OpenGuardrails is the security layer that watches, controls, and governs your AI agents โ so you can ship with confidence.
Runtime protection against prompt injection, data leakage, and unsafe behavior. From personal agents to enterprise-scale deployments.
1 Personal Agent
Protect your own personal AI assistant like OpenClaw. Runtime monitoring, config scanning, vulnerability detection, and red team testing.
Up to 5 agents
Observe, control, and govern customer-facing agents. Built for dev teams shipping AI products.
Unlimited agents
Full agent inventory, blast radius analysis, threat discovery, governance policy enforcement across the org.
What We Protect Against
The most critical threats to AI agents, organized into two categories: attacks against your agent, and mistakes your agent makes.
Detect and block attempts to override system instructions or hijack agent behavior through crafted inputs.
Prevent attackers from manipulating the agent into ignoring safety boundaries or executing unauthorized actions.
Guard against XSS, CSRF, and other web-based exploits targeting agent-powered interfaces and APIs.
Detect compromised or malicious tool definitions in Model Context Protocol integrations before execution.
Block attempts to generate, inject, or execute harmful code through agent code interpreters and sandboxes.
Filter unsafe, explicit, or inappropriate content across 12 risk categories with configurable sensitivity.
Identify and redact personally identifiable information before it reaches external models or storage.
Detect API keys, tokens, passwords, and secrets in agent inputs and outputs to prevent unauthorized access.
Prevent sensitive business data, trade secrets, and proprietary information from leaking through AI interactions.
Keep agents focused on their intended purpose and prevent misuse for unrelated or unauthorized tasks.
Choose Your Plan
Priced by agent count and usage volume โ not headcount. Scale security with your AI footprint.
For your personal AI assistant
Guard your own personal AI assistant. Built for developers, researchers, and power users who run personal agents like OpenClaw, Claude Code, Cursor, or custom bots.
10,000 guard calls included
For teams shipping AI products
Observe, control, and govern customer-facing agents. Full observability and policy enforcement for your AI-powered product.
40,000 guard calls included
Organization-wide AI governance
Govern all agents across departments. Discovery, inventory, blast radius analysis, threat modeling, and policy consistency at enterprise scale.
Tailored to your organization
Proven Performance
OpenGuardrails achieves SOTA results across multilingual safety benchmarks, outperforming LlamaGuard, Qwen3Guard, and other leading guard models.
Average F1 scores across safety classification benchmarks. Full technical report โ
Single 14B dense model quantized to 3.3B via GPTQ. Handles both content-safety and manipulation detection with superior semantic understanding.
Dynamic per-request policy with continuous sensitivity thresholds. Tune precision-recall trade-offs in real time via probabilistic logit-space control.
Robust multilingual coverage with SOTA results on English, Chinese, and cross-lingual benchmarks. Includes 97k Chinese safety dataset contribution.
P95 latency of 274.6ms with high concurrency. GPTQ quantization enables real-time inference at enterprise scale without sacrificing accuracy.
Community
Code, models, papers, and standards โ all open. Build on a transparent, extensible security foundation.
Blog
Release notes, security research, and insights on securing AI agents in production.
Mar 5, 2026
Today we're releasing AI Agent Discovery, a new open-source project that helps organizations discover and inventory all AI agents running within their enterprise environment by integrating with existing EDR infrastructure.
Feb 21, 2026
OpenGuardrails has identified a new, rapidly spreading malware campaign targeting the OpenClaw ecosystem through the ClawHub skill community. We are naming this threat Clawhub.Trojan.LiuComment.
Feb 20, 2026
When Claude Code Security was announced on February 20, 2026, global cybersecurity stocks dropped almost immediately. The market understood: the first principle has not changed, but the cost law governing the entire industry just did.