GuardRail: Behavioral Activity

GuardRail: Behavioral Activity

List view

Quick Start
Welcome
Console & Settings
Release Notes
October 9, 2025 WitnessAI Update
October 23, 2025 WitnessAI Update
October 2, 2025 WitnessAI Update
September 30, 2025: WitnessAI Update
September 23, 2025: WitnessAI Update
August 12, 2025: WitnessAI Update
July 31, 2025: WitnessAI Update
July 18, 2025: WitnessAI Update
June 23, 2025: WitnessAI Update
June 9, 2025: WitnessAI Update
April 11, 2025: WitnessAI Release v2.0
Copy August 12, 2025: WitnessAI Update
Supported Applications & LLMs
User Guide
Lists - OLD
Private Applications
Home
Discovery
Discovered Apps
App Catalog
Analytics
Conversations
Users
Alerts
Policies
Lists
Settings
Configuration
Access Control
System
Secure AI Portal
User Menu
Policies & GuardRails
Policy Creation
Policy Precedence
GuardRail: Behavioral Activity
GuardRail: Data Protection
GuardRail: Harmful Response Prevention (Beta)
GuardRail: Model Identity Protection
GuardRail: Model Protection
GuardRail: Organizational Behavior (Beta)
GuardRail: Risk Analysis
Witness Anywhere: Remote Device Security
Witness Anywhere Overview
Witness Anywhere with Stunnel
Witness Anywhere: Azure VDI - Intune
Witness Anywhere: CrowdStrike (Windows)
Witness Anywhere: GPO (Windows)
Witness Anywhere: Jamf (macOS) (Beta)
Witness Anywhere: SentinelOne
Witness Anywhere: FAQ
Witness Attack
Witness Attack: AI Red Teaming 
Administrator Guide
Integrations: Identity Providers
Identity: Microsoft Entra ID (Azure AD)
Identity: Okta Identity
Integrations: Network Security
Netskope SWG
Palo Alto Networks NGFW
Prisma Access: DNS Sinkhole
Prisma Access: Explicit Proxy
Zscaler Internet Access
Zscaler Beta
Status Page
API Reference
Input API
Complete API
Text-Completion API
Prompt-Protect API
Encryption
 

Behavioral Activity GuardRail

Behavioral Activity is the WitnessAI user behavior and intention GuardRail. Its purpose is to monitor user behavior during interactions with AI models, determine the user’s intentions, and provide control over these activities.
When this Guardrail detects specified activities, it provides the option to Allow, Warn, Block or Route the prompt to another model.
For example, technical support-related behaviors can be automatically routed to an internal model designed to assist employees, ensuring appropriate handling and alignment with internal policies.
WitnessAI Policies enable organizations to manage and control AI usage effectively. By using Behavioral Activity GuardRail, administrators can define rules that enhance compliance, productivity, and ethical AI use.

Use Case Examples

Ethical AI Usage

Warn or block users attempting to engage in unethical or non-compliant behavior.

Secure AI Usage:

Block users generating prompts that might lead to security or compliance risks.
Behavioral Activity GuardRails are integrated into policies to provide granular control over user behaviors.

Technical Support Queries

Route prompts requesting technical support to an internal model specialized for technical assistance.

Using Behavioral Activity Step-by-Step

This section covers details on how to add a Behavioral Activity GuardRail to a Policy.

Adding a Behavioral Activity GuardRail

notion image
After creating a Policy
  1. Click the Guard Rails (1) tab in the policy editor.
  1. Select the Behavioral Activity (2) GuardRail from the available options.
  1. Click the slide button (3) to enable the GuardRail.
  1. Click the down-arrow (4) and choose ‘Blocklist’ or ‘Allowlist’ from the drop-down list.
      2. ‘Blocklist’ only blocks the behaviors explicitly listed, and everything else is allowed by default.
      ‘Allowlist’ only allows the behaviors explicitly listed, and everything else is blocked by default.

Add one or more Behaviors

One or more Behaviors can be added to each Input Behavior section, and one or more Input Behavior sections can be added to a single Policy, as shown in the image below.
  1. Specify the action to take when the Behavioral Activity GuardRail detects relevant behaviors. Note that choosing ‘Allowlist’ or ‘Blocklist’, will determine which options are displayed in the following section, as shown below.
      2. Allowlist presents these options:
      • Allow: Permit the behavior without restriction.
      • Warn: Display a customizable warning message to the user.
      • Route: Redirect the detected behavior to a specific model for specialized handling (e.g., route technical queries to an internal support model).
      “Block” is not available for the Allowlist option. All Allowlist behavior is expected to be allowed. Any behavior that needs to be blocked, should have a GuardRail defined for that.
      Blocklist
      • Block: Block the behavior, with an optional message to the user.
      • Warn: Display a customizable warning message to the user.
      • Route: Redirect the detected behavior to a specific model for specialized handling (e.g., route technical queries to an internal support model).
      “Allow” is not available for a GuardRail defined as “Blocklist” by default.
  1. Customize any associated messages or routing details as needed.
  1. Save the configuration.
  1. Test the policy in a controlled environment to ensure it behaves as expected.
💡
Note: When multiple Behavior sections are defined within a Behavioral GuardRail, they have an implied “OR” relationship.
notion image

Best Practices

  • Multiple Input Behavior sections can be defined within a Behavioral GuardRail, as in the image above, they have an implied “OR” relationship. This means that as the GuardRail evaluates the User Prompts, it will evaluate each Behavior from the top to the bottom, and the first one that matches will have it’s action applied to the Prompt. Subsequent Behaviors lower down the list will not be evaluated for that Prompt.
  • Behavior Routing: Define clear rules for routing prompts to appropriate models based on detected behaviors.
  • Customization: Use the customizable warning feature to provide context-specific guidance.
  • Testing: Always test policies and GuardRails in a controlled environment before deploying them organization-wide.