Guardrails for enterprise AI agents — what's actually load-bearing in production

Field notes from two years building production agents at a Fortune 100

Most writing about AI guardrails reads like a vendor pitch — a layered architecture diagram, a list of capabilities, a security-checklist deliverable. The reality of what actually keeps an enterprise AI agent system safe in production is narrower than that, less glamorous, and mostly stuff that existed before LLMs. IAM, network egress, audit trails, secrets management. With a few new controls bolted on for the agent layer.

I've spent the last two years building production AI Platform Agents at a Fortune 100 manufacturer — agents that diagnose CI/CD failures, triage Kubernetes incidents from a Microsoft Teams channel, generate infrastructure documentation from live repos and Terraform state, and offer real-time guidance on engineering pipelines. They run on EKS, talk to OpenAI APIs through a LangChain orchestration layer, and ground their answers in a RAG corpus we maintain.

What follows isn't a survey of every guardrail option. It's the layered stack we actually run in front of every agent, ranked by what would break first if you pulled it out. Plus a section on what's theater, and a section on what I got wrong.

The layered guardrail stack