Capability Map
Complete inventory of agent tool access, API surface, and indirect-call chains. Useful as ongoing reference as your agent system evolves.
15–25 pages · Markdown + diagramSERVICES · DEFENSIVE← BACK TO SERVICES
Agentic Guardrails
Runtime constraints that limit what your AI agents can do — even when their reasoning is compromised.
Agentic Guardrails is a defensive engineering engagement. We design and implement runtime constraints around your AI agents so that even when an agent is manipulated, its capacity to cause damage is bounded. Tool-scoping, action allowlists, blast-radius limits, and rate caps — engineered to your specific agent graph, not pasted from a generic policy.
// THE PROBLEM
What we're solving when you hire us for thisMost defensive AI engineering focuses on preventing agents from being manipulated. That's a losing battle — sufficiently sophisticated injection will eventually succeed against any model. The realistic defensive question is: when an agent is manipulated, what can it actually do? An agent with unrestricted tool access can drain accounts. An agent with scoped, rate-limited, allowlisted tool access cannot.
Agentic Guardrails engineers that scoping. We don't try to make agents un-manipulable. We make manipulated agents unable to cause material damage. The engagement produces runtime configuration, policy code, and monitoring infrastructure that survives in production beyond the engagement window.
// HOW WE RUN IT
The five phases of an Agentic Guardrails engagement01
Capability Inventory
We document every tool, API, and action your agents can invoke, including indirect access through chained calls. The output is a written capability map showing the full blast radius of a compromised agent.
Duration 3–5 days · Output: capability map02
Risk Tier Assignment
Each capability is assigned a risk tier based on impact (data exposure, financial action, irreversibility) and reachability (how easy it is to invoke). High-tier capabilities require stronger guardrails.
Duration 2–3 days · Output: tiered capability map03
Guardrail Design
We design the runtime constraints: tool allowlists per agent, rate limits per action, approval gates for irreversible operations, blast-radius bounds. Design is reviewed and approved by your engineering team before implementation.
Duration 4–5 days · Output: design document + approval gate04
Implementation
We work with your engineering team to implement the guardrails — either directly (we write the policy code) or in advisory mode (we design, your team implements). Implementation includes monitoring and alerting for guardrail trips.
Duration 7–10 days · Output: deployed guardrails + monitoring05
Validation & Handoff
We test the guardrails against the threat model — confirming that intended operations still work and unintended ones are blocked. Final deliverable includes a runbook for ongoing maintenance and tuning.
Duration 3–4 days · Output: validation report + runbook// WHAT YOU RECEIVE
Deliverables, named and specificGuardrail Design Document
Runtime constraints specified per agent, per capability, with rationale for each policy decision. Reviewed and approved by your engineering team before implementation.
Design document + policy codeImplementation Artifacts
Deployed policy code, configuration, and monitoring rules. Either committed directly to your repository or delivered as patches your team applies.
Code + configurationMonitoring & Alerting
Alerts for guardrail trips so your team knows when constraints are activating in production — and can distinguish expected limits from unexpected abuse.
Monitoring rules + alert routingOperations Runbook
Documentation for tuning guardrails as your agent system evolves — when to loosen, when to tighten, and how to test changes before deploying them.
Runbook + playbooksEngineering Handoff Session
Working session with your team to walk through the deployed guardrails, the runbook, and the process for updating constraints as the system changes.
90-minute session + recording// ENGAGEMENT SHAPE
Specific numbers, not approximations3–5 weeks
Implementation phase varies2 practitioners
Minimum, both seniorDaily async updates
By 18:00 client timezoneAdvisory or implementer
Per SOW preferencePer-agent, per-capability
Written in SOW$24,500
Advisory mode; implementation higherContinuous
Code committed as designedEnd of engagement
Includes 30-day support// WHEN THIS IS RIGHT
Honest fit criteria// THE RIGHT FIT
—
Your agents have access to high-impact tools (financial, data access, customer-facing actions) and you need defensible scoping.
—
You've run Adversarial Probing or Multi-Agent Attack Simulation and need to act on the findings — this is the engagement that hardens.
—
Your engineering team understands the value of runtime constraints but doesn't have the bandwidth to design and deploy them in-house.
—
Regulatory or insurance requirements demand documented runtime constraints on AI agent behavior.
// THE WRONG FIT
—
Your agents are read-only with no tool calls or actions — guardrails have nothing to constrain.
—
You haven't yet tested your agents for vulnerabilities — guardrails are downstream of knowing where attacks succeed. Run probing first.
—
Your engineering team can't make changes during the engagement — implementation requires their active participation.
—
You want guardrails that are absolute and prevent all manipulation — runtime constraints bound damage; they don't prevent compromise.
// RELATED ENGAGEMENTS
Where this connects to the rest of our workAdversarial Probing
Run this first to understand which capabilities are exposed before designing guardrails against them.
DETAILS →
Multi-Agent Attack Simulation
If your system has multiple agents, run this to map cross-agent attack paths before designing graph-aware guardrails.
DETAILS →
Neural Hardening
Companion engagement for hardening the inference infrastructure that runs underneath your agents.
DETAILS →
Agentic Guardrails engagements start from $24,500. Reply within 24h. NDA before scope.
BOOK THIS ENGAGEMENT →