This is the multi-page printable view of this section. Click here to print.
Protegrity’s Semantic Guardrails solution is a security guardrail engine for AI systems. It evaluates risks in GenAI systems such as chatbots, workflows, and agents, through advanced semantic analytics and intent classification to detect potentially malicious messages. PII detection can also be leveraged for comprehensive security coverage.
For more information about Semantic Guardrails, refer to the Semantic Guardrails documentation.
Ensure that the following requirements are met before installing Semantic Guardrails with NFA.
kubectl, is configured for the NFA cluster.helm CLI v3.x is installed.This section describes the steps to install Semantic Guardrails.
For PII detection, it is recommended to install Data Discovery services before installing Semantic Guardrails.
For more information about installing Data Discovery service, refer to Installing Data Discovery.
To verify the Data Discovery service status, run the following command.
kubectl get pods -n data-discovery
To install Semantic Guardrails, it is recommended to install from the Artifactory repository.
NOTE: If the installation fails due to existing
namespace, then uninstall Semantic Guardrails.
Perform the following steps.
To add the Semantic Guardrails repository, run the following command.
helm repo add protegrity-charts https://artifactory.protegrity.com/artifactory/helm-charts/
To update the repository index, run the following command.
helm repo update
To install the helm chart, run the following command.
helm upgrade --install nfa-semantic-guardrails semantic-guardrails/semantic-guardrails --version 1.1.0 --namespace pty-semantic-guardrails --create-namespace
If the source code is available, then semantic guardrails can be packaged.
Perform the following steps.
To navigate to the chart directory, run the following command.
cd deployment/nfa
To create a package, run the following command.
helm package charts/semantic-guardrails
If the semantic-guardrails-1.1.0.tgz file is available, then install the file using the following command.
helm upgrade --install nfa-semantic-guardrails ./semantic-guardrails-1.1.0.tgz \
--namespace pty-semantic-guardrails \
--create-namespace
To verify the deployment status, run the following command.
kubectl get pods -n pty-semantic-guardrails
After Semantic Guardrails feature is successfully deployed, the expected output is as follows.
NAME READY STATUS RESTARTS AGE
semantic-guardrails-deployment-xxxxxxxxxx-xxxxx 1/1 Running 0 2m
To verify the service status, run the following command.
kubectl get svc -n pty-semantic-guardrails
After Semantic Guardrails feature is successfully deployed, the expected output is as follows.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
semantic-guardrails-service ClusterIP 172.20.109.155 <none> 8001/TCP 3h
Perform the following steps to test the Semantic Guardrails deployment.
To test the Semantic Guardrails API endpoint, run the following command.
Note: The endpoints require authentication.
curl -k -X POST https://eclipse.aws.protegrity.com/pty/semantic-guardrails/v1.1/conversations/messages/scan \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer YOUR_JWT_TOKEN' \
--data '{
"messages": [
{
"from": "user",
"to": "ai",
"content": "This is a test message for semantic analysis",
"processors": ["financial"]
}
]
}'
We should see, on the response, something similar to:
{
"from": "user",
"to": "ai",
"content": "This is a test message for semantic analysis",
"outcome": "approved",
"score": 0.2,
"explanation": "in-domain"
}
If Data Discovery is installed, then to test the Data Discovery integration, run the following command.
curl -k -X POST https://eclipse.aws.protegrity.com/pty/semantic-guardrails/v1.1/conversations/messages/scan \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer YOUR_JWT_TOKEN' \
--data '{
"messages": [
{
"from": "ai",
"to": "user",
"content": "My name is John Smith, my credit card number is 15342724758",
"processors": ["pii"]
}
]
}'
We should see, on the response, something similar to:
{
"from": "ai",
"to": "user",
"content": "My name is John Smith, my credit card number is 15342724758".,
"outcome": "rejected",
"score": 0.9,
"explanation": "['NAME' : 'John Smith', 'CCN' : '15342724758']"
}
This service provides AI conversation scanning and semantic analysis capabilities for Semantic Guardrails.
This section provides an overview of the primary endpoint.
| Name | Endpoint |
|---|---|
| Main API | /v1/conversations/messages |
| Models API | /pty/semantic-guardrail/v1.1/domain-models/ |
The semantic-guardrail service uses these environment variables:
| Variable | Description |
|---|---|
LOG_LEVEL | Logging level (INFO/DEBUG) |
PRODUCTION_LOGGING | Enables production logging (true/false) |
DATA_DISCOVERY_SEARCH | Enables PII detection search (true/false) |
DATA_DISCOVERY_URL | Data Discovery classification service hostname(default: “classification-service.data-discovery”) |
DATA_DISCOVERY_PORT | Data Discovery classification service port(default: 8050) |
To use a different image, ensure to update the content of the values.yaml file.
serviceImages:
semanticGuardrails: "<your-semantic-guardrails-image>"
To update the deployed cluster, run the following command.
helm template semantic-guardrails charts/semantic-guardrails > semantic_guardrails.yaml 2>&1
kubectl delete -f semantic_guardrails.yaml
kubectl apply -f semantic_guardrails.yaml
Perform the following steps to uninstall Semantic Guardrails.
To uninstall semantic-guardrails, run the following command.
helm uninstall semantic-guardrails -n pty-semantic-guardrails
If Data Discovery is not needed, then uninstall the Data Discovery service.
To uninstall data discovery, run the following command.
helm uninstall data-discovery -n data-discovery