Check for existing issues
The Feature
Add PromptGuard as a first-class guardrail provider in LiteLLM, on par with existing vendors like Lakera, Noma, Prompt Security, and Bedrock Guardrails.
PromptGuard is an AI security gateway that provides:
- Prompt injection detection — 94.9% F1 score (100% precision, 90.4% recall on 5,384 test cases)
- PII detection & redaction — configurable entity types with automatic masking
- Topic filtering — block conversations on prohibited topics
- Entity blocklists — prevent references to blocked entities
- Hallucination detection — identify factually unsupported claims
- Self-hostable — can be deployed on-premise for data sovereignty requirements
Desired integration scope
Backend:
PromptGuardGuardrail as a CustomGuardrail subclass calling POST /api/v1/guard- Three decision paths:
allow (pass-through), block (raise GuardrailRaisedException), redact (mask PII and pass-through)
- Configurable
block_on_error for fail-open/fail-closed behaviour
supported_event_hooks for pre_call and post_call- Image passthrough support via
GenericGuardrailAPIInputs.images
- Pydantic config model for UI-driven configuration
Frontend:
- Partner card in the Guardrail Garden with eval scores and logo
- Preset configuration for quick one-click setup
Documentation:
- Full docs page at
docs/proxy/guardrails/promptguard.md with Quick Start, config reference, advanced configuration (fail-open, multiple guardrails, always-on), and security features summary
Testing:
- 40 mocked unit tests covering configuration, allow/block/redact decisions, fail-open resilience, image passthrough, request payload construction, error handling, config model, and registry wiring
Example config.yaml
guardrails:
- guardrail_name: "promptguard-guard"
litellm_params:
guardrail: promptguard
mode: "pre_call"
api_key: os.environ/PROMPTGUARD_API_KEY
api_base: os.environ/PROMPTGUARD_API_BASE # optional
block_on_error: true # optional, fail-closed by defaultMotivation, pitch
PromptGuard fills a gap in LiteLLM's guardrail ecosystem by offering a self-hostable security gateway with deep prompt injection detection, PII redaction, and hallucination detection - capabilities that complement LiteLLM's existing vendor options. Having it as a first-class integration lets LiteLLM users protect their LLM applications without leaving the proxy ecosystem.
A complete implementation is available in PR #24268.
What part of LiteLLM is this about?
Proxy
LiteLLM is hiring a founding backend engineer, are you interested in joining us and shipping to all our users?
Yes
Twitter / LinkedIn details
LinkedIn
Twitter
Check for existing issues
The Feature
Add PromptGuard as a first-class guardrail provider in LiteLLM, on par with existing vendors like Lakera, Noma, Prompt Security, and Bedrock Guardrails.
PromptGuard is an AI security gateway that provides:
Desired integration scope
Backend:
PromptGuardGuardrailas aCustomGuardrailsubclass callingPOST /api/v1/guardallow(pass-through),block(raiseGuardrailRaisedException),redact(mask PII and pass-through)block_on_errorfor fail-open/fail-closed behavioursupported_event_hooksforpre_callandpost_callGenericGuardrailAPIInputs.imagesFrontend:
Documentation:
docs/proxy/guardrails/promptguard.mdwith Quick Start, config reference, advanced configuration (fail-open, multiple guardrails, always-on), and security features summaryTesting:
Example config.yaml
Motivation, pitch
PromptGuard fills a gap in LiteLLM's guardrail ecosystem by offering a self-hostable security gateway with deep prompt injection detection, PII redaction, and hallucination detection - capabilities that complement LiteLLM's existing vendor options. Having it as a first-class integration lets LiteLLM users protect their LLM applications without leaving the proxy ecosystem.
A complete implementation is available in PR #24268.
What part of LiteLLM is this about?
Proxy
LiteLLM is hiring a founding backend engineer, are you interested in joining us and shipping to all our users?
Yes
Twitter / LinkedIn details
LinkedIn
Twitter