Glean’s AI security policies are the guardrails that protect your AI agents and data. You can configure these policies in the Admin Console to prevent threats like prompt injection attacks, data leaks, and the generation of harmful content.

How Policies Are Enforced

The enforcement rules you define determine what happens when an AI agent’s behavior violates a policy. The severity of a violation—whether it’s high or low—is a key factor in how the rule is applied.
  • Block and fail only high-severity violations: If a prompt or a generated response is flagged as a high-severity threat, the agent’s run is immediately stopped and the action is blocked. Lower-severity issues, however, are simply flagged for your review in the Findings tab, allowing the agent to complete its task without interruption.
  • Flag for review: Marks the run for review in the “Findings” tab without stopping the process. This is useful for monitoring potential threats without disrupting agent workflows.

Where Policies Can Be Applied

Glean’s security policies can be applied across different types of AI agents to fit your organization’s specific needs.
  • Glean Assistant: This includes all messages sent to the main Glean chat interface.
  • Interactive agents: These are agents that are triggered by a chat message.
  • Automatically triggered agents: These agents are configured to run on a schedule or when content is updated, like an agent that summarizes daily reports or analyzes new knowledge base articles.

Managing Policy Settings

To manage AI guardrails, perform the following steps:
  1. In the Glean Admin Console, navigate to Glean Protect > AI security and click the Policies tab.
  2. Click the Edit button next to the policy you want to edit.
  3. Under the Apply this policy to… dropdown, choose the specific agent types you want this policy to apply to. You can select from Glean Assistant, Interactive agents, and Automatically triggered agents.
  4. Under the If this policy is violated… dropdown, choose an enforcement rule.
    • Block and fail only high-severity violations: This option blocks the agent run if the violation is classified as high-severity. Lower-severity issues are flagged for review but allowed to proceed.
    • Flag for review: This option allows the agent to continue running but marks the violation for review in the Findings tab.
  5. Click the Save button to apply your changes. The updated details will appear in the policy list.

Selecting Target Agents for a Policy

To apply a policy to specific agents, use the Apply this policy to… dropdown menu.
  1. Click the dropdown to see the list of available agent types.
  2. Select or deselect the agents you want the policy to apply to:
    • Glean Assistant: Applies the policy to all Glean chat messages.
    • Interactive agents: Applies the policy to agents with a chat message trigger.
    • Automatically triggered agents: Applies the policy to agents with schedule and content triggers.
  3. To quickly deselect all currently assigned agents, click Clear all.

Disabling a Policy

To disable a previously enabled policy:
  1. Change the Apply this policy to… setting in the policy edit view from the relevant agent types to No agents.