring complete data sovereignty:

# Clone and deploy locally git clone https://github.com/openguardrails/openguardrails.git cd openguardrails ./scripts/setup.sh

Perfect for sensitive industries like healthcare, finance, and government.

Open-Source Model: OpenGuardrails-Text

At the heart of the platform is OpenGuardrails-Text-2510, a 3.3B parameter model that achieves SOTA (state-of-the-art) performance:

119 languages supported
Open-sourced on HuggingFace
Specialized for safety detection
Low latency (~100ms response time)

This means you're not relying on black-box APIs - you can inspect, audit, and even fine-tune the model for your specific needs.

Production-Ready Architecture

OpenGuardrails uses a three-service architecture optimized for different workloads:

┌──────────────────┐ │ Admin Service │ Port 5000 - Web UI & Management (2 workers) └────────┬─────────┘ │ ┌────────┴─────────┐ │ Detection Service│ Port 5001 - High-concurrency API (32 workers) └────────┬─────────┘ │ ┌────────┴─────────┐ │ Proxy Service │ Port 5002 - OpenAI-compatible gateway (24 workers) └──────────────────┘

This separation ensures that high-volume detection requests don't impact your management interface.

Multi-Language SDK Support

OpenGuardrails provides official SDKs for:

Python - Perfect for data science and ML workflows
Node.js/TypeScript - For web applications and serverless
Java - Enterprise applications
Go - High-performance microservices

This makes integration straightforward regardless of your tech stack.

Real-World Use Cases

1. Customer Service Chatbots

Challenge: A customer service bot shouldn't respond to attempts to extract training data or discuss unrelated topics.

Solution: Deploy OpenGuardrails proxy to automatically filter:

Off-topic conversations
Data extraction attempts
Jailbreak attempts ("Ignore previous instructions...")

# Before: Vulnerable to attacks response = openai.chat.completions.create(...) # After: Protected automatically client = OpenAI(base_url="https://api.openguardrails.com/proxy/v1") response = client.chat.completions.create(...) # Same code, now protected

2. Content Generation Platforms

Challenge: User-generated prompts might try to create illegal, toxic, or branded content.

Solution: Use API mode to pre-screen prompts:

# Check user prompt before generation check_result = openguardrails.check(user_prompt) if check_result.action == "block": return "This prompt violates our content policy" # Safe to generate generated_content = your_llm.generate(user_prompt) # Also check output before publishing output_check = openguardrails.check(generated_content)

3. Enterprise RAG (Retrieval-Augmented Generation) Systems

Challenge: Prevent prompt injection through uploaded documents or retrieved context.

Solution: Check both user queries and retrieved documents:

# 1. Check user query query_check = openguardrails.check(user_query) if query_check.action == "block": return safe_response # 2. Retrieve documents docs = vector_db.search(user_query) # 3. Check retrieved content for doc in docs: doc_check = openguardrails.check(doc.content) if doc_check.action == "block": docs.remove(doc) # 4. Generate with clean context response = llm.generate(query=user_query, context=docs)

4. n8n Workflow Automation

Bonus: OpenGuardrails has a dedicated n8n community node for no-code integration:

# Install in n8n n8n-nodes-openguardrails

Create workflows like:

Webhook → OpenGuardrails Check → ChatGPT → Response
Email Received → Content Moderation → Auto-Reply
Form Submission → PII Detection → Database Storage

Using OpenGuardrails with Different LLM Providers

OpenGuardrails is truly provider-agnostic. Here's how to use it with various LLM providers:

With OpenAI

from openai import OpenAI # Method 1: Via proxy (automatic protection) client = OpenAI( api_key="sk-xxai-your-guardrails-key", base_url="https://api.openguardrails.com/proxy/v1" ) response = client.chat.completions.create( model="gpt-4", messages=[{"role": "user", "content": "Your query"}] )

With Anthropic Claude

import anthropic from openguardrails import OpenGuardrails guardrails = OpenGuardrails(api_key="sk-xxai-your-key") claude = anthropic.Anthropic(api_key="your-anthropic-key") # Check input user_message = "User query here" check = guardrails.check(messages=[{"role": "user", "content": user_message}]) if check.action == "pass": # Safe to call Claude  response = claude.messages.create( model="claude-3-opus-20240229", messages=[{"role": "user", "content": user_message}] ) # Check output  output_check = guardrails.check( messages=[{"role": "assistant", "content": response.content[0].text}] ) if output_check.action == "pass": print(response.content[0].text) else: print(output_check.response) # Safe response else: print(check.response) # Blocked with safe response

With AWS Bedrock

import boto3 from openguardrails import OpenGuardrails guardrails = OpenGuardrails(api_key="sk-xxai-your-key") bedrock = boto3.client('bedrock-runtime', region_name='us-east-1') def secure_bedrock_call(prompt, model_id="anthropic.claude-v2"): # Input check  check = guardrails.check(messages=[{"role": "user", "content": prompt}]) if check.action == "block": return check.response # Call Bedrock  response = bedrock.invoke_model( modelId=model_id, body=json.dumps({"prompt": prompt, "max_tokens": 500}) ) result = json.loads(response['body'].read()) # Output check  output_check = guardrails.check( messages=[{"role": "assistant", "content": result['completion']}] ) return result['completion'] if output_check.action == "pass" else output_check.response # Use it response = secure_bedrock_call("Your prompt here")

With Azure OpenAI

from openai import AzureOpenAI from openguardrails import OpenGuardrails guardrails = OpenGuardrails(api_key="sk-xxai-your-key") client = AzureOpenAI( api_key="your-azure-key", api_version="2024-02-01", azure_endpoint="https://your-resource.openai.azure.com" ) def secure_azure_call(messages): # Check all user messages  for msg in messages: if msg["role"] == "user": check = guardrails.check(messages=[msg]) if check.action == "block": return check.response # Call Azure OpenAI  response = client.chat.completions.create( model="gpt-4", messages=messages ) # Check output  output = response.choices[0].message.content output_check = guardrails.check( messages=[{"role": "assistant", "content": output}] ) return output if output_check.action == "pass" else output_check.response

With Open-Source Models (Ollama/Local)

import requests from openguardrails import OpenGuardrails guardrails = OpenGuardrails(api_key="sk-xxai-your-key") def secure_local_llm_call(prompt, model="llama2"): # Input check  check = guardrails.check(messages=[{"role": "user", "content": prompt}]) if check.action == "block": return check.response # Call local model (e.g., via Ollama)  response = requests.post('http://localhost:11434/api/generate', json={ "model": model, "prompt": prompt }) output = response.json()['response'] # Output check  output_check = guardrails.check( messages=[{"role": "assistant", "content": output}] ) return output if output_check.action == "pass" else output_check.response # Use with Llama, Mistral, or any local model response = secure_local_llm_call("Your prompt", model="mistral")

With Google Gemini

import google.generativeai as genai from openguardrails import OpenGuardrails guardrails = OpenGuardrails(api_key="sk-xxai-your-key") genai.configure(api_key="your-google-api-key") def secure_gemini_call(prompt): # Input check  check = guardrails.check(messages=[{"role": "user", "content": prompt}]) if check.action == "block": return check.response # Call Gemini  model = genai.GenerativeModel('gemini-pro') response = model.generate_content(prompt) # Output check  output_check = guardrails.check( messages=[{"role": "assistant", "content": response.text}] ) return response.text if output_check.action == "pass" else output_check.response

Universal Pattern for Any LLM

from openguardrails import OpenGuardrails class SecureLLMWrapper: """Universal wrapper for any LLM provider""" def __init__(self, llm_client, guardrails_api_key): self.llm = llm_client self.guardrails = OpenGuardrails(api_key=guardrails_api_key) def generate(self, prompt, **kwargs): # 1. Check input  input_check = self.guardrails.check( messages=[{"role": "user", "content": prompt}] ) if input_check.action == "block": return input_check.response # 2. Call your LLM (adapt this to your provider's API)  output = self.llm.generate(prompt, **kwargs) # 3. Check output  output_check = self.guardrails.check( messages=[{"role": "assistant", "content": output}] ) return output if output_check.action == "pass" else output_check.response # Use with any LLM secure_llm = SecureLLMWrapper(your_llm_client, "sk-xxai-your-key") response = secure_llm.generate("User prompt")

Integration with Agentic Frameworks

One of OpenGuardrails' strongest features is its compatibility with modern AI agent frameworks. Whether you're building with LangChain, LangGraph, CrewAI, or AutoGen, OpenGuardrails can secure your agentic workflows.

LangChain Integration

LangChain is the most popular framework for building LLM applications. Integrate OpenGuardrails in two ways:

Method 1: Using the Proxy (Easiest)

from langchain_openai import ChatOpenAI from langchain.chains import ConversationChain # Simply point to OpenGuardrails proxy llm = ChatOpenAI( model="gpt-4", openai_api_key="sk-xxai-your-key", openai_api_base="https://api.openguardrails.com/proxy/v1" ) # All LangChain features work normally with automatic security chain = ConversationChain(llm=llm) response = chain.run("Your user input")

Method 2: Custom Callback Handler (More Control)

from langchain.callbacks.base import BaseCallbackHandler from openguardrails import OpenGuardrails class OpenGuardrailsCallback(BaseCallbackHandler): def __init__(self): self.client = OpenGuardrails(api_key="sk-xxai-your-key") def on_llm_start(self, serialized, prompts, **kwargs): """Check inputs before sending to LLM""" for prompt in prompts: result = self.client.check(messages=[ {"role": "user", "content": prompt} ]) if result.action == "block": raise ValueError(f"Security violation: {result.reason}") def on_llm_end(self, response, **kwargs): """Check outputs before returning to user""" for generation in response.generations: for gen in generation: result = self.client.check(messages=[ {"role": "assistant", "content": gen.text} ]) if result.action == "block": gen.text = result.response # Replace with safe response  # Use with any LangChain chain from langchain.chains import LLMChain chain = LLMChain( llm=llm, callbacks=[OpenGuardrailsCallback()] )

LangGraph Integration

LangGraph enables building stateful, multi-agent workflows. Add guardrails as nodes in your graph:

from langgraph.graph import StateGraph, END from openguardrails import OpenGuardrails guardrails = OpenGuardrails(api_key="sk-xxai-your-key") def input_guard(state): """Guard node for input validation""" result = guardrails.check( messages=[{"role": "user", "content": state["user_input"]}] ) if result.action == "block": return {"output": result.response, "blocked": True} return {"input_validated": True, "blocked": False} def call_llm(state): """Your LLM call""" if state.get("blocked"): return state # ... your LLM logic  return {"llm_output": response} def output_guard(state): """Guard node for output validation""" if state.get("blocked"): return state result = guardrails.check( messages=[{"role": "assistant", "content": state["llm_output"]}] ) if result.action == "block": return {"output": result.response} return {"output": state["llm_output"]} # Build the graph workflow = StateGraph() workflow.add_node("input_guard", input_guard) workflow.add_node("llm", call_llm) workflow.add_node("output_guard", output_guard) workflow.set_entry_point("input_guard") workflow.add_edge("input_guard", "llm") workflow.add_edge("llm", "output_guard") workflow.add_edge("output_guard", END) app = workflow.compile()

CrewAI Integration

CrewAI enables building teams of AI agents. Secure agent-to-agent communication:

from crewai import Agent, Task, Crew from openguardrails import OpenGuardrails guardrails = OpenGuardrails(api_key="sk-xxai-your-key") class SecureAgent(Agent): def execute_task(self, task): # Check task before execution  check = guardrails.check( messages=[{"role": "user", "content": task.description}] ) if check.action == "block": return check.response # Execute normally  result = super().execute_task(task) # Check output  output_check = guardrails.check( messages=[{"role": "assistant", "content": result}] ) if output_check.action == "block": return output_check.response return result # Use secure agents in your crew researcher = SecureAgent( role="Researcher", goal="Research information safely", backstory="You research topics while respecting safety guidelines" ) crew = Crew( agents=[researcher], tasks=[task1, task2] )

AutoGen Integration

Microsoft's AutoGen enables multi-agent conversations:

import autogen from openguardrails import OpenGuardrails guardrails = OpenGuardrails(api_key="sk-xxai-your-key") # Create a custom message filter def message_filter(sender, message, recipient, silent): """Filter messages through OpenGuardrails""" check = guardrails.check( messages=[{"role": "user", "content": message}] ) if check.action == "block": return check.response return message # Configure agents with filter config_list = [{ "model": "gpt-4", "api_key": "your-openai-key", }] user_proxy = autogen.UserProxyAgent( name="user", message_filter=message_filter ) assistant = autogen.AssistantAgent( name="assistant", llm_config={"config_list": config_list}, message_filter=message_filter )

General Pattern for Any Framework

If your framework isn't listed, follow this pattern:

from openguardrails import OpenGuardrails guardrails = OpenGuardrails(api_key="sk-xxai-your-key") def secure_wrapper(your_llm_function): """Wrap any LLM function with guardrails""" def wrapper(input_text, *args, **kwargs): # 1. Check input  input_check = guardrails.check( messages=[{"role": "user", "content": input_text}] ) if input_check.action == "block": return input_check.response # 2. Call your LLM  output = your_llm_function(input_text, *args, **kwargs) # 3. Check output  output_check = guardrails.check( messages=[{"role": "assistant", "content": output}] ) if output_check.action == "block": return output_check.response return output return wrapper # Use with any LLM call @secure_wrapper def my_agent_function(prompt): # Your existing code  return llm.generate(prompt)

Framework Compatibility Matrix

Framework	Proxy Mode	API Mode	Custom Integration	Status
LangChain	✅ Full support	✅ Full support	✅ Callback handlers	Production-ready
LangGraph	✅ Full support	✅ Full support	✅ Guard nodes	Production-ready
CrewAI	⚠️ Via base_url	✅ Full support	✅ Agent wrappers	Community-tested
AutoGen	⚠️ Via config	✅ Full support	✅ Message filters	Community-tested
Haystack	⚠️ Via base_url	✅ Full support	✅ Custom nodes	Community-tested
Semantic Kernel	✅ Full support	✅ Full support	✅ Filters	Community-tested
Custom agents	✅ Full support	✅ Full support	✅ SDK wrappers	Production-ready

Legend:

✅ Full support - Official or well-documented integration
⚠️ Via base_url/config - Works by changing API endpoint
🔧 Requires custom - Need to implement wrapper

How Does It Compare to Alternatives?

Feature	OpenGuardrails	Lakera Guard	NVIDIA NeMo Guardrails	LLM Guard
Open Source	✅ Apache 2.0	❌ Proprietary	✅ Apache 2.0	✅ MIT
Self-Hosted	✅ Full control	❌ Cloud only	✅ Yes	✅ Yes
Cloud API	✅ Available	✅ Primary	❌ No	❌ No
Multi-LLM Support	✅ OpenAI, Anthropic, custom	⚠️ Major providers	✅ Any LLM	⚠️ Limited
Multi-Cloud	✅ AWS, Azure, GCP	❌ No	✅ Yes	❌ No
OpenAI Proxy Mode	✅ Drop-in replacement	❌ No	❌ No	❌ No
Multi-turn Context	✅ Yes	✅ Yes	⚠️ Limited	❌ No
Multi-language	✅ 119 languages	⚠️ Major languages	⚠️ Major languages	✅ Many
PII Detection	✅ Built-in	✅ Yes	❌ Manual config	✅ Built-in
LangChain Integration	✅ Full support	⚠️ Manual	✅ Full support	⚠️ Manual
Agentic Frameworks	✅ LangGraph, CrewAI, AutoGen	⚠️ Limited	✅ LangChain/Graph	❌ No
n8n Integration	✅ Community node	❌ No	❌ No	❌ No
Web Dashboard	✅ Full UI	✅ Yes	❌ No	❌ No
Model Size	3.3B params	Undisclosed	Configurable	Various
Response Time	~100ms	~200ms	Varies	Varies
SDKs	Python, Node.js, Java, Go	Python, JS	Python	Python

Why Choose OpenGuardrails?

Choose OpenGuardrails if you:

Need both cloud and self-hosted options
Want a drop-in OpenAI proxy replacement
Use multiple LLM providers (OpenAI, Anthropic, custom models)
Building with agentic frameworks (LangChain, LangGraph, CrewAI, AutoGen)
Require multi-language support (especially Asian languages - 119 languages)
Need a production-ready UI for monitoring
Want an open-source model you can audit/fine-tune
Are building n8n workflows or automation
Need multi-cloud support (AWS, Azure, GCP)
Want SDKs in multiple languages (Python, Node.js, Java, Go)

Consider alternatives if you:

Need only basic content filtering (LLM Guard is simpler)
Want highly customizable rule-based guards (NeMo Guardrails)
Prefer a pure SaaS solution (Lakera Guard)
Have a very simple use case without multi-turn conversations

Getting Started: 5-Minute Setup

Option 1: Cloud API (Fastest)

# 1. Sign up at https://openguardrails.com # 2. Get your API key # 3. Install the SDK pip install openguardrails-sdk # 4. Start protecting from openguardrails import OpenGuardrails client = OpenGuardrails(api_key="sk-xxai-your-key") result = client.check( messages=[{"role": "user", "content": "Your user input"}], enable_all=True # Enable all protections ) if result.action == "pass": # Safe to proceed  pass else: # Use the safe response  print(result.response)

Option 2: Self-Hosted (Full Control)

# 1. Clone the repository git clone https://github.com/openguardrails/openguardrails.git cd openguardrails # 2. Run setup script ./scripts/setup.sh # 3. Configure environment cp .env.example .env # Edit .env with your settings # 4. Start services docker-compose up -d # 5. Access dashboard open http://localhost:5000

Advanced Features

Custom Blacklist/Whitelist

# Add domain-specific rules client.blacklist.add( pattern="internal project codename", category="confidential", action="block" ) client.whitelist.add( pattern="public product name", category="allowed_terms" )

Custom Response Templates

# Configure brand-appropriate responses client.templates.create( name="polite_block", content="I'm here to help with product questions. Could you rephrase your request?", categories=["off_topic", "jailbreak"] )

Webhook Notifications

# Get real-time alerts on threats client.webhooks.create( url="https://your-domain.com/security-alerts", events=["jailbreak_detected", "high_risk_prompt"], severity_threshold="high" )

Performance Considerations

Based on community reports and documentation:

Latency: ~100ms added per request
Throughput: 32 concurrent workers for detection service
Scalability: Horizontal scaling supported via load balancer
Caching: Results cached for identical inputs (configurable TTL)

For high-traffic applications:

# Use async for better performance import asyncio from openguardrails import AsyncOpenGuardrails client = AsyncOpenGuardrails(api_key="sk-xxai-your-key") async def check_multiple(prompts): tasks = [client.check(p) for p in prompts] return await asyncio.gather(*tasks) # Process 100 prompts in parallel results = await check_multiple(user_prompts)

Enterprise Features

For production deployments, OpenGuardrails offers:

Model Fine-Tuning Services

Industry-specific customization (finance, healthcare, legal)
Scenario optimization for your use cases
Continuous improvement based on your data

Enterprise Support

24/7 professional technical support
99.9% SLA guarantee
Private deployment consultation

Custom Development

Custom API interfaces
White-label UI customization
Deep integration services

Contact: thomas@openguardrails.com

The Open-Source Advantage

Being open-source under Apache 2.0 means:

Transparency: Audit the entire codebase and model
No Vendor Lock-in: Self-host anywhere, anytime
Community-Driven: 70+ commits, active development
Customizable: Fork and modify for your needs
Cost-Effective: Free for self-hosting, fair pricing for cloud

The project is actively maintained with regular updates (see changelog).

Security Best Practices

When deploying OpenGuardrails:

1. Layer Your Defenses

# Don't rely on a single check user_check = check_input(user_prompt) context_check = check_input(retrieved_context) output_check = check_output(llm_response)

2. Configure Appropriate Thresholds

# Adjust sensitivity based on your use case client.configure( security_threshold=0.7, # Higher = more strict  compliance_threshold=0.8, data_security_threshold=0.9 # Most strict for PII )

3. Monitor and Iterate

# Use the dashboard to track: # - False positive rates # - Attack patterns # - Performance metrics  # Adjust rules based on real data

4. Combine with Other Security Measures

Rate limiting on your API
Authentication and authorization
Input length limits
Output sanitization

Limitations and Considerations

Like any security tool, OpenGuardrails isn't perfect:

False Positives: May occasionally flag benign content
Latency: Adds ~100ms to each request
Adversarial Evolution: Attackers constantly develop new techniques
Language Coverage: While supporting 119 languages, accuracy varies
Context Window: Multi-turn detection has practical limits

Mitigation:

Use the whitelist for known false positives
Implement caching for repeated inputs
Keep the model updated (check for new versions)
Combine with other security measures

Conclusion: Building Safer AI Applications

As LLMs become more powerful and ubiquitous, security can no longer be an afterthought. OpenGuardrails provides a production-ready, developer-friendly solution that makes AI security accessible to teams of any size.

Key Takeaways

Open-source with a permissive Apache 2.0 license
Multiple deployment options including cloud, self-hosted, and proxy modes
Multi-LLM support works with OpenAI, Anthropic, Claude, and custom models
Multi-cloud compatible across AWS Bedrock, Azure OpenAI, and GCP Vertex AI
Agentic framework ready with native LangChain, LangGraph, CrewAI, and AutoGen integration
Context-aware protection across security, compliance, and data privacy dimensions
Production-ready with optimized architecture and comprehensive monitoring
Multi-language SDKs available for Python, Node.js, Java, and Go
Active development with enterprise support available

Getting Started

Try the cloud API: Sign up at openguardrails.com
Star the repo: github.com/openguardrails/openguardrails
Read the docs: Full API reference and guides available
Join the community: Connect with other users and contributors

Resources

Disclaimer: This blog post is based on publicly available information from the OpenGuardrails GitHub repository, official website, and web research conducted in November 2024. OpenGuardrails supports multiple LLM providers (OpenAI, Anthropic, custom models) and can be integrated with popular agentic frameworks like LangChain, LangGraph, CrewAI, and AutoGen through its flexible API and SDKs. Always test thoroughly in your specific use case before production deployment.

Citation

@misc{openguardrails, title={OpenGuardrails: An Open-Source Context-Aware AI Guardrails Platform}, author={Thomas Wang and Haowen Li}, year={2025}, url={https://arxiv.org/abs/2510.19169}, }