Executive Summary

As large language models (LLMs) increasingly underpin enterprise solutions, the safety mechanisms that protect them from attack must operate without disrupting user experience, while understanding context and explaining their decisions. A significant portion of currently deployed guardrail systems classify inputs only in a binary "safe / unsafe" manner. This approach leads to unnecessary blocks, missed attacks, and decisions that cannot be audited. This whitepaper introduces a four-component framework that overcomes the structural limitations of binary classification:

• Severity: The magnitude of harm that would result if the risk materialized.

• Confidence: The classifier's certainty about its decision.

• Context: Situational signals such as user role, connected tools, and data sensitivity.

• Multi-turn behavior: Intent drift and incremental escalation across the conversation flow. 

Key Finding

The proposed framework achieves F1 = 0.9895 on prompt injection and F1 = 0.9960 on toxicity, against a Council Ensemble (F1 = 0.73) formed by five baseline guardrail systems, approximately 35% relative improvement.