The New Normal for Generative AI: What is the "Guardrail" that Protects Companies from AI Security Risks
As the use of generative AI continues to expand rapidly across companies, new security risks are emerging - such as employees using shadow AI tools and the unintentional leakage of confidential information through prompts. Traditional human centric approaches, including policy creation and employee training, are no longer sufficient to effectively mitigate these risks. To ensure safe adoption, organizations must implement technical controls capable of monitoring and managing generative AI usage in real time. In this article, we introduce the concept of AI guardrails, explain how they work, and highlight key considerations for implementing them to support the secure and responsible use of generative AI within enterprises.
1. Introduction
1.1. Expanding the Use of Generative AI and Emerging Challenges
While the use of generative AI is significantly improving productivity, new information security risks are also becoming apparent (*1). Corporate approaches to generative AI vary widely, but two high-risk patterns are increasingly common: "completely banning generative AI" and "allowing generative AI usage without effective governance."
At first glance, a complete ban on generative AI may seem like a safe way to prevent information leakage. However, once employees experience the convenience and efficiency of generative AI, they often turn to personal devices or private accounts to perform AI assisted work. This behavior leads to the rise of shadow AI, creating risks outside the organization's oversight and control.
On the other hand, companies that actively adopt generative AI without proper security mechanisms face a different kind of threat. Many organizations lack essential controls - such as logging usage activities, auditing prompts, and analyzing outputs - which raises the risk that confidential information may be unknowingly leaked externally. This represents the use of generative AI in a state where governance is not functioning.
Both extremes-prohibiting AI out of fear and prioritizing convenience at the expense of safety - are not practical long-term solutions. What companies truly need today is a realistic approach: creating an environment where generative AI can be used safely and responsibly.
To date, many organizations have relied primarily on human-focused measures, such as establishing internal policies and conducting employee training. However, given the speed and diversity of generative AI adoption across business operations, measures based solely on awareness and attention are reaching their limits. To ensure safe utilization, organizations must implement technical controls capable of monitoring and managing generative AI usage in real time.
-
(*1)
NTT DATA, Global GenAI Report
https://services.global.ntt/en-us/campaigns/global-genai-report
1.2. Purpose of This Article
This article presents technical approaches and key implementation points to help companies move beyond the extreme situations described earlier - such as the "complete banning of generative AI" and the "use of generative AI without effective governance." The aim is to guide organizations toward an environment where generative AI can be both safely utilized and properly managed.
At the center of this approach is the concept of guardrails, which continuously monitor and control the input and output of generative AI systems in real time. Guardrails come in two primary forms:
- Provider-side guardrails, which are embedded directly into generative AI services. These mechanisms control the model itself to prevent inappropriate or harmful outputs.
- User-side guardrails, introduced by companies and organizations. These focus on monitoring and controlling what users input into public generative AI tools and what results are returned - protecting against sensitive data leakage and improper use.
This article focuses on the latter: user-side guardrails. These solutions provide visibility into user behavior and data flow, detect incorrect prompts or sensitive information, and automatically block inappropriate inputs or outputs. By doing so, they establish a technical safeguard that does not depend on human vigilance alone.
The following sections outline the key mechanisms, practical considerations, and actionable steps for implementing user-side guardrails without restricting the use of generative AI.
2. What Is an AI Guardrail?
Traditional corporate information security measures have long relied on monitoring and restricting communication through technologies such as firewalls and web filtering. These controls remain essential today, as they prevent unauthorized communication and reduce the risk of malware infections.
However, the rise of generative AI has introduced new risks that cannot be addressed by traditional defenses alone. Firewalls and web filters operate at the network level - monitoring IP addresses, ports, and destination domains - but they cannot inspect or control the actual content of user prompts sent to generative AI services.
Generative AI systems create responses based on the text they receive. Therefore, if users enter confidential or personal information into prompts, that data is transmitted to external AI servers - even if the communication is encrypted (see Figure 1). Once transmitted, it becomes impossible to fully control how the AI service processes, stores, or learns from that information.
Figure 1: Image of a guardrail added to a traditional firewall/web filtering
Securing the communication channel alone is no longer sufficient. Organizations now require a new mechanism that protects the actual content of what is being input into and generated by generative AI. This mechanism is known as the guardrail. Guardrails monitor and control generative AI prompts and outputs in real time, helping prevent information leakage and other forms of improper use.
The core capability of guardrails is the ability to block inappropriate or risky input based on the content of a prompt. Broadly, there are two primary control methods used to achieve this (Figure 2):
1. Pattern-Matching Method
This method blocks prompts that contain predefined keywords or strings.
Strengths:
- Highly reliable for detecting specific, known sensitive terms.
- Simple to implement and provides immediate, deterministic results.
Limitations:
- If the preset keyword list is incomplete, risky input may be missed.
- Innocent prompts containing similar or ambiguous terms may be incorrectly blocked, causing operational friction.
2. LLM-Based Judgment Method
This approach uses an AI model to interpret the context of a prompt and determine whether the content is inappropriate.
Strengths:
- Can detect subtle or complex cases that keyword matching would miss.
- More flexible and adaptable to nuanced language variations.
Limitations:
- Decisions are probabilistic, not deterministic.
- Results may fall within a "gray area," making it difficult to define a strict boundary between allowed and blocked content.
- The decision making process can appear opaque, creating a "black box" effect.
Because each method has clear strengths and weaknesses, organizations typically adopt a hybrid approach, combining both techniques depending on the situation. By layering deterministic pattern matching with contextual LLM-based analysis, companies can achieve a more balanced and robust control mechanism - one that prevents leakage of confidential information while minimizing disruption to legitimate business activities.
Figure 2: Comparison of pattern matching and LLM judgment methods
Guardrails are not merely blocking mechanisms; they are multi-layered systems that support the control, visualization, and improvement of generative AI usage. Key functions include:
(1) Monitoring and Logging
All prompts, outputs, and control decisions are automatically recorded and stored as audit logs.
This enables swift investigation and root-cause analysis when an incident occurs.
(2) Visualization Dashboard
Usage patterns and risk trends can be visualized by department, user, and AI service.
This supports targeted education, policy refinement, and proactive risk management based on real usage data.
(3) Alerting and Automated Integration
High-risk activities trigger automated notifications to administrators.
Guardrails can also integrate with existing SIEMs and SOCs to enhance organization wide monitoring and improve SOC operational efficiency.
(4) Flexible Policy Configuration
Control policies can be tailored by department according to business operations and risk tolerance.
For example, operational departments can have more flexible settings, while legal or financial departments can apply stricter controls.
This alignment with real world workflows improves usability and reduces resistance from employees.
In this way, guardrails are not simply blocking tools, but rather a comprehensive security infrastructure that supports visualization, control, logging, analysis, and continuous improvement.
The goal is not to "restrict use," but to maintain an environment where generative AI can be used safely and continuously.
3. Key Points for Implementation
The most important consideration is to implement guardrails gradually, maintaining a balance between security and convenience. Over-prioritizing security can harm productivity, while over-prioritizing convenience leaves the organization exposed to data leakage risks.
Stage 1: Limited, Visualization Focused Deployment
Begin with a small-scale pilot involving selected users or departments.
Initially enable only monitoring functions to understand actual usage patterns, prompt characteristics, and occurrences of false positives.
Stage 2: Gradual Strengthening of Controls
Next, introduce control features in phases, prioritizing measures for high-risk scenarios.
Use feedback from users and insights from audit logs to finetune control thresholds and optimize the balance between usability and security.
Stage 3: Company-Wide Deployment and Operational Maturity
Roll out guardrails across the organization while simultaneously:
- Clarifying operational rules and acceptable use policies
- Developing structured training content
- Increasing employee understanding of the purpose and value of guardrails
This approach fosters a culture in which employees voluntarily use generative AI safely and responsibly, recognizing that the controls exist to protect both the organization and their own work.
Through this phased process, guardrails become both a strengthened security measure and a foundational component of the organization's long-term generative AI strategy.
4. Conclusion
4.1. Protecting Generative AI Without Stopping Its Use
As the adoption of generative AI accelerates across industries, organizations are required not to prohibit its use, but to enable its safe use. Rather than postponing security measures in the name of convenience, organizations must establish an appropriate balance between usability and risk reduction.
Guardrails provide a practical, modern approach to this challenge. By monitoring and controlling generative AI inputs and outputs in real time, guardrails reduce security risks in a way that does not depend solely on human behavior. They help protect sensitive information and maintain organizational trust without limiting the ability to use generative AI.
To realize this vision, organizations must invest not only in technology but also in strengthening their governance frameworks, operating models, and organizational readiness.
4.2. NTT DATA's Initiatives and Future Prospects
Safely utilizing generative AI requires a holistic approach that extends beyond technical guardrails. It includes a combination of governance, risk management, operational controls, and human-resource development.
NTT DATA has long provided end to end security services across the full lifecycle, from consulting and design to implementation and ongoing operations (*2). Leveraging this expertise, NTT DATA has established a framework capable of providing comprehensive, one-stop support for organizations adopting generative AI securely.
Internally, NTT DATA is developing a global standard development framework to support generative AI skill development, including competency definitions, evaluation indicators, and learning roadmaps. As of October 2025, the number of employees with practical generative-AI skills has reached 70,000, and the company aims to train approximately 200,000 employees by FY2027 (*3). These efforts form the foundation for supporting safe and responsible use of generative AI both within NTT DATA and for its clients.
The risks discussed in this article represent only a portion of the broader landscape. The nature and priority of risks vary significantly depending on an organization's industry, business operations, and culture. NTT DATA's strength lies in its ability to deeply understand these differences and cocreate solutions tailored to each client's unique context and challenges.
NTT DATA will continue to leverage its internal and external expertise to strengthen its support capabilities, enabling flexible, reliable responses to the evolving risks and requirements surrounding generative AI.
-
(*2)
NTT DATA, Cybersecurity
https://www.nttdata.com/global/en/services/cybersecurity -
(*3)
NTT DATA Group to expand practical generative AI human resource development to all global employees by FY2027 (Japanese article)
https://www.nttdata.com/global/ja/news/release/2025/102900/
Yu Ichinose
Global Business Unit, Security & Network Division, Solutions Sector, NTT DATA Japan
Joined the NTT DATA Group in 2024. In the Data Security domain, he has been involved in developing ransomware-countermeasure assets and contributing to knowledge sharing among global units. He is currently working on developing security service assets to address emerging risks surrounding generative AI.
Yusuke Miura
Global Business Unit, Security & Network Division, Solutions Sector, NTT DATA Japan
Specializes in developing new cybersecurity services using advanced technologies and works on identifying startups that can become next-generation partners, as well as co-creating partner businesses globally. Recently, has been focusing on developing security service assets related to generative AI.