TL;DR? We've got you covered.
Launch Week 13 introduced Turbot Guardian, a new product for governing AI coding agents on developer machines, and brought prevention-first security to the rest of the AI surface: AWS Bedrock, Azure AI Foundry, GCP Vertex AI, Anthropic, and OpenAI. Guardrails also gained keyless connections to Azure and GCP, and our annual SOC 2 Type II now covers the whole product family with Guardian added.
Guardian for AI Coding Agents
Introducing Guardian: Guardrails for Vibe Coding
Turbot Guardian brings EDR-style governance to AI coding agents running on developer machines. A lightweight daemon auto-discovers every agent on the fleet (Claude Code, Cursor, Copilot, Aider, Gemini, Codex), inventories the credentials each agent can reach, and inspects every prompt, tool call, and shell command in real time. One console rolls the entire fleet up for the security team, with policy-driven allow, warn, and block decisions and a full record of what every agent did.
Guardrails for Cloud AI Services
Preventive Security for AWS Bedrock
Turbot Guardrails now ships prevention objectives for AWS Bedrock covering approved foundation models, mandatory guardrail enforcement on every invocation, network isolation, and invocation logging. Each objective surfaces multiple implementation approaches across runtime, access, and build layers so security teams pick what fits the org, with drift corrected automatically.
Preventive Security for Azure AI Foundry
Prevention objectives for Azure AI Foundry govern approved model deployments, harden account authentication and isolation, and enforce Responsible AI content filtering. The same multi-layer story applies: enforce at runtime with Guardrails controls, block at the access layer with Azure Policy, and stop misconfigurations from ever deploying through build-layer hooks.
Preventive Security for GCP Vertex AI
Guardrails brings prevention objectives to GCP Vertex AI, including an allow-list of approved models across foundation, publisher, and Gemini families, a Model Armor safety floor, encryption, and network isolation. Prevention works in layers across GCP Organization Policy constraints and Turbot Guardrails controls, with continuous remediation in real time.
Guardrails for AI Providers
Preventive Security for Anthropic
The new Anthropic Prevention mod governs membership and invites at the organization and workspace levels, enforces API key rotation, and restricts inference to an approved data residency. Every objective is enforced directly at the Anthropic API and continuously remediated when the live state drifts.
Preventive Security for OpenAI
The new OpenAI Prevention mod governs membership and invites, enforces API key rotation, and restricts project inference to an approved model allow-list. Like the Anthropic mod, every objective is enforced directly at the OpenAI API and continuously remediated when the live state drifts.
Keyless Cloud Connections
Keyless Azure Connections with Workload Identity Federation
Connect an entire Azure tenant to Guardrails with no client secret to create, store, or rotate. Trust is anchored to the AWS identity Guardrails already runs as, every federation is recorded in AWS CloudTrail, and the same keyless model works across Global, US Government, and China clouds. Workload Identity Federation is now pre-selected and recommended in the Create Connection wizard.
Keyless GCP Connections with Workload Identity Federation
Connect an entire Google Cloud organization to Guardrails with zero stored credentials. One short-lived, federated handshake brings the whole organization under management, with nothing to manage or rotate. Workload Identity Federation is marked Recommended for all deployments in the Create Connection wizard.
SOC 2 Type II for 2026
Turbot's 2026 SOC 2 Type II, now including Guardian
Turbot Guardrails, Turbot Pipes, and Turbot Guardian have all completed their annual SOC 2 Type II examination for 2026, with Guardian joining the Turbot family in this year's audit cycle. The SOC 3 report is available for public download on the Turbot Security page, and the full SOC 2 Type II is available to customers and prospective customers under MNDA.
Launch Week 13 B-sides
Beyond the daily posts, we shipped the mod-level work that backs the AI prevention objectives, expanded Guardrails coverage and reliability across AWS, Azure, GCP, and GitHub, and saw a great wave of Steampipe and Powerpipe community contributions. We also enjoyed time on the road at fwd:cloudsec North America and the Gartner Security & Risk Management Summit, both running alongside Launch Week 13.
And that's a wrap!
Launch Week 13 brought a new product to the Turbot family with Turbot Guardian, extended prevention-first security across the AI surface from cloud AI services to direct AI provider platforms, made every Guardrails connection keyless across Azure and GCP, and rolled Guardian into our annual SOC 2 Type II. Wherever AI shows up in your environment, from a developer's laptop to a Bedrock invocation to an OpenAI project, Guardrails and Guardian give you the tools to see it, govern it, and correct drift in real time.
Ready to get started? Connect with us to explore these new capabilities, and stay tuned for our next Launch Week!