June 17, 2026, (Inside AI) — Amazon Web Services launched a new API for Bedrock Guardrails that lets developers inject safety checks directly into agentic AI workflows without creating persistent guardrail resources. The InvokeGuardrailChecks API provides per-request control over which safeguards to run at each step of an agent loop, returning numeric severity and confidence scores for custom actions.
The shifting risk landscape inside agent loops
Agentic AI applications don't follow a straight line. They plan, call tools, process outputs, and iterate—often executing dozens of steps for a single user request. Each step carries a different risk profile. A retrieval step might need sensitive data filtering, while a code execution step demands prompt injection checks. A static, one-size-fits-all guardrail struggles to keep up.
The new API operates in detect-only mode with no guardrail IDs to track and no versions to manage. Developers specify exactly which safeguards to run in each API call. That means an agent can apply hate speech filters during user input, switch to PII detection when handling internal data, and activate jailbreak checks before calling an external model—all within the same workflow.
Granular checks with numeric scoring
The API supports three safeguard categories: content filters covering hate, violence, sexual, insults, and misconduct; prompt attack detection for jailbreak, prompt injection, and prompt leakage as independent checks; and sensitive information filters for supported PII entity types. Each returns severity and confidence scores, enabling custom thresholds for block, pass, retry, or log decisions.
This granularity addresses a core tension in agentic systems. A financial services agent might tolerate zero PII leakage but allow mild insults in a negotiation simulation. A customer support bot could log low-severity hate speech for review while blocking high-confidence prompt injections outright. The API makes these trade-offs programmable per step, not per application.
What's driving the shift from static to dynamic safeguards
Traditional guardrails are configured once and applied uniformly. But agentic workflows are dynamic by nature. A single agent might use multiple foundation models, each with different safety profiles. The InvokeGuardrailChecks API reflects a broader industry move toward composable safety—where checks are modular, stateless, and invoked just-in-time.
Notably, prompt attack detection is exposed as a separate safeguard, allowing each attack vector to be invoked independently. This contrasts with older approaches that bundled all prompt security into a single toggle. Developers can now fine-tune defenses against specific threats like prompt leakage without enabling unrelated checks.
Regional availability and next steps
The API is available today in seven AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (London), Europe (Stockholm), Asia Pacific (Tokyo), and Asia Pacific (Sydney). AWS has published technical documentation detailing integration patterns and scoring schemas.
As agentic architectures grow more complex, the ability to insert lightweight, on-demand safeguards at any point in the loop becomes critical. This API signals a shift from perimeter-based safety to in-line, step-level governance—a pattern likely to become standard as autonomous AI systems take on higher-stakes tasks.
