Falcon AIDR and its corresponding API enable teams to create named detection policies tailored to their specific security requirements. A policy is a set of enabled detectors configured to detect, block, redact, encrypt, or transform content. Policies serve as AI guardrails applied at critical points in AI agent and application workflows such as chat input sanitization, chat output filtering, RAG data ingestion, and agent tool invocation. Falcon AIDR includes default policies (e.g., for chat input and chat output) that correspond to these common scenarios, and teams can create custom policies that combine detectors with specific action modes for their unique use cases.
Falcon AIDR blocks prompt injection attacks that could manipulate agent behavior and trigger unauthorized actions, redacts sensitive data to prevent exposure across thousands of automated interactions, defangs malicious content like adversarial domains before agents can execute compromised workflows, and moderates unwanted topics to ensure agents stay within compliance boundaries. With over 75 built-in classification rules and support for custom data classification, Falcon AIDR provides the comprehensive guardrails that production agentic systems demand, protecting AI agents as they autonomously trigger actions and follow complex business processes.
CrowdStrike Falcon AIDR with NVIDIA NeMo Guardrails
The biggest challenge for developers building AI applications is no longer the translation of user intent into action, but rather limiting its scope to stay within stated business goals and prevent abuse. This challenge has moved from theoretical to mission-critical as AI agents transition from experimental projects to mainstream business tools, where a single compromised agent can expose customer data, execute unauthorized transactions, or violate compliance requirements across thousands of interactions.
Falcon AIDR supports the following detectors:
Use Cases
NVIDIA NeMo Guardrails is an open-source library for adding programmable guardrails to LLMs and agentic applications. It includes a suite of NVIDIA Nemotron Safety models for content safety, personally identifiable information (PII), jailbreak detection, and topic control with advanced reasoning capabilities and multilingual and multimodal support. Together, Falcon AIDR and NVIDIA NeMo Guardrails enable developers to manage agentic data access, control how they should respond, and see which tools and data sources they can access to help ensure custom policy compliance and safety controls. Ultimately, this helps organizations move AI agents from experimentation to production with confidence, visibility, and control.
- Financial services, where agents handling customer inquiries can automatically redact account numbers and SSNs while blocking prompt injection attempts that could manipulate transaction logic.
- Healthcare organizations, which deploy clinical documentation assistants that protect protected health information (PHI) across patient interactions while preventing jailbreak attacks that could compromise medical advice accuracy.
- Customer service organizations, which deploy autonomous support agents that handle complex, multi-turn troubleshooting workflows. Falcon AIDR helps ensure these agents don’t expose customer PII in chat logs, prevents prompt injection that could manipulate refund policies, and blocks competitor mentions while maintaining natural conversation flow across dozens of interaction turns.
- Software development teams, which protect AI coding assistants by detecting hardcoded secrets, blocking code injection attempts, and redacting internal repository references before code is committed.
Falcon AIDR with NVIDIA NeMo Guardrails excels in scenarios where homegrown AI agents operate autonomously across sensitive business processes. Below are a few examples of how this could improve security across industries:
Configuring Falcon AIDR Policies
In each scenario, Falcon AIDR’s flexible policy framework for NVIDIA NeMo Guardrails enables organizations to balance security with functionality, starting with monitoring mode to understand their threat landscape, then progressively enforcing blocks and redactions as agents move from development to production, all while maintaining up to sub-100ms response times that keep agentic workflows responsive and user experiences seamless.
To defend agents against runtime attacks and reduce the agentic blast radius in the event of compromise, organizations need to define guardrails and a framework that applies those constraints on the do-anything-now capabilities of LLMs. We’re excited to announce that CrowdStrike Falcon® AI Detection and Response (AIDR) now supports NVIDIA NeMo Guardrails as of release v0.20.0, delivering enterprise-grade protection that helps organizations confidently move agentic AI applications from development to production.
Falcon AIDR Detectors
The Falcon AIDR API takes the policy name and an OpenAI-compatible messages array containing role-based content (user, system, assistant, tool, function, etc.). The API applies the policy to the appropriate elements of the messages array and returns a recommendation to block or allow, along with possibly transformed elements, such as redacted PII, defanged URLs, or encrypted sensitive data, that the calling application should use in place of the original content (if not blocking the message outright). This flexible response model enables you to start in monitoring mode (report-only) during development, then progressively enforce stricter controls (block, redact, encrypt) as you move to production, ensuring security doesn’t slow your development velocity.
| Detector | Description |
| Malicious Prompt | Reports or blocks attempts to manipulate an AII app into violating the constraints of its app-level or model-level intent (prompt injection) |
| Topic | Reports or blocks content related to restricted or disallowed topics |
| Language | Reports, blocks, or explicitly allows a spoken language to enforce language-based security policies |
| Code | Reports or blocks attempts to insert executable code into AI interactions |
| Malicious Entity | Reports, defangs, or blocks harmful references such as malicious IPs, URLs, and domains |
| Confidential and PII | Reports, redacts, encrypts, or blocks PII and other confidential data, such as email addresses, credit cards and bank numbers, government-issued IDs, etc. |
| Secret and Key Entity | Reports, redacts, encrypts, or blocks sensitive credentials like API keys, encryption keys, etc. |
| Competitors | Reports or blocks mentions of competing brands or entities |
| Custom Entity | Allows users to define and detect specific text patterns or sensitive terms that AI Guard will report, redact, encrypt, or block |
