Sectum AI vs NVIDIA NeMo Guardrails
TL;DR. NeMo Guardrails is NVIDIA’s open-source toolkit for adding programmable runtime guardrails to LLM-based conversational systems — five rail layers (input / dialog / retrieval / execution / output), a purpose-built Colang DSL, and 100-300ms latency overhead. Sectum AI is a periodic multi-tenant verifier that runs cross-tenant probes across 13 surfaces and produces a tamper-evident, control-mapped evidence pack. Different layers of the stack, different cadence, both Apache 2.0, completely non-competing.
The two products
NVIDIA NeMo Guardrails (NVIDIA-NeMo/Guardrails)
Category: runtime guardrails / LLM safety toolkit for conversational AI.
License: Apache 2.0. Latest v0.20.0 (January 2026). Python 3.10-3.13.
Capability surface (NVIDIA NeMo Guardrails developer page, docs):
- Five rail layers: input, dialog, retrieval, execution, output. Dialog rails are NeMo’s unique capability — controlling cross-turn conversation flow.
- Colang DSL — a domain-specific language purpose-built for defining conversational guardrails.
- Built-in guardrails: LLM self-checking (input/output moderation, fact-checking, hallucination detection), NVIDIA safety models (content / topic safety), jailbreak detection, prompt-injection detection.
- Integrates with community and third-party models.
- Latency: 100-300ms typical, 50-150ms on optimized NVIDIA infrastructure.
Pricing: OSS free. Commercial NVIDIA AI Enterprise tier for production support.
Buyer: enterprises building conversational AI applications; teams that need fine-grained control over multi-turn agent behavior; NVIDIA AI Enterprise customers.
Sectum AI (sectum.ai)
Category: multi-tenant AI verification.
License: Apache 2.0 for the OSS core. Sectum Cloud commercial. The evidence layer in the OSS produces the same artifacts the hosted product does — by design.
Method: marker substrate. Provisions synthetic tenants on the customer’s AI stack, plants cryptographic canary markers (HARD / ENTITY / SECRET), records a hashed ground-truth manifest, runs 11 cross-tenant probe classes across 13 surfaces, produces a tamper-evident evidence pack (RFC 3161 TSA + Sigstore Rekor + in-toto envelope).
For: CISOs, DPOs, and audit firms working on multi-tenant AI products. The flagship engagement is a GDPR Article 17 erasure attestation. See pricing.
Different layers entirely
| NeMo Guardrails | Sectum AI | |
|---|---|---|
| Layer | In the conversation flow (runtime) | Across the multi-tenant infrastructure (periodic verification) |
| Unit | A conversation turn | A tenant boundary across 13 surfaces |
| Mode | Block / modify / route per turn | Evidence-producing per run |
| When it fires | Every turn | On a schedule, on-demand, at every audit / Article 17 cycle |
| Latency | 100-300ms per turn (50-150ms on NVIDIA HW) | N/A (out-of-band) |
| Output | Pass/modify/route decisions | Tamper-evident audit pack (RFC 3161 + Rekor + in-toto) |
| Verification | NeMo’s runtime metrics + dashboards | sectum-ai verify <pack> — third-party-verifiable |
| Multi-tenant focus | Not specifically | The category |
| For | Application engineering | CISOs, DPOs, audit firms |
NeMo Guardrails is inside the request path at runtime. Sectum AI is outside the request path, run periodically, producing evidence. The two address completely different parts of the AI security posture.
Where NeMo Guardrails is the right tool
- You’re building conversational AI with multi-turn flow that needs to be constrained — topic limits, content moderation, dialog policies across turns.
- You want fine-grained per-turn control via a purpose-built DSL (Colang).
- You operate on the NVIDIA AI stack and want first-party integration with NeMo.
- You need runtime self-checking — fact-checking, hallucination detection, jailbreak detection — at the model output level.
- You can absorb the 100-300ms latency overhead and want a programmable rail system rather than ad-hoc middleware.
Where Sectum AI is the right tool
- You operate a multi-tenant AI product and need to prove the tenant boundary holds across the AI stack — not just the conversation, but the vector DB, semantic cache, KV cache, agent memory, fine-tune adapters, eval sets, search indexes, tracing pipelines.
- You’re facing a GDPR Article 17 erasure obligation for a churned tenant.
- You’re preparing for SOC 2 / ISO 27001 / HIPAA in a multi-tenant AI product and need auditor-acceptable, control-mapped, tamper-evident evidence.
- You need per-finding cryptographic attestation rather than runtime control logs.
- You want independently-verifiable evidence — a pack a third party can verify without your vendor in the room.
Using both
Both run on the same stack with no friction:
- NeMo Guardrails in production — every conversation turn passes through input/dialog/retrieval/execution/output rails. Constrains live behavior.
- Sectum AI on a release cadence and at every audit or Article 17 cycle — verifies the multi-tenant boundary, produces an evidence pack for the auditor or DPO.
The two products own different parts of the security posture: NeMo handles constraining live conversation flow, Sectum AI handles attesting multi-tenant isolation. Neither replaces the other; both compound.
Honest positioning
NeMo Guardrails is the right runtime tool for conversational-flow control on the NVIDIA stack. Sectum AI is the right periodic tool for multi-tenant verification with auditor-grade evidence — regardless of which AI platform you’re on. They don’t overlap; they don’t compete; they live happily on the same multi-tenant AI SaaS.
Pricing
- NeMo Guardrails (OSS) — free, Apache 2.0.
- NVIDIA AI Enterprise — commercial NVIDIA tier; sits on top of NeMo Guardrails.
- Open Sectum (OSS) — free, Apache 2.0.
- Sectum Cloud — see pricing.
References
- NeMo Guardrails — developer page, NVIDIA-NeMo/Guardrails on GitHub, docs, 2026 review (AppSec Santa), NeMo Guardrails vs Guardrails AI 2026 (is4.ai).
- Sectum AI — GitHub, docs, attack catalog, evidence chain.