Support traffic carries real customer data and the occasional hostile prompt. Nemo Router redacts PII and blocks injection on every request, keeps tone consistent with versioned templates, and caps spend with budgets.
Every message, screened first
Email, phone, SSN, card, IP — redacted
Inbound jailbreak patterns blocked
One template drives the whole fleet
Per-key and per-team cost ceilings
A support bot is the part of your AI stack that talks to real customers. It needs to protect their data, resist abuse, stay on-brand, and not blow the budget.
Support conversations carry real customer data — emails, phone numbers, account details. PII redaction runs as a guardrail before the prompt leaves your gateway, so customer data never lands unredacted in a provider log.
A public-facing bot gets hostile inputs — jailbreak attempts, instruction-override prompts. The injection-detection guardrail inspects every inbound message and blocks a flagged request before it reaches the model.
Tone, escalation rules, and brand voice live in a central template — not scattered across bot deployments. Reference a template by id, pass variables at call time, and every bot updates when you edit it.
Support volume is bursty and large. Per-key and per-team budgets cap spend, caching absorbs repeated questions, and real-time cost tracking shows exactly where the budget goes.
Every inbound message passes the same gates: injection detection, then PII redaction, then the templated prompt. Guardrails run before the model ever sees the text.
Support request flow
Customer message
inbound to your bot
Real names, account details, sometimes a hostile prompt.
Injection check
guardrail · pre-call
Jailbreak / override patterns blocked before the model.
PII redaction
guardrail · pre-call
Email, phone, SSN, card, IP masked from the prompt.
Template + model
prompt template id
Central system prompt; routed to your chosen model.
Reply + logged
guardrail log
Redactions, blocks, cost, and latency all recorded.
Guardrails run in-process before the provider call. A blocked or redacted message never reaches the model — and the event is logged so your trust and safety team can review it.
PII redaction
When a customer pastes an order number, an email, or a card number into a support chat, the redaction guardrail catches it. The masked prompt is what the model — and the provider’s logs — actually see. The original stays inside your gateway boundary.
Before vs. after
Your bot calls the standard chat endpoint and points at a prompt template by id. Guardrails apply automatically — you do not wire them per request. These snippets are generated from the SDK examples the playground uses.
pip install openai| 1 | # Cache: enabled (org default). Pass nemo_cache: false to skip. |
| 2 | from openai import OpenAI |
| 3 | import os |
| 4 | |
| 5 | client = OpenAI( |
| 6 | api_key=os.environ["NEMOROUTER_API_KEY"], |
| 7 | base_url="https://api.nemorouter.ai/v1", |
| 8 | ) |
| 9 | |
| 10 | response = client.chat.completions.create( |
| 11 | model="gemini-2.5-flash", |
| 12 | temperature=1, |
| 13 | max_tokens=1024, |
| 14 | top_p=1, |
| 15 | messages=[ |
| 16 | {"role": "user", "content": "Hello! What models do you support?"}, |
| 17 | ], |
| 18 | extra_body={ |
| 19 | # "nemo_cache": False, # Uncomment to skip cache |
| 20 | }, |
| 21 | ) |
| 22 | |
| 23 | print(response.choices[0].message.content) |
Pass nemo_prompt_template_id in extra_body to drive tone from a central, versioned template.
Safe by default
PII redaction, injection defense, versioned prompts, and budgets — all unlocked on every plan across 20+ models.