aicoolies logo

NeMo Guardrails

Programmable safety rails for LLM applications

Share
free
Visit Website →

NeMo Guardrails is NVIDIA's open-source toolkit for adding programmable safety rails to LLM applications. It supports five guardrail types — input, dialog, retrieval, execution, and output rails — covering content safety, jailbreak detection, topic control, PII masking, hallucination detection, and fact-checking. The toolkit uses Colang, a domain-specific language for defining conversational constraints, and integrates with OpenAI, Azure, Anthropic, HuggingFace, and LangChain/LangGraph.

NeMo Guardrails is an open-source Python toolkit from NVIDIA with nearly 5,900 GitHub stars that adds programmable safety and control layers to LLM-based conversational systems. Rather than relying solely on model alignment, it provides explicit guardrails that intercept both user inputs and model outputs, applying configurable checks before anything reaches the end user. The toolkit defines five types of rails: input rails that can reject or alter user messages, dialog rails that control conversational flow using Colang (a domain-specific language for state machine-like dialogue definitions), retrieval rails for filtering RAG chunks, execution rails for validating tool calls, and output rails for screening final responses.

The pre-built guardrails cover the most critical LLM vulnerabilities: content safety moderation using NVIDIA's Nemotron Safety Guard models or third-party services like ActiveFence and Cisco AI Defense, jailbreak and prompt injection detection with NemoGuard JailbreakDetect, topic control to keep conversations within defined boundaries, PII detection and masking via GLiNER integration, fact-checking against knowledge bases, and hallucination detection through AlignScore. The IORails engine supports parallel execution of multiple guardrails to minimize latency. A recent integration with Fiddler Guardrails adds low-latency hosted models for additional safety checks. LangGraph integration enables applying guardrails to multi-agent workflows.

NeMo Guardrails works with major LLM providers including OpenAI, Azure OpenAI, Anthropic, Google, and HuggingFace models, plus NVIDIA NIM for local inference. The server exposes an OpenAI-compatible API with a v1/models endpoint, and a GuardrailsMiddleware enables integration with LangChain agents. For production deployments, NVIDIA offers NeMo Guardrails as a microservice container image designed for Kubernetes with Helm charts. The toolkit includes evaluation tools for measuring accuracy of content moderation, fact-checking, and jailbreak detection. Python 3.10 through 3.13 is supported, with installation via pip.

Pricing

Free open-source toolkit, NIM microservice free for dev/test

Platforms

Python 3.10-3.13, pip, Docker/Kubernetes microservice, OpenAI-compatible API

Categories

Tags

Use Cases

Alternatives

Agentic Security

LLM vulnerability scanner and red teaming kit

Agentic Security is an open-source vulnerability scanner for LLM agent workflows that tests AI systems against jailbreaks, fuzzing, and multimodal attacks. It probes weaknesses across text, image, and audio inputs through multi-step jailbreak simulations, randomized stress testing, and reinforcement learning-powered adaptive attacks. The toolkit connects directly to LLM APIs for high-volume real-world attack scenarios, helping developers identify and patch safety gaps before deployment.

open-sourceOpen Source
Trent AI logo

Trent AI

Agentic AI security posture management

Trent AI is a specialized security platform for agentic AI applications providing AI Security Posture Management that compounds with every development cycle. Scans, judges, mitigates, and evaluates AI agent security detecting threats traditional tools miss including prompt injection attacks, tool misuse, unintended autonomous actions, data exfiltration through agent chains, and privilege escalation. Offers continuous assessment with remediation plan execution through Claude Code.

paid
Agent Governance Toolkit logo

Agent Governance Toolkit

Microsoft’s public-preview runtime governance toolkit for policy, identity, sandboxing, audit, and MCP security around AI agents.

Agent Governance Toolkit is Microsoft’s MIT-licensed public-preview toolkit for governing AI agent runtimes. It adds policy enforcement, zero-trust identity, execution sandboxing, audit, reliability, and MCP security-gateway patterns around tool calls and autonomous actions, helping platform teams move beyond prompt-only guardrails while preserving architecture review requirements.

open-sourceOpen SourceTelemetry

Related Tools

Baz logo

Baz

Telemetry-aware AI code reviewer that checks how pull requests may affect real services.

Baz is an AI code-review platform focused on production-aware pull requests. Instead of only reading the diff, Baz connects code changes to application telemetry so reviewers can understand what endpoints, services, and runtime behavior may be affected. That makes it a useful complement to existing AI PR bots when the question is not just whether a change looks correct, but whether it could break a live system.

freemiumTelemetry
rampart

Rampart

Microsoft’s pytest-native red teaming framework for turning AI agent safety findings into CI tests.

RAMPART is an open-source Microsoft framework for safety and security testing of agentic AI applications. It brings red-team findings into a pytest-native workflow so teams can turn prompt injection, unsafe tool use, and behavioral boundary failures into repeatable regression tests. The strongest aicoolies angle is developer workflow: RAMPART makes agent safety part of CI/CD instead of a one-off security review.

open-sourceOpen Source
Statewright logo

Statewright

State-machine guardrails for controlling which tools AI coding agents can use at each phase.

Statewright is a guardrail layer for AI coding agents that uses explicit state machines to control what an agent can do at each stage of a workflow. Instead of relying only on prompt instructions, teams can model phases such as plan, implement, test, and review, then constrain tool access for clients like Claude Code, Codex, Cursor, opencode, and related MCP workflows.

open-sourceOpen Source
Magika logo

Magika

AI-powered file-type detection at Google scale

Open-source AI-powered file-type detection tool from Google that uses a custom deep-learning model under a few megabytes to identify more than 200 binary and textual content types in milliseconds, even on a single CPU. Magika ships as a CLI, Python package, JavaScript/TypeScript library, and an ONNX model, achieves around 99% accuracy on its test set, and is already used at Google scale across Gmail, Drive, and Safe Browsing as well as by VirusTotal and abuse.ch.

freeOpen Source
fig-security logo

Fig Security

Security operations resilience for SOC teams

Fig provides a Security Operations Resilience platform designed for modern SOC teams facing both unplanned and planned changes. Features drift detection to catch unplanned infrastructure changes, automated drift repair with testing, planned change modeling to simulate initiatives before deployment, version control, and automatic deployment with rollbacks. Helps teams maintain security coverage while shipping risk-free at 10x speed and focusing on strategic cyber work.

paid
Keycard logo

Keycard

Control plane for autonomous AI agents

Keycard is the control plane for autonomous agents, providing identity verification, policy enforcement, and scoped access management. Resolves agent identity, enforces security policies, and issues time-limited resource-specific access tokens. Provides full visibility into every agent action with drift detection, automatic remediation, and integrations with Datadog, Linear, GitHub, and other services for agent-driven incident response and security operations.

paid

Used in Stacks

Comparisons