Guardrails for LLM pipelines.
Data going into your model can carry PII from a database, a file, or an upstream service. Sent to a third-party API without your knowledge. Output coming back can expose sensitive data or generate SQL that causes full table scans, unbounded result sets, and performance problems in production.
Instructeer Guards sit between your application and the model. Fast, rule-based deterministic detection on every request. Docs →
How fast? Sub-50ms same-region on persistent connections. We work hard to keep it that way. Limits →
p50
p95
~40ms
~50ms
~30ms
~40ms
Persistent connection benchmarks. Cold start (first request, fresh TCP+TLS) typically under 200ms same-region. Live Checkly probes →
sql.analyze("DROP TABLE users")
{
"allowed": false,
"severity": "high",
"rule": "DDL_NOT_ALLOWED"
}pii.detect_all("john@example.com")
{
"entity_type": "EMAIL",
"severity": "medium",
"confidence": 0.99
}Guards
Fast, deterministic detectors. Sub-200ms across US regions.SQLGuard
Scans AI-generated SQL before it runs against your database. Text-to-SQL is an output guard problem: the model produces a query, you execute it. The model has no knowledge of your data volume. A query that looks reasonable against a test dataset can scan millions of rows in production. Unbounded result sets, missing LIMIT clauses, SELECT *, excessive JOINs. On cloud databases that charge per byte scanned, that is a cost problem as well as a performance one. SQLGuard catches these before they reach your database. Parses the actual query structure, no string matching, no false positives.
PIIGuard
Scans text for personally identifiable information (PII). Run it on data going into the model. Prompts assembled from database records, uploaded files, upstream service output. Without it, PII in that data goes to OpenAI, Anthropic, or whichever third-party API you're calling. Run it on the response coming back. Models can surface sensitive data in generated output.
PromptGuard
Coming soonInput guard for prompt injection. Scans data going into the model for attempts to override system instructions or manipulate behavior. OWASP LLM01. “Ignore previous instructions.” “You are now DAN.” Pattern database updated as new techniques surface. Your integration doesn't change when new patterns ship.
Deterministic, rule-based detection.
ML-based scanners change behavior when their model is retrained. A detection that fires today may not fire next month on the same input — or may fire on things it didn't before. You cannot document a control that moves.
Instructeer uses regex and rule-based detection. No model. No retraining. A rule that fires on a given input fires the same way next year. Each detection points to a specific rule — not a confidence score.
| Instructeer | ML-based | |
|---|---|---|
| Same result every run | Yes | No |
| Points to a specific rule | Yes | No — confidence score |
| Behavior changes on vendor update | No | Yes |
| Latency | sub-200ms (US) target | ~100–500ms |