Guardrails are easy to get right in demos and hard to get right in production. Over the past six months, Liya Engine's guardrails layer has processed 100 million API calls across our beta customers. Here's what we learned.
Latency is the enemy of safety
Every guardrail check adds latency. If your guardrails are slow, developers route around them. We learned early that synchronous, blocking guardrails would never make it into production pipelines — not because engineers don't care about safety, but because a 200ms policy check on every API call is a non-starter.
Our solution was a tiered architecture: a fast, lightweight pre-filter that runs in under 5ms for the most common policy checks, and a heavier async validator for complex compliance and PII checks that runs in parallel with the response stream.
False positives erode trust
The second big lesson: false positives are as damaging as false negatives. A guardrail that flags 5% of legitimate outputs trains engineers to bypass or disable it. We spent significant effort tuning precision, accepting slightly higher false negative rates in exchange for almost zero false positives on clearly legitimate outputs.
Audit logs matter more than you think
Almost every enterprise customer eventually asks: show me every output that was flagged by your guardrails in the last 30 days, and why. We built detailed audit logging from day one. It's become one of the most-used features in our enterprise tier.
The guardrails audit log is the first thing compliance teams ask for. It's not optional for enterprise.