Skip to main content

AI Guardrails

Current AI safety relies on software guardrails: prompt filters, RLHF training, output classifiers, and rule engines. All of these share a critical flaw — they can be bypassed, updated, or overridden.

Why Software Guardrails Fail

MechanismFailure Mode
RLHF / fine-tuningJailbreak prompts, distribution shift
Prompt-level rulesInjection attacks, context window overflow
Output classifiersAdversarial examples, latency overhead
Rule enginesDevelopers can disable or modify at runtime
API rate limitsDoes not prevent harmful single actions
The fundamental problem: software guardrails are advice, not physics. An AI system can always be instructed — or instruct itself — to bypass them.
RLHF teaches an AI to want to do the right thing. A policy circuit prevents it from doing the wrong thing. Education fails. Physics does not.

PCD Policy Circuits as Deterministic Guards

A PCD policy circuit is a formally verified program (Φ_c = 1) that takes an action as input and returns ALLOW or BLOCK. Because PCD is:
  • Finite — 64 operations, no arbitrary code execution
  • Deterministic — same input always produces same output
  • Immutable — compiled to a self-verifying hash
  • Total — every input path must reach a verdict (enforced by TCE)
…the resulting guard function cannot be bypassed by the system it protects.

Integration with AI Frameworks

LangChain

Compile a policy circuit to JavaScript or Python and use it as a LangChain callback: 
from brik64 import load_policy
from langchain.callbacks import BaseCallbackHandler

policy = load_policy("sandbox.pcd.compiled")

class BrikGuard(BaseCallbackHandler):
    def on_llm_start(self, serialized, prompts, **kwargs):
        for prompt in prompts:
            action = {"category": "llm_input", "params": {"content": prompt}}
            verdict = policy.check(action)
            if verdict == "BLOCK":
                raise PermissionError("Policy circuit blocked this action")

    def on_tool_start(self, serialized, input_str, **kwargs):
        action = {"category": serialized["name"], "params": {"input": input_str}}
        verdict = policy.check(action)
        if verdict == "BLOCK":
            raise PermissionError("Policy circuit blocked this tool call")

# Usage
from langchain.chat_models import ChatOpenAI
llm = ChatOpenAI(callbacks=[BrikGuard()])

CrewAI

Use policy circuits as agent-level guardrails in CrewAI: 
from brik64 import load_policy
from crewai import Agent, Task, Crew

policy = load_policy("no_network.pcd.compiled")

def brik_guard(action_name: str, action_input: str) -> bool:
    verdict = policy.check({
        "category": action_name,
        "params": {"input": action_input}
    })
    return verdict == "ALLOW"

researcher = Agent(
    role="Research Analyst",
    goal="Analyze internal documents",
    before_tool_callback=brik_guard  # blocks network tools
)

AutoGen

Wrap PCD policy verification around AutoGen code generation: 
from brik64 import load_policy

policy = load_policy("sandbox.pcd.compiled")

def guard_code_execution(code: str) -> bool:
    """Verify generated code against policy before execution."""
    verdict = policy.check({
        "category": "code_exec",
        "params": {"content": code}
    })
    return verdict == "ALLOW"

BPU Vision: Hardware-Enforced Guardrails

Phase 1 (now): PCD policy circuits compile to software guard functions in JS, Python, and Rust. Phase 2 (future): The BPU chip executes policy circuits in silicon — 64 monomer units, an EVA Router, and a TCE Unit producing a non-maskable BLOCK signal.
The BPU (BRIK Processing Unit) is a hardware coprocessor designed to evaluate policy circuits with zero software in the loop: 
Action → PCD Circuit → BPU → ALLOW / BLOCK (non-maskable)
Key properties of hardware enforcement:
  • Non-maskable — the operating system cannot override a BLOCK
  • Zero-latency — evaluation happens in a single clock cycle per monomer
  • Tamper-proof — the circuit is burned into silicon, not loaded from disk
  • Auditable — the BPU logs every verdict with a cryptographic hash
The regulatory trajectory mirrors automotive safety: voluntary adoption, then industry standard, then mandatory — like ABS brakes for AI systems.
The BPU is a future hardware product. Current BRIK-64 policy circuits operate as software guard functions compiled from PCD. The safety guarantees today come from formal verification (Φ_c = 1), not from hardware enforcement.