<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Guardrails on PG Blog</title><link>https://pg-blogs.netlify.app/tags/guardrails/</link><description>Recent content in Guardrails on PG Blog</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 05 Jul 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://pg-blogs.netlify.app/tags/guardrails/index.xml" rel="self" type="application/rss+xml"/><item><title>Guardrails for LLM Apps in Java</title><link>https://pg-blogs.netlify.app/posts/34-guardrails-for-llm-apps-in-java/</link><pubDate>Sun, 05 Jul 2026 00:00:00 +0000</pubDate><guid>https://pg-blogs.netlify.app/posts/34-guardrails-for-llm-apps-in-java/</guid><description>&lt;h2 id="introduction"&gt;Introduction&lt;/h2&gt;
&lt;p&gt;Every post in this series has quietly touched a piece of the same problem. &lt;a href="https://pg-blogs.netlify.app/posts/14-building-agentic-workflows-in-java/"&gt;Building Agentic Workflows in Java&lt;/a&gt; said &lt;code&gt;toolUse.input()&lt;/code&gt; is untrusted and must be validated before it reaches your code. &lt;a href="https://pg-blogs.netlify.app/posts/11-building-reliable-llm-apps-in-java/"&gt;Building Reliable LLM Applications in Java&lt;/a&gt; said the model will confidently invent facts, so ground it and get typed output instead of parsing prose. Neither post named the thing underneath both statements: &lt;strong&gt;anything that crosses from outside your code into the model, or from the model back into your code, is untrusted input&lt;/strong&gt; — a request body from the network, not a trusted internal value. This post names that boundary directly and gathers the defenses in one place — prompt injection (direct and indirect), input validation, output validation, and PII redaction — with the &lt;strong&gt;SAFE&lt;/strong&gt; pattern shown beside every &lt;strong&gt;unsafe&lt;/strong&gt; one it replaces, since this is the security-forward capstone of the series.&lt;/p&gt;</description></item><item><title>Guardrails for LLM Apps in Python</title><link>https://pg-blogs.netlify.app/posts/35-guardrails-for-llm-apps-in-python/</link><pubDate>Sun, 05 Jul 2026 00:00:00 +0000</pubDate><guid>https://pg-blogs.netlify.app/posts/35-guardrails-for-llm-apps-in-python/</guid><description>&lt;h2 id="introduction"&gt;Introduction&lt;/h2&gt;
&lt;p&gt;Every post in this series has quietly touched a piece of the same problem. &lt;a href="https://pg-blogs.netlify.app/posts/15-building-agentic-workflows-in-python/"&gt;Building Agentic Workflows in Python&lt;/a&gt; said a tool&amp;rsquo;s &lt;code&gt;input&lt;/code&gt; is untrusted and must be validated before it reaches your code. &lt;a href="https://pg-blogs.netlify.app/posts/10-building-reliable-llm-apps-in-python/"&gt;Building Reliable LLM Applications in Python&lt;/a&gt; said the model will confidently invent facts, so ground it and get typed output instead of parsing prose. Neither post named the thing underneath both statements: &lt;strong&gt;anything that crosses from outside your code into the model, or from the model back into your code, is untrusted input&lt;/strong&gt; — a request body from the network, not a trusted internal value. This post names that boundary directly and gathers the defenses in one place — prompt injection (direct and indirect), input validation, output validation, and PII redaction — with the &lt;strong&gt;SAFE&lt;/strong&gt; pattern shown beside every &lt;strong&gt;unsafe&lt;/strong&gt; one it replaces, since this is the security-forward capstone of the series.&lt;/p&gt;</description></item></channel></rss>