Skip to main content
Custom security rules let you go beyond built-in detection. Define policies that match your exact business requirements — block specific topics, protect entity names, enforce natural-language constraints, and more.

Policy Types

PromptGuard supports seven policy types. Each policy has a type, an action (block, redact, flag, allow), and either rules (condition-based) or a system prompt (LLM-judged).
TypeHow it worksWhen to use
input_filterEvaluates rules against incoming promptsBlock injection patterns, forbidden terms
output_filterEvaluates rules against LLM responsesRedact PII in output, block toxic content
topic_filterLLM judge evaluates a natural-language descriptionKeep conversations on-topic
llm_guardLLM judge evaluates a natural-language descriptionCustom business logic too complex for regex
entity_blocklistPattern matching on both input and outputBlock specific names, terms, or identifiers
rate_limitRate-based enforcementThrottle requests per time window
customFlexible rule-based evaluationAnything else

Creating Policies

Via Dashboard

  1. Navigate to Dashboard → [Project] → Policies
  2. Click “Create Policy”
  3. Select the policy type
  4. Configure rules or system prompt description
  5. Click “Create Policy”

Via API

curl -X POST https://api.promptguard.co/api/v1/policies \
  -H "X-API-Key: $PROMPTGUARD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Block Competitor Mentions",
    "policy_type": "entity_blocklist",
    "is_active": true,
    "rules": [
      {
        "condition": "contains_text_any",
        "value": "Acme Corp|Globex|Initech",
        "action": "block"
      }
    ]
  }'

Rule Conditions

Rule-based policies (input_filter, output_filter, entity_blocklist, custom) use condition/value/action triples:
ConditionDescriptionExample Value
contains_piiMatches PII entities (email, SSN, etc.)true
prompt_injectionMatches injection patternstrue
contains_textExact substring matchconfidential
contains_text_anyMatch any of pipe-separated termspassword|secret|credential
natural_languageLLM-judged conditionRequest asks about pricing

Actions

Each rule specifies what happens when the condition matches:
ActionBehavior
blockReject the request entirely (HTTP 400)
redactRemove or mask the matched content
flagAllow the request but log the violation
allowExplicitly permit (useful for allowlist rules)

Topic Filter

Topic filters use natural language to define what a conversation should be about. An LLM judge evaluates each request against your description and blocks off-topic queries. 
curl -X POST https://api.promptguard.co/api/v1/policies \
  -H "X-API-Key: $PROMPTGUARD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Support Bot Scope",
    "policy_type": "topic_filter",
    "is_active": true,
    "system_prompt_details": "This bot handles Azure cloud infrastructure support only. Block questions about billing, HR, competitor products, or anything unrelated to Azure services, networking, and deployment."
  }'
When to use topic_filter vs. input_filter:
  • Use topic_filter when the boundary is semantic (“stay on topic”)
  • Use input_filter with contains_text rules when the boundary is lexical (“block this exact word”)

LLM Guard

LLM Guard policies define custom business rules in natural language, evaluated by an LLM judge. Use these for constraints that are too nuanced for pattern matching. 
curl -X POST https://api.promptguard.co/api/v1/policies \
  -H "X-API-Key: $PROMPTGUARD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "No Financial Advice",
    "policy_type": "llm_guard",
    "is_active": true,
    "system_prompt_details": "Block any response that provides specific financial advice, stock recommendations, or investment guidance. General financial education is acceptable."
  }'

Entity Blocklist

Entity blocklists protect specific names, terms, or identifiers from appearing in prompts or responses. They evaluate against both input and output. 
curl -X POST https://api.promptguard.co/api/v1/policies \
  -H "X-API-Key: $PROMPTGUARD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Client Name Protection",
    "policy_type": "entity_blocklist",
    "is_active": true,
    "rules": [
      {
        "condition": "contains_text_any",
        "value": "Acuity Analytics|John Smith|Project Phoenix",
        "action": "redact"
      }
    ]
  }'
The contains_text_any condition accepts pipe-separated (|) terms and matches any of them. This is more efficient than creating multiple contains_text rules.

Policy Presets

PromptGuard also provides six use-case-specific presets that combine multiple built-in detectors:
PresetOptimized For
DefaultBalanced security for general AI apps
Support BotStrict PII and exfiltration protection
Code AssistantInjection detection, API key/secret scanning
RAG SystemMaximum security, enhanced leak prevention
Data AnalysisStrict PII, SSN/DOB detection
Creative WritingNuanced content filtering, higher thresholds
See Policy Presets for detailed configuration.

Feature Comparison by Tier

FeatureFreeProScale
Policy Presets✅ Default✅ All Presets✅ All Presets
Custom Policies (rules-based)✅ 5 policies✅ 25 policies✅ Unlimited
Topic Filter
LLM Guard
Entity Blocklist
Regex Detection✅ 70-80%✅ 70-80%✅ 70-80%
ML Detection✅ ~95%✅ ~95%

Next Steps

Policy Presets

Pre-configured security policies

Threat Detection

Built-in detection capabilities

Observability

Trace policy decisions and debug

API Reference

Full policy management API