Oronts GmbH, Amtsgericht München HRB 288224 · https://oronts.com/portfolio/oguardai · Version 2026-06-12 · office@oronts.com
All work
Oronts Products2024Ongoing

OGuardAI

Semantic data protection runtime for AI systems. Policy engine, PII detection and reversible tokenization between your application and any LLM.

Talk to usRead the guide

At a glance

99.7%
PII detection recall on our test corpus
<50ms
Rejection latency target for blocked content
3
Validation layers: policy, PII, tokenization
0
Raw PII values exposed to the model after tokenization

The Challenge

Production LLM systems share a failure class: PII leaking into prompts and outputs, hallucinated data reaching customers, and generated text violating communication policies. Ad-hoc filters solve one incident and break on the next edge case. GDPR makes this an architecture problem, not a patching problem.

Our Approach

OGuardAI runs as a synchronous filter in the LLM request and response path. Three validation layers: content policy classification against hot-reloadable YAML rule sets, PII detection combining pattern matching with named entity recognition, and semantic tokenization that swaps sensitive values for reversible tokens so the model never sees raw data. Restoration happens per output channel policy.

System Architecture

Loading diagram...

System Architecture: LLM Response, OGuardAI, Policy Check, Pass, Deliver to User, Violation, Content Classifier, PII Found?, Yes, Redact / Tokenize, No, Block + Reason, Upstream Retry

Engineering decisions

A synchronous filter in the request and response path

Guardrails only work if they run before the model sees data and before output reaches a user. OGuardAI sits inline rather than as an after-the-fact audit, accepting a small, bounded latency cost for enforcement that cannot be skipped.

Reversible tokenization over blunt redaction

Redaction destroys the context a model needs to answer well. OGuardAI swaps sensitive values for structure-preserving tokens, so the model reasons over coherent text and never sees raw data. Restoration happens per output-channel policy, which makes the token vault the asset to secure.

Hot-reloadable YAML policies

Communication and data rules change faster than release cycles. Policies are YAML that reloads without a restart, so operations can tighten or relax rules live instead of waiting for a deploy.

Pattern matching and NER together

Regular expressions catch known formats; named-entity recognition catches contextual PII a pattern misses. Running both raises detection recall instead of betting on one technique.

Tech Stack

Backend
PythonFastAPIPydantic
Infrastructure
DockerGitHub Actions
AI / ML
Semantic TokenizationNERPolicy Engine

Key Outcomes

  • GDPR-aware AI architecture by design, not by patching
  • Hot-reloadable YAML policies without restarts or redeployments
  • Reversible tokenization keeps LLM output quality while protecting data
  • The pattern is documented publicly in our engineering guides

The Result

A reusable, framework-agnostic guardrail layer that turns GDPR-aware AI from per-project firefighting into infrastructure. Proprietary Oronts product; the architecture is documented in our data-leakage guide.

What an OGuardAI deployment looks like

OGuardAI drops into a client's AI stack as the layer between the application and any model provider.

  • It sits between your application and any LLM, inside your infrastructure
  • Your content and data rules live as YAML that you control
  • EU or private hosting keeps data in your tenancy; the model never sees raw PII
  • Reversible tokens preserve output quality while protecting sensitive values
  • We integrate it into your pipeline and hand over a layer your team operates
Talk to usAll work