OpenGuardrails is the security layer that watches, controls, and governs your AI agents โ so you can ship with confidence.
Runtime protection against prompt injection, data leakage, and unsafe behavior. From personal agents to enterprise-scale deployments.
1 Personal Agent
Protect your own personal AI assistant like OpenClaw. Runtime monitoring, config scanning, vulnerability detection, and red team testing.
Up to 5 agents
Observe, control, and govern customer-facing agents. Built for dev teams shipping AI products.
Unlimited agents
Full agent inventory, blast radius analysis, threat discovery, governance policy enforcement across the org.
What We Protect Against
The most critical threats to AI agents, organized into two categories: attacks against your agent, and mistakes your agent makes.
Detect and block attempts to override system instructions or hijack agent behavior through crafted inputs.
Prevent attackers from manipulating the agent into ignoring safety boundaries or executing unauthorized actions.
Guard against XSS, CSRF, and other web-based exploits targeting agent-powered interfaces and APIs.
Detect compromised or malicious tool definitions in Model Context Protocol integrations before execution.
Block attempts to generate, inject, or execute harmful code through agent code interpreters and sandboxes.
Filter unsafe, explicit, or inappropriate content across 12 risk categories with configurable sensitivity.
Identify and redact personally identifiable information before it reaches external models or storage.
Detect API keys, tokens, passwords, and secrets in agent inputs and outputs to prevent unauthorized access.
Prevent sensitive business data, trade secrets, and proprietary information from leaking through AI interactions.
Keep agents focused on their intended purpose and prevent misuse for unrelated or unauthorized tasks.
Choose Your Plan
Priced by agent count and usage volume โ not headcount. Scale security with your AI footprint.
For your personal AI assistant
Guard your own personal AI assistant. Built for developers, researchers, and power users who run personal agents like OpenClaw, Claude Code, Cursor, or custom bots.
10,000 guard calls included
For teams shipping AI products
Observe, control, and govern customer-facing agents. Full observability and policy enforcement for your AI-powered product.
40,000 guard calls included
Organization-wide AI governance
Govern all agents across departments. Discovery, inventory, blast radius analysis, threat modeling, and policy consistency at enterprise scale.
Tailored to your organization
Proven Performance
OpenGuardrails achieves SOTA results across multilingual safety benchmarks, outperforming LlamaGuard, Qwen3Guard, and other leading guard models.
Average F1 scores across safety classification benchmarks. Full technical report โ
Single 14B dense model quantized to 3.3B via GPTQ. Handles both content-safety and manipulation detection with superior semantic understanding.
Dynamic per-request policy with continuous sensitivity thresholds. Tune precision-recall trade-offs in real time via probabilistic logit-space control.
Robust multilingual coverage with SOTA results on English, Chinese, and cross-lingual benchmarks. Includes 97k Chinese safety dataset contribution.
P95 latency of 274.6ms with high concurrency. GPTQ quantization enables real-time inference at enterprise scale without sacrificing accuracy.
Community
Code, models, papers, and standards โ all open. Build on a transparent, extensible security foundation.
Blog
Release notes, security research, and insights on securing AI agents in production.
Feb 4, 2026
AI agents now read emails, browse web pages, and process documents autonomously. But what happens when attackers hide malicious instructions inside those long-form contents? Today, we release OG-OpenClawGuard v1 โ an open-source Guard Agent plugin for OpenClaw that detects and blocks indirect prompt injection attacks in real time.
Jan 29, 2026
Personal AI assistants now execute shell commands, browse the web, and send messages โ but most users have zero visibility into what their agents can actually do. Today, we're introducing OG Personal, the first guard agent designed specifically for personal AI assistants.
Jan 23, 2026
Large Language Models have become the second brain of modern enterprises. But in real enterprise environments, one uncomfortable question keeps surfacing: do we actually know how much sensitive data is being sent to external LLMs โ unintentionally?