nvidia

Safety for Agentic AI

Improve safety, security, and privacy of AI systems at build, deploy and run stages.

blueprint nemo guardrails launchable nvidia ai open models privacy safety security

As large language models (LLMs) increasingly enable agentic AI systems capable of autonomous reasoning and tool use, they also introduce critical safety risks, including goal misalignment, hallucinations, and prompt injections. Enterprises are challenged to harness open-weight models' flexibility without compromising on trust, security, or compliance. As regulations tighten across regions and industries, non-compliance becomes a persistent challenge.

With this safety recipe, enterprises can now confidently adopt open models, aligned to their policy. Start with model evaluation using garak vulnerability scanning with curated risk prompts, benchmarking against enterprise thresholds. Then, post-train using recipes and safety datasets to close critical safety and security gaps. Deploy the hardened model as a trusted NVIDIA NIM and then add inference run time safety protection with NVIDIA NeMo Guardrails that actively block unsafe model behavior. With continuous monitoring, and collaboration between AI and risk teams, model safety becomes enforceable, not aspirational.

Architecture Diagram

This safety recipe is broken down into four steps, which map to a typical agentic workflow environment:

Safety, security, and accuracy evaluation of models and systems
Post-training with NVIDIA curated datasets
Deploying the trusted model as a NIM
Running the trusted model with NVIDIA NeMo Guardrails at inference

Key Features

Evaluation pipelines for content safety with Nemotron Content Safety Dataset V2 and Wildguard utilizing NeMo Eval
Security evaluation pipeline with NVIDIA garak
Dataset blend with 4 datasets and on-policy prompt generation with the target model
Post-training (SFT) with NeMo Framework RL
Easy-to-understand safety and security reports
Packaging and deploying the trusted model with NIM
Integrating the Content Safety NIM with NeMo Guardrails for inference-time safety

Minimum System Requirements

Hardware Requirements

Self-hosted Main LLM: 8 × (NVIDIA H100 or A100 GPUs 80GB)
Storage: 300GB
Minimum System Memory: 128GB

OS Requirements

Python 3.12
Docker Container: nvcr.io/nvidia/nemo:25.04
Docker Engine

Software Used in This Blueprint

NVIDIA Technology

NVIDIA NeMo Framework RL - Post-training library for models ranging from 1 GPU to 100B+ parameters
NVIDIA NeMo Framework Eval - Scalable, cloud-native framework to create, customize, and deploy the latest AI models
NVIDIA NIM - Microservices for accelerating the deployment of foundation models agnostic of cloud or datacenter
NVIDIA NeMo Guardrails - Programmable logic at inference runtime to safeguard agentic AI applications
NVIDIA NemoGuard Content Safety - Multilingual model that detects unsafe interactions between humans and LLMs
NVIDIA Garak - Open-source red teaming tool to scan vulnerabilities like hallucination, prompt injection, and jailbreaks

3rd Party Software

Dataset Used

Ethical Considerations

NVIDIA believes Trustworthy AI is a shared responsibility, and we have established policies and practices to enable development for a wide array of AI applications. When downloaded or used in accordance with our terms of service, developers should work with their supporting model team to ensure the models meet requirements for the relevant industry and use case and address unforeseen product misuse. For more detailed information on ethical considerations for the models, please see the Model Card++, Explainability, Bias, Safety & Security, and Privacy Subcards. Please report security vulnerabilities or NVIDIA AI concerns here.

License

Use of this developer example notebook is governed by the Apache 2.0 License.

Terms of Use

The software and materials are governed by the NVIDIA Software License Agreement and the Product-Specific Terms for NVIDIA AI Products, except that models are governed by the AI Foundation Models Community License Agreement and the NVIDIA RAG dataset is governed by the NVIDIA Asset License Agreement. ADDITIONAL INFORMATION: for Meta/llama-3.1-70b-instruct model, the Llama 3.1 Community License Agreement, for nvidia/llama-3.2-nv-embedqa-1b-v2 model, the Llama 3.2 Community License Agreement. Built with Llama.