At least in the F1000 RFPs I've seen and the decisionmakers I've chatted with, when they talk about AI guardrails what they mean is generic API (eg. can we rate limit, block connections, RBAC/ABAC capabilities, etc) and Data Security (eg. ZDR, encryption at rest/transit, controlled access) controls.

There is a recognition that foundation models and tools leveraging them will introduce some degree of nondeterminism, so the best way to solve that is to leverage preexisting best practice that is used to reduce lateral movement risk by humans (who are similarly nondeterministic in nature).

My company’s security team is very much “no proprietary data or information can be used to train a model”, I just don’t know how you can validate or trust that they aren’t doing just that.