Supported Integrations
EthicalZen works with every major AI provider. Add governance guardrails to any LLM with zero code changes through our transparent proxy gateway.
Choose Your Provider
EthicalZen integrates transparently with any LLM provider. Route traffic through the ACVPS Gateway and gain instant safety governance.
AWS Bedrock
Proxy + Orchestration- 6 flexible integration modes from complement to full governance
- Dual-layer defense-in-depth with pre/at/post inference checks
- Manage Bedrock Guardrails via EthicalZen API at scale
- Unified governance policies via SentryWorks control plane
OpenAI
SDK Wrapper + Proxy- GPT-4o, GPT-4, GPT-3.5 Turbo support
- Streaming response validation
- Token cost limiting
Anthropic / Claude
SDK Wrapper + Proxy- Claude 3.5, Claude 3, Claude 2 support
- Response grounding checks
- Constitutional AI complementary
Custom / BYOL
Proxy + Middleware- Any REST/HTTP API endpoint
- Self-hosted models (Ollama, vLLM)
- Azure OpenAI, custom deployments
AWS Bedrock Integration Modes
Six flexible patterns to combine EthicalZen with AWS Bedrock Guardrails. Mix and match by business unit, compliance tier, or risk class.
Mode A: Complement
Keep Bedrock Guardrails for general content moderation; add EthicalZen Smart Guardrails for domain-specific and enterprise controls Bedrock does not provide.
Role Split
| Component | Primary Responsibility |
|---|---|
| AWS Bedrock Guardrails | General content filters, basic PII, denied topics, word filters |
| EthicalZen Smart Guardrails | Domain ML guardrails, FMA gap analysis, deterministic contracts, prompt leakage detection, custom embedding classifiers |
| ACVPS Gateway | Traffic proxy, chaining, logging, and policy version pinning |
Healthcare assistant uses Bedrock Guardrails for general moderation and EthicalZen Smart Guardrails for medical advice safety, mental-health crisis detection, and HIPAA-specific PII patterns that exceed Bedrock defaults.
Implementation Notes
- Deploy ACVPS as an L7 proxy (sidecar, ingress, or API gateway plugin) and route Bedrock traffic through it
- Run EthicalZen pre-checks before InvokeModel; let Bedrock Guardrails run at inference; optionally run EthicalZen post-checks for contract validation
- Pin contract versions and guardrail versions per environment (dev/stage/prod)
Mode B: Orchestration
Design guardrails in EthicalZen; provision and lifecycle-manage Bedrock Guardrails via API at scale across many apps and tenants.
Role Split
| Component | Primary Responsibility |
|---|---|
| EthicalZen | Guardrail design (Alex Agent + FMA), lifecycle management, multi-tenant governance, cross-provider orchestration |
| AWS Bedrock | Runtime enforcement for Bedrock-hosted models using guardrailIdentifier + guardrailVersion |
| SentryWorks | Optional: upstream policy definition feeding EthicalZen guardrail designs |
Enterprise with 50 Bedrock-powered apps designs guardrails conversationally in EthicalZen, runs FMA to discover gaps, then auto-pushes configurations to Bedrock using CreateGuardrail/UpdateGuardrail APIs. One contract governs all apps.
Implementation Notes
- Implement a Bedrock Guardrails provisioning service in EthicalZen with tenant-aware IAM roles and least-privilege permissions
- Store guardrail metadata (identifier, versions, last-updated, policy hash) for drift detection and rollback
- Expose promotion workflows (draft → review → active) with approvals and automated tests
Mode C: Migration
Start with Bedrock-only and incrementally transition to provider-agnostic enforcement without changing application code.
Role Split
| Component | Primary Responsibility |
|---|---|
| ACVPS Gateway | Transparent insertion and provider routing via headers (e.g., X-Target-Endpoint) |
| EthicalZen | Guardrail parity mapping, deterministic contracts to preserve continuity, provider-agnostic enforcement |
| AWS Bedrock | Gradually reduced role from primary enforcement to optional monitoring to removed |
Fintech using Bedrock Guardrails adds direct provider routes (e.g., Anthropic Claude API and Groq for cost). They insert ACVPS, replicate Bedrock rules as EthicalZen Smart Guardrails and contracts, then route to any provider while keeping a consistent safety posture.
Implementation Notes
- Start with shadow mode: EthicalZen evaluates but does not block; compare results against Bedrock block/allow decisions
- Automate parity tests: generate a policy test suite and validate equivalence before switching enforcement
- Introduce provider routing rules by workload (latency tier, cost tier, geography, compliance tier)
Mode D: Dual-Layer
Defense in depth with three validation layers: EthicalZen pre-check, Bedrock at-inference, and EthicalZen post-check. For regulated and high-risk workloads.
Role Split
| Component | Primary Responsibility |
|---|---|
| EthicalZen | Pre-flight guardrails and post-flight validation, audit trail, certificate enforcement |
| AWS Bedrock | At-inference moderation, grounding checks, and native PII redaction |
| ACVPS Gateway | Chaining, latency management, and observability across layers |
A regulated bank needs SOC 2 and OCC-aligned controls. EthicalZen contracts enforce financial advice rules (pre + post), while Bedrock handles native moderation and grounding. Compliance evidence includes EthicalZen certificates and Bedrock guardrail version pinning.
Implementation Notes
- Keep latency budgets explicit (per-layer SLOs) and allow tiered enforcement (strict for prod, relaxed for dev)
- Use structured refusal responses and standardized reason codes to reduce support burden
- Instrument block/allow decisions at every layer for drift and incident response
Mode E: Governance
Define policies once in SentryWorks; auto-configure both EthicalZen provider-agnostic guardrails and Bedrock-native guardrails. Policy-as-code governance.
Role Split
| Component | Primary Responsibility |
|---|---|
| SentryWorks | Policy definition, compliance rules, audit requirements, cross-platform governance |
| EthicalZen | Policy-to-guardrail translation (FMA + Alex Agent), contract generation, enforcement outside Bedrock, certificate authority |
| AWS Bedrock | Native enforcement on Bedrock-hosted models; configurations auto-managed via API |
A global insurer runs 200+ AI services across Bedrock, OpenAI, and custom models. SentryWorks defines 'no unauthorized medical advice'. It auto-generates an EthicalZen Smart Guardrail for non-Bedrock traffic and a Bedrock denied-topic/content policy for Bedrock-hosted models. One policy yields two enforcement engines.
Implementation Notes
- Represent policies in a portable intermediate format (policy IR) so multiple back-ends can be compiled consistently
- Attach evidence requirements (logs, traces, signed configs) directly to each policy object
- Provide policy simulation and preflight testing before promotion to production
Mode F: Observability Bridge
Unified compliance monitoring across multiple LLM providers. Even if enforcement remains provider-native, get a single pane of glass for all AI traffic.
Role Split
| Component | Primary Responsibility |
|---|---|
| EthicalZen | Telemetry collection, dashboards, effectiveness scoring, drift detection, A/B comparison of enforcement decisions |
| AWS Bedrock | Primary runtime enforcement for Bedrock traffic |
| ACVPS Gateway | Capture request/response pairs and emit metrics/traces in a consistent schema |
An ML platform team runs five providers. Bedrock traffic uses native Bedrock Guardrails; ACVPS captures all request/response pairs for unified reporting and to identify where policies behave differently across vendors.
Implementation Notes
- Adopt OpenTelemetry spans per request with consistent attributes (tenant, app, model, policy version, decision code)
- Store aggregate metrics plus sampled payloads under strict data handling and retention policies
- Use observability to drive continuous improvement: identify false positives/negatives and refine guardrails
Mode Comparison
Pick the right pattern by app portfolio, compliance tier, and vendor flexibility needs.
| Dimension | A: Complement | B: Orchestration | C: Migration | D: Dual-Layer | E: Governance | F: Observability |
|---|---|---|---|---|---|---|
| Best for | Add domain controls | Manage Bedrock at scale | Reduce provider lock-in | Regulated workloads | Policy-as-code | Cross-provider analytics |
| Bedrock dependency | High | High | Decreasing | Medium | Low | Optional |
| EthicalZen role | Supplementary | Lifecycle manager | Primary enforcer | Pre + post checks | Policy translator | Telemetry hub |
| Provider agnostic | No | No | Yes (Phase 4) | Partial | Yes | Yes |
| Migration effort | Low | Medium | Incremental | Medium | High | Low |
| Primary value | Specialized guardrails | Single pane of glass | Provider independence | Defense in depth | Unified compliance | Drift detection |
Recommended Approach
Start simple, expand as governance needs grow.
Start: Complement
"We add what Bedrock doesn't have." Fastest time-to-value with domain-specific Smart Guardrails.
Expand: Dual-Layer
"Defense in depth for regulated industries." Three validation layers for maximum safety.
Platform: Governance
"SentryWorks as the control plane." Policy once, enforce everywhere across all providers.
Integration Modes by Use Case
| Use Case | Typical Constraints | Recommended Modes |
|---|---|---|
| Regulated customer support | Strict refusal, audit evidence, PII redaction, injection resistance | D + E (plus F for analytics) |
| Healthcare guidance / triage | Medical advice safety, crisis escalation, HIPAA PII patterns | A → D, then E for scale |
| Enterprise internal copilots | Leakage prevention, IP/PII controls, cost limits | A + F, then B for lifecycle |
| Multi-provider platform team | Vendor flexibility, uniform reporting, drift detection | F + C, then E |
| High-volume experimentation | Fast iteration, A/B tests, preflight simulation | B + F, then E |
Download Full Integration Guide
Get the complete 12-page AWS Bedrock integration analysis as a PDF for offline reference and sharing.