Skip to main content

What are Security Policies?

Security policies are guardrails that protect sensitive data flowing through AI tools in your organization. They automatically detect, redact, or block content like personally identifiable information (PII), API keys, passwords, and restricted terms before it reaches an LLM. Dashboard: gateway.getunbound.ai/policies/security-policies

Available Guardrails

PII Detection

Detects personally identifiable information such as names, email addresses, phone numbers, and social security numbers. Configure actions per PII type:
  • Block — Reject the request entirely
  • Redact — Replace detected PII with placeholders before sending to the model
  • Warn — Log the detection but allow the request

Secrets Detection

Automatically identifies API keys, passwords, tokens, and other credentials in prompts and responses. Prevents accidental exposure of sensitive credentials to LLM providers.

Regex Pattern Match

Define custom regular expressions to match specific patterns in requests. Use this for organization-specific identifiers, internal project codes, or custom data formats that other guardrails don’t cover.

Ban List

Block specific words or phrases using fuzzy matching. Useful for preventing discussion of confidential project names, competitor products, or other restricted terms.

Document Classifier

Classifies documents by sensitivity level and applies routing rules accordingly. Sensitive documents can be automatically routed to private or on-premise models.

Default Routing

Configure how requests are routed by default. Map source models to destination models so requests for a specific model get routed to a different one. Use this to standardize model usage or route to more cost-effective alternatives.

Error Code Routing

Configure fallback models for when primary models fail:
  • Rate limit errors (429) — Route to an alternative provider
  • Server errors (5xx) — Failover to a backup model
  • Custom error codes — Define specific fallback behavior
This ensures developers stay productive even during provider outages.

Setting Up Security Policies

  1. Go to Security Policies in the Unbound dashboard
  2. Toggle the guardrail you want to enable
  3. Click the arrow to configure detection rules and actions
  4. Configure default routing and error code routing as needed
  5. Save your configuration
Security policies are applied to requests before they leave your gateway. Redacted content is replaced with placeholders, so the original data never reaches the LLM provider.

Applying to Users

Security policies can be attached to user groups to control which users are affected. Go to User Groups to create groups and assign security policies to them.

Managing via CLI

List and manage security policies from the terminal: 
unbound policy list --type SECURITY
unbound policy get <policy-id>

Tool Policies

Monitor terminal commands and MCP tool calls

Model Policies

Configure model selection rules