nvidia
Safety for Agentic AI
Improve safety, security, and privacy of AI systems at build, deploy and run stages.
As large language models (LLMs) increasingly enable agentic AI systems capable of autonomous reasoning and tool use, they also introduce critical safety risks, including goal misalignment, hallucinations, and prompt injections. Enterprises are challenged to harness open-weight models' flexibility without compromising on trust, security, or compliance. As regulations tighten across regions and industries, non-compliance becomes a persistent challenge.
With this safety recipe, enterprises can now confidently adopt open models, aligned to their policy. Start with model evaluation using garak vulnerability scanning with curated risk prompts, benchmarking against enterprise thresholds. Then, post-train using recipes and safety datasets to close critical safety and security gaps. Deploy the hardened model as a trusted NVIDIA NIM and then add inference run time safety protection with NVIDIA NeMo Guardrails that actively block unsafe model behavior. With continuous monitoring, and collaboration between AI and risk teams, model safety becomes enforceable, not aspirational.
Architecture Diagram
This safety recipe is broken down into four steps, which map to a typical agentic workflow environment:
- Safety, security, and accuracy evaluation of models and systems
- Post-training with NVIDIA curated datasets
- Deploying the trusted model as a NIM
- Running the trusted model with NVIDIA NeMo Guardrails at inference
Key Features
- Evaluation pipelines for content safety with Nemotron Content Safety Dataset V2 and Wildguard utilizing NeMo Eval
- Security evaluation pipeline with NVIDIA garak
- Dataset blend with 4 datasets and on-policy prompt generation with the target model
- Post-training (SFT) with NeMo Framework RL
- Easy-to-understand safety and security reports
- Packaging and deploying the trusted model with NIM
- Integrating the Content Safety NIM with NeMo Guardrails for inference-time safety
Minimum System Requirements
Hardware Requirements
- Self-hosted Main LLM: 8 × (NVIDIA H100 or A100 GPUs 80GB)
- Storage: 300GB
- Minimum System Memory: 128GB
OS Requirements
- Python 3.12
- Docker Container: nvcr.io/nvidia/nemo:25.04
- Docker Engine
Software Used in This Blueprint
NVIDIA Technology
- NVIDIA NeMo Framework RL - Post-training library for models ranging from 1 GPU to 100B+ parameters
- NVIDIA NeMo Framework Eval - Scalable, cloud-native framework to create, customize, and deploy the latest AI models
- NVIDIA NIM - Microservices for accelerating the deployment of foundation models agnostic of cloud or datacenter
- NVIDIA NeMo Guardrails - Programmable logic at inference runtime to safeguard agentic AI applications
- NVIDIA NemoGuard Content Safety - Multilingual model that detects unsafe interactions between humans and LLMs
- NVIDIA Garak - Open-source red teaming tool to scan vulnerabilities like hallucination, prompt injection, and jailbreaks
3rd Party Software
Dataset Used
- Nemotron Content Safety Dataset V2
- Gretel Synthetic Safety Alignment Dataset
- HarmfulTasks
- RedTeam 2k
- Llama Nemotron Post Training Dataset
Ethical Considerations
NVIDIA believes Trustworthy AI is a shared responsibility, and we have established policies and practices to enable development for a wide array of AI applications. When downloaded or used in accordance with our terms of service, developers should work with their supporting model team to ensure the models meet requirements for the relevant industry and use case and address unforeseen product misuse. For more detailed information on ethical considerations for the models, please see the Model Card++, Explainability, Bias, Safety & Security, and Privacy Subcards. Please report security vulnerabilities or NVIDIA AI concerns here.
License
Use of this developer example notebook is governed by the Apache 2.0 License.
Terms of Use
The software and materials are governed by the NVIDIA Software License Agreement (found at https://www.nvidia.com/en-us/agreements/enterprise-software/nvidia-software-license-agreement/) and the Product-Specific Terms for NVIDIA AI Products (found at https://www.nvidia.com/en-us/agreements/enterprise-software/product-specific-terms-for-ai-products/), except that models are governed by the AI Foundation Models Community License Agreement (found at NVIDIA Agreements | Enterprise Software | NVIDIA Community Model License) and the NVIDIA RAG dataset is governed by the NVIDIA Asset License Agreement (found at https://github.com/NVIDIA-AI-Blueprints/rag/blob/main/data/LICENSE.DATA). ADDITIONAL INFORMATION: for Meta/llama-3.1-70b-instruct model, the Llama 3.1 Community License Agreement, for nvidia/llama-3.2-nv-embedqa-1b-v2 model, the Llama 3.2 Community License Agreement, and for nvidia/llama-3.2-nv-embedqa-1b-v2 model, the Llama 3.2 Community License Agreement. Built with Llama.