AI Governance Platform - Enterprise AI Safety & Compliance
Inspiration
As AI adoption accelerates across enterprises, the need for robust governance and safety measures has become critical. Organizations deploying AI agents face challenges around:
- Data Privacy: Preventing accidental exposure of PII (Personally Identifiable Information)
- Content Safety: Filtering toxic or harmful content in AI interactions
- Security: Detecting prompt injection attacks that could manipulate AI behavior
- Compliance: Maintaining audit trails for regulatory requirements
I built this platform to demonstrate how Google's Gemini 3 can power a comprehensive AI governance solution that runs entirely on Google Cloud.
What It Does
The AI Governance Platform provides real-time guardrails for AI agents:
| Feature | Description |
|---|---|
| PII Detection | Identifies and redacts emails, phone numbers, SSNs, credit cards, and more |
| Toxicity Detection | Uses Gemini's native safety filters to detect hate speech, harassment, and harmful content |
| Prompt Injection Detection | AI-powered analysis to detect jailbreak attempts and instruction overrides |
| Audit Logging | Complete audit trail stored in BigQuery for compliance |
| Real-time Dashboard | Visual analytics of all AI interactions and security events |
| Token Usage Tracking | Cost estimation and usage monitoring |
How I Built It
Tech Stack
- Backend: FastAPI (Python)
- AI Model: Gemini 3 Flash Preview via Google AI Studio
- Database: Google BigQuery for audit logs
- Deployment: Google Cloud Run (serverless)
- Frontend: Vanilla JS with Chart.js for dashboard
Gemini 3 Features Used
- System Instructions - Consistent AI behavior across all guardrail checks
- Safety Settings - Native toxicity filtering with configurable thresholds
- Structured Output - JSON responses for reliable parsing
- Token Counting - Cost tracking and usage estimation
Key Code Snippet - Toxicity Detection
async def check_toxicity(self, text: str) -> ToxicityResult:
"""Use Gemini's safety features to detect toxic content"""
prompt = f"""Analyze this text for toxicity:
Text: {text}
Return JSON with: is_toxic, toxicity_score (0-1), categories"""
response = await self.model.generate_content_async(
prompt,
safety_settings=self.safety_settings
)
return ToxicityResult(**json.loads(response.text)) """
### Challenges I Faced
1. Cloud Run Secret Management
Getting the Gemini API key to work in Cloud Run was tricky. The secret was being injected as an environment variable, but pydantic-settings wasn't picking it up.
Solution: Added fallback to check both pydantic settings AND os.environ.get('GEMINI_API_KEY') directly.
2. API Quota Limits
Hit the free tier limits during development (15 RPM, 1000 RPD).
Solution: Implemented regex-based fallback detection that works even when Gemini is unavailable, ensuring the platform remains functional.
3. Model Availability
Gemini 3 Flash Preview is a cutting-edge model with limited documentation.
Solution: Tested extensively and implemented graceful degradation for unsupported features.
What I Learned:
Gemini 3's Safety Features are powerful - the native toxicity filtering catches nuanced harmful content that regex patterns miss
Serverless architecture with Cloud Run makes deployment and scaling effortless
BigQuery is excellent for audit logging - the streaming inserts handle high throughput while enabling complex compliance queries
Graceful degradation is essential - always have a fallback when external APIs might be unavailable
What's Next:
Multi-model support - Add support for other LLMs (Claude, GPT-4)
Custom policies - Allow enterprises to define their own guardrail rules
Real-time alerts - Slack/email notifications for security events
Fine-tuned detection - Train custom models for domain-specific PII
Try It Out
Live Demo: https://ai-governance-platform-902023244402.us-central1.run.app
API Docs: https://ai-governance-platform-902023244402.us-central1.run.app/docs
Dashboard: https://ai-governance-platform-902023244402.us-central1.run.app/dashboard
Built With
- fastapi
- gcp
- google-bigquery
- google-cloud-run
- python
Log in or sign up for Devpost to join the conversation.