Securing AI agents: Why guardrail placement is a key design decision

Yuki Matsuzaki

When teams start building AI agents, especially with managed systems like Amazon Bedrock, they often wonder whether simply enabling guardrails is enough to secure their agents. A framework like Amazon Bedrock Guardrails provides a solid foundation for content filtering and policy enforcement, but having guardrails in place is only part of the equation. In practice, where you insert those guardrails in the agent’s orchestration loop has as much impact on your security posture as the guardrail logic itself.

In this post, we’ll explore the importance of guardrail placement by following a concrete demo scenario: an indirect prompt injection attack that abuses a legitimate tool call to exfiltrate a secret. We’ll run the same attack against two different agent architectures:

A managed Amazon Bedrock Agent, where the Action Group Lambda is the only place in the orchestration loop where the developer’s code runs, so developer-created guardrails lack access to the full conversation history

A self-orchestrated agent that uses Datadog AI Guard to insert evaluations at multiple hook points

Securing AI agents: Why guardrail placement is a key design decision | Datadog

Other newsrooms on this story

Related reading

Agentic AI Guardrails: Controls That Work

Marketers put up guardrails as AI agents reshape programmatic buying

Securing AI Agents in a Bank: From Daily ChatGPT Use to a Production-Ready…

Agentic AI in DevOps: Useful Only After You Add Guardrails

LLM Agent Guardrails: The Engineering Playbook for Taking an 8B Local Model…

A note on building reliability infrastructure for AI agents — and why…