Skip to content

[Feature]: Add PromptGuard as a first-class guardrail provider #24272

New issue
New issue
Open
#24268
Open
[Feature]: Add PromptGuard as a first-class guardrail provider#24272
#24268
Labels
llm translationproxy
@acebot712

Description

@acebot712
acebot712
opened on Mar 21, 2026

Check for existing issues

  • I have searched the existing issues and checked that my issue is not a duplicate.

The Feature

Add PromptGuard as a first-class guardrail provider in LiteLLM, on par with existing vendors like Lakera, Noma, Prompt Security, and Bedrock Guardrails.

PromptGuard is an AI security gateway that provides:

  • Prompt injection detection — 94.9% F1 score (100% precision, 90.4% recall on 5,384 test cases)
  • PII detection & redaction — configurable entity types with automatic masking
  • Topic filtering — block conversations on prohibited topics
  • Entity blocklists — prevent references to blocked entities
  • Hallucination detection — identify factually unsupported claims
  • Self-hostable — can be deployed on-premise for data sovereignty requirements

Desired integration scope

Backend:

  • PromptGuardGuardrail as a CustomGuardrail subclass calling POST /api/v1/guard
  • Three decision paths: allow (pass-through), block (raise GuardrailRaisedException), redact (mask PII and pass-through)
  • Configurable block_on_error for fail-open/fail-closed behaviour
  • supported_event_hooks for pre_call and post_call
  • Image passthrough support via GenericGuardrailAPIInputs.images
  • Pydantic config model for UI-driven configuration

Frontend:

  • Partner card in the Guardrail Garden with eval scores and logo
  • Preset configuration for quick one-click setup

Documentation:

  • Full docs page at docs/proxy/guardrails/promptguard.md with Quick Start, config reference, advanced configuration (fail-open, multiple guardrails, always-on), and security features summary

Testing:

  • 40 mocked unit tests covering configuration, allow/block/redact decisions, fail-open resilience, image passthrough, request payload construction, error handling, config model, and registry wiring

Example config.yaml

guardrails:
  - guardrail_name: "promptguard-guard"
    litellm_params:
      guardrail: promptguard
      mode: "pre_call"
      api_key: os.environ/PROMPTGUARD_API_KEY
      api_base: os.environ/PROMPTGUARD_API_BASE  # optional
      block_on_error: true                        # optional, fail-closed by default

Motivation, pitch

PromptGuard fills a gap in LiteLLM's guardrail ecosystem by offering a self-hostable security gateway with deep prompt injection detection, PII redaction, and hallucination detection - capabilities that complement LiteLLM's existing vendor options. Having it as a first-class integration lets LiteLLM users protect their LLM applications without leaving the proxy ecosystem.

A complete implementation is available in PR #24268.

What part of LiteLLM is this about?

Proxy

LiteLLM is hiring a founding backend engineer, are you interested in joining us and shipping to all our users?

Yes

Twitter / LinkedIn details

LinkedIn
Twitter

Metadata

Metadata

Assignees

No one assigned

    Labels

    llm translationproxy

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions