Skip to content
in/guard/out
in/guard/out

Learn

The problems, explained before the product

What guardrails are, what prompt injection actually looks like, why models hallucinate, and what can go wrong between an agent and its MCP servers – written for engineers deciding what to defend against, not just what to buy.

§01 Explainers

What are LLM guardrails?

LLM guardrails are runtime checks that sit around a language model and enforce rules the model itself cannot guarantee: what may go in, what may come out, and – for agents – what actions may run. The model stays probabilistic; the guardrails are the deterministic layer that decides whether its input and output are acceptable.

What is prompt injection?

Prompt injection is an attack where text the model reads carries instructions the model follows – instructions the application author never wrote. It works because a language model has no channel separation: system prompt, user message, retrieved document, and tool result all arrive as tokens, and the model weighs all of them when deciding what to do next.

What are AI hallucinations?

An AI hallucination is output a model states as fact that is not supported by its input or by reality: an altered figure, an invented citation, a confident claim its sources cannot back. The model is not malfunctioning when it does this – it is doing exactly what it was built to do, continue text plausibly – and plausible is not the same as true.

What is MCP security?

The Model Context Protocol (MCP) is the emerging standard for connecting AI agents to tools: an agent discovers a server’s tools from its manifest, calls them, and feeds the results back into its context. MCP security is the discipline of not trusting any step of that sentence.

AI hallucination examples: the incidents that made case law

Hallucination stops being an abstract model property the day it produces a court ruling, a sanctions order, or a nine-figure market reaction. The incidents below are public, documented, and instructive – because each one failed in a way a specific boundary check is designed to catch.

What is excessive agency?

Excessive agency is the risk that an AI agent holds more capability than its task requires – more tools, broader permissions, more autonomy – so that when something goes wrong (a hallucination, an injection, a plain bug), the agent has the power to turn the error into damage. It is risk LLM06 in the OWASP Top 10 for LLM Applications, and it is the defining security problem of the agent era.

The LLM security checklist

A working checklist for teams shipping an LLM feature or agent to production. It is organized the way the risk actually flows – what enters the model, what leaves it, what it is allowed to do, and how you will know what happened – and each item states what “done” means, because “we have a filter” is not a state of doneness.

Prefer to see it rather than read about it?

We’re running a limited demo – sign up and we’ll get you in as soon as we can.