Secure Homegrown AI Agents with CrowdStrike Falcon AIDR and NVIDIA NeMo Guardrails

The biggest challenge for developers building AI applications is no longer the translation of user intent into action, but rather limiting its scope to stay within stated business goals and prevent abuse. This challenge has moved from theoretical to mission-critical as AI agents transition from experimental projects to mainstream business tools, where a single compromised agent can expose customer data, execute unauthorized transactions, or violate compliance requirements across thousands of interactions. 

To defend agents against runtime attacks and reduce the agentic blast radius in the event of compromise, organizations need to define guardrails and a framework that applies those constraints on the do-anything-now capabilities of LLMs. We're excited to announce that CrowdStrike Falcon® AI Detection and Response (AIDR) now supports NVIDIA NeMo Guardrails as of release v0.20.0, delivering enterprise-grade protection that helps organizations confidently move agentic AI applications from development to production.

CrowdStrike Falcon AIDR with NVIDIA NeMo Guardrails

NVIDIA NeMo Guardrails is an open-source library for adding programmable guardrails to LLMs and agentic applications. It includes a suite of NVIDIA Nemotron Safety models for content safety, personally identifiable information (PII), jailbreak detection, and topic control with advanced reasoning capabilities and multilingual and multimodal support. Together, Falcon AIDR and NVIDIA NeMo Guardrails enable developers to manage agentic data access, control how they should respond, and see which tools and data sources they can access to help ensure custom policy compliance and safety controls. Ultimately, this helps organizations move AI agents from experimentation to production with confidence, visibility, and control. 

Falcon AIDR blocks prompt injection attacks that could manipulate agent behavior and trigger unauthorized actions, redacts sensitive data to prevent exposure across thousands of automated interactions, defangs malicious content like adversarial domains before agents can execute compromised workflows, and moderates unwanted topics to ensure agents stay within compliance boundaries. With over 75 built-in classification rules and support for custom data classification, Falcon AIDR provides the comprehensive guardrails that production agentic systems demand, protecting AI agents as they autonomously trigger actions and follow complex business processes.

Use Cases

Falcon AIDR with NVIDIA NeMo Guardrails excels in scenarios where homegrown AI agents operate autonomously across sensitive business processes. Below are a few examples of how this could improve security across industries:

• Financial services, where agents handling customer inquiries can automatically redact account numbers and SSNs while blocking prompt injection attempts that could manipulate transaction logic. 
• Healthcare organizations, which deploy clinical documentation assistants that protect protected health information (PHI) across patient interactions while preventing jailbreak attacks that could compromise medical advice accuracy. 
• Customer service organizations, which deploy autonomous support agents that handle complex, multi-turn troubleshooting workflows. Falcon AIDR helps ensure these agents don't expose customer PII in chat logs, prevents prompt injection that could manipulate refund policies, and blocks competitor mentions while maintaining natural conversation flow across dozens of interaction turns. 
• Software development teams, which protect AI coding assistants by detecting hardcoded secrets, blocking code injection attempts, and redacting internal repository references before code is committed. 

In each scenario, Falcon AIDR's flexible policy framework for NVIDIA NeMo Guardrails enables organizations to balance security with functionality, starting with monitoring mode to understand their threat landscape, then progressively enforcing blocks and redactions as agents move from development to production, all while maintaining up to sub-100ms response times that keep agentic workflows responsive and user experiences seamless. 

Configuring Falcon AIDR Policies 

Falcon AIDR and its corresponding API enable teams to create named detection policies tailored to their specific security requirements. A policy is a set of enabled detectors configured to detect, block, redact, encrypt, or transform content. Policies serve as AI guardrails applied at critical points in AI agent and application workflows such as chat input sanitization, chat output filtering, RAG data ingestion, and agent tool invocation. Falcon AIDR includes default policies (e.g., for chat input and chat output) that correspond to these common scenarios, and teams can create custom policies that combine detectors with specific action modes for their unique use cases.

The Falcon AIDR API takes the policy name and an OpenAI-compatible messages array containing role-based content (user, system, assistant, tool, function, etc.). The API applies the policy to the appropriate elements of the messages array and returns a recommendation to block or allow, along with possibly transformed elements, such as redacted PII, defanged URLs, or encrypted sensitive data, that the calling application should use in place of the original content (if not blocking the message outright). This flexible response model enables you to start in monitoring mode (report-only) during development, then progressively enforce stricter controls (block, redact, encrypt) as you move to production, ensuring security doesn't slow your development velocity.

Falcon AIDR Detectors

Falcon AIDR supports the following detectors:

Using Falcon AIDR with NeMo Guardrails

NVIDIA NeMo Guardrails allow you to define the flow of an AI application along with “rails” using Colang, which is an event-driven interaction modeling language that is interpreted by a Python runtime. The NVIDIA NeMo Guardrails GitHub repo has setup instructions for Falcon AIDR support here. NVIDIA NeMo Guardrails Colang examples that apply AIDR as rails can be found in the examples/configs folder:

NeMo-Guardrails
└── examples
   └── configs
       ├── crowdstrike_aidr
       │   ├── config.yml
       │   └── README.md
       └── crowdstrike_aidr_v2
           ├── config.yml
           ├── main.co
           ├── rails.co
           └── README.md

Below are the three files from the crowdstrike_aidr_v2 folder with a minimal Colang 2 NVIDIA NeMo Guardrails example application using Falcon AIDR for input and output rails.

--------------------------------------------

config.yml

colang_version: "2.x"

models:
 - type: main
   engine: openai
   model: gpt-4o-mini

instructions:
 - type: general
   content: |
     You are a helpful assistant.

rails:
  config:
    crowdstrike_aidr:
      timeout: 15.0 # Optional request timeout in seconds. Defaults to 30 seconds.

config.yml tells NVIDIA NeMo Guardrails to:

1. Use gpt-4o-mini as the LLM to be used by the chat agent
2. Use “You are a helpful assistant.” as the system prompt.
3. Optionally configure the request timeout used by the Falcon AIDR guardrail.

--------------------------------------------

main.co

import core
import llm

flow main
 activate llm continuation

main.co defines the main flow of the chat agent, activating the “llm continuation flow” pattern to drive the dialog of the chat app.

--------------------------------------------

rails.co

import guardrails
import nemoguardrails.library.crowdstrike_aidr

flow input rails $input_text
    crowdstrike aidr guard input

flow output rails $output_text
    crowdstrike aidr guard output

rails.co defines the input and output rails so that they will apply Falcon AIDR.

--------------------------------------------

Get Started with Falcon AIDR

Falcon AIDR, now supported with NVIDIA NeMo Guardrails, enables developers to secure AI agents and workloads by blocking prompt injections, sanitizing inputs/outputs, and redacting sensitive data with 75+ built-in rules and custom classifiers, while also moderating unwanted or inappropriate responses.

This integration delivers a comprehensive framework for building safe, enterprise-ready AI applications with strong threat mitigation across multiple vectors. Check out the details on GitHub.

To discuss the commercial use of Falcon AIDR or schedule a demo, please contact us.