Sept 24
San Francisco
Case study
See how Pepper Money hit 98% ESAT with Atomicwork. Watch the full success story ->
52% of organizations are not fully confident their AI security controls would detect a compromised AI, says a recent Proofpoint research. Yet, AI agents are already inside their organizations, provisioning access, resetting passwords, routing tickets, and answering policy questions at scale.
The commonly held view is to slow down and put guardrails in place later, once things are more settled. Treat them as a future-state concern once AI 'earns its stripes'.
We strongly believe that the instinct is exactly backwards.
At Atomicwork's FUSION '25 event, Sanjay Jeyakumar, CTO of Abnormal AI, put it cleanly: "It is the guardrails that put your F1 car on full speed." The guardrails are what allow the speed to exist safely.
This is the fundamental reframe modern IT leaders need: AI guardrails are not to be viewed as a restriction mechanism. They are the infrastructure that converts AI experiments into production-grade enterprise systems. With agentic AI, AI doesn't just answer questions but takes actions. So, the stakes have changed fundamentally.
For a CIO audience, a working definition: AI guardrails are technical and procedural controls that establish boundaries for AI system behavior, spanning input, processing, and output layers.
What they are NOT is equally important to establish. Guardrails are not just content filters slapped onto a chat interface; they are not prompt engineering tricks, nor are they one-time configurations you set at deployment and revisit annually. They span datasets, models, applications, and workflows, and they require continuous maintenance.
The architecture has three distinct layers:
- Input guardrails: Before the model processes anything, inputs go through validation, sanitization, intent classification, and PII detection. The goal is to ensure only safe, authorized, and well-formed queries reach the AI system.
- Process guardrails: Once inside the system, the AI operates with guardrails around retrieval (grounding in trusted organizational data via RAG), permission-aware access, and model selection appropriate to the use case.
- Output guardrails: What the AI returns is evaluated for hallucinations, toxicity, policy alignment, and source verifiability before it reaches the employee.
This is meaningfully different from 'safety theater' which are the surface-level keyword filters and basic content moderation that create a false sense of security without addressing underlying architectural risk. Safety theater looks like guardrails, but doesn't function like them.
Atomicwork's published TRUST framework — Transparent, Responsible, User-centric, Secure, and Traceable — operationalizes all three layers. Input sanitization and anomaly detection run before queries reach Atom. Output is monitored against organizational policy. Domain-specific LLMs grounded in customer data reduce hallucination rates at the source, rather than trying to catch errors after the fact.
This is where most existing coverage of AI guardrails falls short, and where the gap between theory and production reality is widest.
Traditional guardrails were designed to evaluate language. They asked: is this output safe, accurate, and appropriate? No doubt that question still matters. But agentic AI requires guardrails that govern operations.
When an AI agent can approve access requests, trigger provisioning workflows, execute software installations, or modify employee records, the failure mode is no longer just a 'bad answer' but an unauthorized action, a compliance violation, or even a security breach that auditors want documented explanations for.
A real-world example that circulated in engineering communities: an AI agent approved a $40,000 software license renewal by pulling from a cached policy document that had been superseded months earlier. The policy it relied on was accurate when written. The action it took was catastrophically wrong.
Agentic AI guardrails must cover three dimensions that simply didn't exist in earlier AI deployments:
The platform's IGA (Identity Governance and Administration) agent reasons within governance policies before provisioning access, enforcing least-privilege by default rather than requiring IT to configure restrictions case by case. This is what the FUSION '25 panel called 'guardrail engineering' and 'zero trust for non-deterministic actions.'
Atomicwork's Atom operates with explicit action boundaries baked into the platform. Organizations can configure which cases leverage autonomous AI judgment and which serve standard, verified answers, particularly for sensitive HR topics like benefits or reimbursement policies, where precision matters more than conversational flexibility.
One of the most consistent gaps in available guidance on AI guardrails is architectural: organizations know they need guardrails, but have no framework for where in the stack those guardrails should live. Here are the four primary patterns, and when to use each.
- Gateway-level guardrails: These are centralized policy enforcement at the API gateway, creating a consistent control layer across all AI interactions regardless of which model is being called. This is particularly well-suited to multi-model enterprise environments where you need uniform policy across providers rather than managing guardrails separately for each.
- Platform-level guardrails: These are 'managed' cloud services like AWS Bedrock Guardrails, Azure AI Content Safety, and similar offerings. These are well-suited to organizations already standardized on a single cloud provider, offering lower implementation lift at the cost of customization depth.
- Orchestration-level guardrails: These are embedded directly in the agentic framework itself, evaluating before, during, and after agent actions rather than only at input/output boundaries. This is the appropriate pattern for agentic AI systems executing multi-step workflows, where guardrails must be context-aware across the entire action sequence.
- Application-level guardrails: These are embedded in application code and customized per use case. These are best for highly specialized or regulated workflows where industry-specific compliance requirements demand purpose-built controls.
Most mature enterprise deployments will run a combination of these as a mechanism of defense in depth rather than a single control point. The question is which combination maps to your threat model and operational architecture.
Evaluating and implementing guardrails requires a structured lens. The following five pillars offer a framework CIOs can use to assess the current state and prioritize investment. They map to Atomicwork's published TRUST model, but they hold as universal evaluation criteria regardless of platform.
The regulatory timeline adds urgency. Gartner predicts more than 40% of agentic AI projects will be abandoned by 2027 due to inadequate risk controls, escalating costs, or unclear business value. Organizations that treat guardrails as a 'later' problem are running a compliance clock they may not realize is already ticking.
The organizations that will win with agentic AI era are the ones that move fastest because they have guardrails and because their governance infrastructure gives them the confidence to deploy autonomy at scale.
Mature guardrail programs deploy AI faster, operate more safely, and expand to new use cases more aggressively. They treat guardrails not as a compliance checkbox but as the operational infrastructure that makes the rest possible.
The principle to carry forward: guardrails should be continuous, not quarterly; embedded, not bolted on; and intelligent, capable of reasoning about context, not just matching rules.
The F1 car doesn't go fast despite the guardrails. It goes fast because of them.
Explore how Atomicwork's agentic service management platform operationalizes guardrails in production — from the TRUST framework to ISO 42001-certified governance. Request a demo →
