Guardrail placement in AI agent architectures is as important as the guardrail logic itself. Using an indirect prompt injection demo — where a malicious instruction embedded in a GitHub issue causes an agent to leak a secret — two architectures are compared: Amazon Bedrock Agents (managed, limited to Lambda-level guardrails on tool outputs) and a self-orchestrated agent using Datadog AI Guard (four hook points covering prompt build, pre-tool-call, post-tool-result, and final answer). Bedrock's managed approach is reactive and lacks full conversation context, while Datadog AI Guard provides defense-in-depth with span-level visibility at every stage of the loop. Practical guidance is given on when each approach fits, with a recommendation to start with Hook 3 and Hook 4 before expanding coverage.
Table of contents
The basic structure of an AI agentDemo scenario: Indirect prompt injection via toolsUsing AI guardrails inside an Amazon Bedrock AgentIn-app governance with Datadog AI GuardChoosing your guardrail placement strategyLocation matters for AI guardrailsSort: