Policies for Runtime Protection

Create policies using built-in guardrails and templates to ensure data protection, legal compliance, and responsible AI use. These policies are applied to your connected endpoints, helping to secure and govern their interactions.

Policies you edit in the AI Defense UI apply only to gateway-deployed Runtime and on-demand Runtime. For Multicloud Defense-deployed Runtime, you must edit your policies in the Multicloud Defense guardrails profile, managed in the Multicloud Defense UI.

Where to manage your policies

For each environment you protect with AI Defense, you will apply a policy that specifies which runtime guardrails are applied. Where you configure your policies depends on which type of Runtime enforcement point you choose:

Gateway-enforced runtime protection: Manage your policies in the AI Defense Policies tab.
API-enforced runtime protection: Manage your policies in the AI Defense Policies tab.
Multicloud Defense-enforced runtime protection: Manage your policies as AI Guardrails profiles in Multicloud Defense.

To create a new policy, click Create Policy on the right top corner of the Policies page. Select from Gateway and API.

A left slide-in pane is displayed. This pane has a step-by-step guide for creating a new policy.

To create a new policy

Begin on the New Policy page, under Policy Details:

Enter a Name for the policy.
The Description is optional, you can add details if required.
In Language rule configuration, specify the language of the content that will be monitored. English and Japanese are supported. The set of available guardrail rules depends on the language.
Click Next.

Connections

A list of connections is displayed.

A connection represents an LLM endpoint that you are protecting with an Runtime policy. The connection is where you will apply a guardrail policy to the LLM. Each connection may have only one policy applied to it, but a policy may be applied to many connections.

Select the checkbox(es) of one or multiple connections to which you wish to apply this policy.
Click Next.

Security guardrails

Under Security guardrails, configure security rules:

Move the slider to Enabled for the rule.
Click the dropdown for Rule directionality to apply this rule to prompts, responses, or both. Some rules are useful only for monitoring prompts, and others only for responses.
Click the dropdown for Action to select the action this policy rule will take. You can select: Block or Allow.

For API-enforced Runtime protection, the Block action is not available.
Click Next.

Privacy guardrails

To protect data and maintain confidentiality, under Privacy guardrails, configure privacy rules:

Move the slider to Enabled for the rule.
Move the slider to Enabled for one or multiple entities.
Click the dropdown for Rule directionality to apply this rule to prompts, responses, or both. Some rules are useful only for monitoring prompts, and others only for responses.
Click the dropdown for Action to select the action this policy rule will take. You can select: Block or Allow. Important! For API-enforced Runtime protection, the Block action is not available.
Click Next.

Safety guardrails

Under Safety guardrails, configure safety rules:

Move the slider to Enabled for the rule.
Click the dropdown for Rule directionality to apply this rule to prompts, responses, or both. Some rules are useful only for monitoring prompts, and others only for responses.
Click the dropdown for Action to select the action this policy rule will take. You can select: Block or Allow. Important! For API-enforced AI Runtime protection, the Block action is not available.
Click Next.

Summary

On the Summary page:

Review your policy details.
Click Save to create the policy.

The policies are disabled by default, you would need to enable the policies.