SafeClaw vs AWS Bedrock Guardrails
AWS Bedrock Guardrails protects the model — filtering inputs and outputs for harmful content, PII, and off-topic responses. SafeClaw by Authensor protects the agent — gating file operations, shell commands, network requests, and code execution through deny-by-default policies before they run. Bedrock Guardrails and SafeClaw guard different layers of the same stack. If your agent executes tools, Bedrock Guardrails alone leaves the action layer unprotected.
What Bedrock Guardrails Does
AWS Bedrock Guardrails provides:
- Content filters: Block harmful, violent, or inappropriate model outputs
- Denied topics: Prevent the model from engaging with specified subjects
- Word filters: Block specific words or phrases
- PII filters: Detect and redact personally identifiable information
- Contextual grounding: Reduce hallucination by checking against source material
These are model-layer protections applied to the LLM's input and output text. They are valuable for ensuring the model behaves appropriately in conversation.
What Bedrock Guardrails Does Not Do
Bedrock Guardrails does not:
- Gate file system operations (read, write, delete)
- Evaluate shell commands before execution
- Control which network endpoints the agent can access
- Enforce budget limits on tool usage
- Provide action-level audit trails
- Apply deny-by-default policies to tool calls
An agent using Bedrock with Guardrails enabled can still delete your files, run arbitrary shell commands, and exfiltrate data — because those are agent-layer actions that happen after the model generates a response.
The Gap SafeClaw Fills
# .safeclaw.yaml
version: "1"
defaultAction: deny
rules:
# File controls — Bedrock can't do this
- action: file.read
path: "./src/**"
decision: allow
- action: file.write
path: "./src/**"
decision: allow
- action: file.delete
decision: deny
reason: "No file deletion permitted"
# Shell controls — Bedrock can't do this
- action: shell.execute
command: "npm test"
decision: allow
- action: shell.execute
decision: deny
reason: "Only approved commands"
# Network controls — Bedrock can't do this
- action: network.request
url: "https://api.internal.com/**"
decision: allow
- action: network.request
decision: deny
reason: "External access blocked"
# Budget controls — Bedrock can't do this
- action: api.call
budget:
maxCost: 10.00
period: "1h"
decision: allow
Layer Comparison
| Layer | Bedrock Guardrails | SafeClaw |
|---|---|---|
| Model input filtering | Yes | No (not its job) |
| Model output filtering | Yes | No (not its job) |
| PII detection | Yes | No (not its job) |
| Content moderation | Yes | No (not its job) |
| File operation gating | No | Yes |
| Shell command gating | No | Yes |
| Network request gating | No | Yes |
| Budget enforcement | No | Yes |
| Hash-chained audit trail | No | Yes |
| Vendor lock-in | AWS only | None (MIT, any provider) |
Critical Difference: Vendor Lock-In
Bedrock Guardrails only works with AWS Bedrock. If you use Claude via Anthropic's API, or OpenAI directly, or any other provider, Bedrock Guardrails does not apply.
SafeClaw works with any provider. Same YAML policy file, same enforcement, whether you're using Claude, OpenAI, or a local model. Zero vendor lock-in.
The Right Architecture: Both Layers
Use Bedrock Guardrails to protect the model layer if you're on AWS. Use SafeClaw to protect the action layer regardless of your infrastructure. Defense in depth means securing every layer, not just one.
Quick Start
Add action-layer safety that works everywhere:
npx @authensor/safeclawSafeClaw installs in 30 seconds, works with any LLM provider, and starts with deny-by-default. No AWS account required.
Why SafeClaw
- 446 tests for comprehensive policy evaluation coverage
- Deny-by-default on all actions, not just content
- Sub-millisecond policy evaluation — deterministic, no LLM calls
- Hash-chained audit trail for compliance and forensics
- Works with Claude AND OpenAI — and any other provider
- MIT licensed — fully open source, zero lock-in, no cloud dependency
FAQ
Q: If I use Bedrock Guardrails, am I safe?
A: Your model outputs are filtered. Your agent's actions are not. If the agent can write files, run shell commands, or make network requests, you need SafeClaw to gate those actions.
Q: Does SafeClaw work on AWS?
A: Yes. SafeClaw runs anywhere Node.js runs — AWS, GCP, Azure, bare metal, or your laptop.
Q: Can I use SafeClaw without Bedrock?
A: Absolutely. SafeClaw is provider-agnostic. It works with Anthropic, OpenAI, local models, or any LLM provider.
Related Pages
- SafeClaw vs Guardrails AI: Action Gating vs Output Validation
- SafeClaw vs NVIDIA NeMo Guardrails
- Myth: The LLM Provider Handles AI Agent Safety
- Running AI Agents Without Safety Controls
Try SafeClaw
Action-level gating for AI agents. Set it up in your browser in 60 seconds.
$ npx @authensor/safeclaw