OpenRouter launches Guardrails with budget caps, ZDR, and prompt-injection filters

• OpenRouter has shipped Guardrails, a policy layer for routed AI traffic that bundles budget limits, zero-data-retention rules, model and provider restrictions, prompt-injection defense, and DLP-style sensitive-info detection, according to OpenRouter's launch thread and the linked official announcement.
• The product is framed as centralized governance, with OpenRouter saying teams can layer those controls into reusable rules they manage across requests, per OpenRouter's feature overview.
• Two third-party protection connectors, OpenRouter's beta note says, are not generally available yet: Google Model Armor and Lakera Guard remain in beta.
• Early reaction centered on cost control as much as security, with OpenRouter's repost of KenTheRogers pointing to runaway AI spend as the obvious pain point.

You can jump straight to the official announcement. The launch thread says Guardrails spans budget caps, provider restrictions, prompt-injection defense, and DLP checks in one rule system OpenRouter's launch thread, while a follow-up note adds that Google Model Armor and Lakera Guard are still beta-only OpenRouter's beta note.

OpenRouter is packaging several controls that usually live in separate gateways or policy layers into one feature attached to routed traffic.

The launch thread lists five concrete controls:

• Budget limits
• Zero Data Retention, or ZDR
• Model and provider restrictions
• Prompt-injection defense
• DLP and sensitive-info detection

The interesting part is the bundling. OpenRouter is pitching Guardrails as a centralized rules layer, not a single-purpose filter, in both the launch thread and the linked announcement page.

The strongest signal in the launch copy is that Guardrails is meant to sit above normal model routing. OpenRouter describes it as centralized security and governance for AI traffic, which puts cost controls and security checks in the same policy surface.

That framing also explains why budget limits lead the feature list. Security tooling is the headline, but the immediate operator pain point in the reaction tweet is runaway spend, not prompt injection.

OpenRouter's follow-up note is the main caveat in this launch: external guard models are not all broadly available on day one.

According to OpenRouter's beta note, Google Model Armor and Lakera Guard are both in beta and require contacting OpenRouter for access. For teams comparing Guardrails to dedicated security stacks, that means the connector story is real but still partially gated.