Learn
The problems, explained before the product
What guardrails are, what prompt injection actually looks like, why models hallucinate, and what can go wrong between an agent and its MCP servers – written for engineers deciding what to defend against, not just what to buy.
What are LLM guardrails?
LLM guardrails are runtime checks that sit around a language model and enforce rules the model itself cannot guarantee: what may go in, what may come out, and – for agents – what actions may run. The model stays probabilistic; the guardrails are the deterministic layer that decides whether its input and output are acceptable.
What is prompt injection?
Prompt injection is an attack where text the model reads carries instructions the model follows – instructions the application author never wrote. It works because a language model has no channel separation: system prompt, user message, retrieved document, and tool result all arrive as tokens, and the model weighs all of them when deciding what to do next.
What are AI hallucinations?
An AI hallucination is output a model states as fact that is not supported by its input or by reality: an altered figure, an invented citation, a confident claim its sources cannot back. The model is not malfunctioning when it does this – it is doing exactly what it was built to do, continue text plausibly – and plausible is not the same as true.
What is MCP security?
The Model Context Protocol (MCP) is the emerging standard for connecting AI agents to tools: an agent discovers a server’s tools from its manifest, calls them, and feeds the results back into its context. MCP security is the discipline of not trusting any step of that sentence.
AI hallucination examples: the incidents that made case law
Hallucination stops being an abstract model property the day it produces a court ruling, a sanctions order, or a nine-figure market reaction. The incidents below are public, documented, and instructive – because each one failed in a way a specific boundary check is designed to catch.
What is excessive agency?
Excessive agency is the risk that an AI agent holds more capability than its task requires – more tools, broader permissions, more autonomy – so that when something goes wrong (a hallucination, an injection, a plain bug), the agent has the power to turn the error into damage. It is risk LLM06 in the OWASP Top 10 for LLM Applications, and it is the defining security problem of the agent era.
The LLM security checklist
A working checklist for teams shipping an LLM feature or agent to production. It is organized the way the risk actually flows – what enters the model, what leaves it, what it is allowed to do, and how you will know what happened – and each item states what “done” means, because “we have a filter” is not a state of doneness.
OWASP Top 10 for LLM Applications – coverage map
Each of the ten risks, what it is, and exactly which guardrail addresses it – including the two we only partially cover and the one a runtime proxy honestly can’t.
Library vs gateway vs proxy – choosing an approach
The four ways teams deploy guardrails, what job each is actually good at, and when a proxy on the wire is – and isn’t – the right call.
The guardrails glossary
Thirty terms in a paragraph each – the attacks, the defenses, and the operating concepts – each linking to the page that treats it in depth.
Compliance mappings – EU AI Act, GDPR, HIPAA
Which obligations touch LLM traffic and which runtime check supports each – without pretending a tool confers compliance.
Prefer to see it rather than read about it?
We’re running a limited demo – sign up and we’ll get you in as soon as we can.