Working with AI: Rails, Boundaries & Safety

When people start using AI they usually have a vague sense of needing to be careful – for example, not pasting anything confidential, or not using it for financial decisions. 

This is useful… but not enough.

To work with an agent safely and confidently, you need guardrails: simple, explicitly stated rules.

We use three kinds of rails:

  1. Scope Rails 🎯 – what this agent is for

  2. Boundary Rails 🚧 – what is off-limits

  3. Process Rails ⚙️ – how you’ll work together

It doesn’t need to be a long policy - a well written prompt at the start of a chat is often enough.

1. Scope Rails 🎯 – What is this agent for?

This is the job description for the agent. 

It helps decide: 

  • What kinds of work is this agent for?
    e.g. “You do idea generation, outlines, first drafts, and structuring.”

  • What is explicitly out of scope and human-owned?
    e.g. “You don’t do final edits or legally binding wording.”

2. Boundary Rails 🚧 – What is off-limits?

Boundary rails are the red lines of things that are out of bounds. 

It covers issues like safety, ethics and data confidentiality.

Decide what your boundaries are, and write some clear bullet points such as: 

  • “Don’t give legal, medical or financial advice.”

  • “Don’t make up statistics, quotes, or sources. If you’re unsure, say so and suggest how I could verify.”

  • “Use anonymised examples by default when you illustrate something.”

  • “Assume I only share public information. If anything I paste looks sensitive or confidential, please flag it.”

3. Process Rails ⚙️ – How will we work together?

Process rails are about workflow and helps decide aspects such as:

  • Where outputs live
    e.g. “Final versions are dated and copied into (Drive / Docs / Notion etc).”

  • When you stop and review
    e.g. “At the end of each session, the agent summarises what we did in 5 bullets, and lists 3 suggested next steps. I’ll pick what we actually do.”

  • Who does the draft
    e.g. “I provide rough notes; the agent plans the structure and writes the draft; then I edit and review.”

  • How you talk to your agent
    e.g. “Sometimes I’ll type; other times I’ll use voice. If I sound rushed or vague, ask a clarifying question before you start.”

Agent errors & “hallucinations”

Agents can sometimes generate incorrect or misleading information and present it as fact. 

We suggest a two step approach to mitigate this:

1. Tell the agent how to handle uncertainty

e.g. “Don’t make up sources, stats, or quotes – tell me if you’re unsure and what I should double-check”

2. Use a tiered verification process

  • Low stakes - rough ideas, drafts, brainstorming
    → Sanity check yourself

  • Medium stakes - documents and guides
    → Spot-check the key claims (dates, numbers, names) via another source or use a second agent as a reviewer

  • High stakes - anything with legal, financial, medical, or reputational risk
    → Always verify separately: search, a second agent, and/or a human expert.

A simple process to verify with another agent

  1. Get the first answer from your usual agent e.g. ChatGPT.

  2. Paste it into e.g. Claude / Perplexity / Gemini:

    “Here’s an answer another AI gave me.
    - List any claims that look uncertain, controversial, or easily wrong.
    - For those, tell me how you’d verify them.
    - Suggest corrections where you can.”

  3. Then you can decide if anything needs adjusting.

Setting up your rails 

Rails exist at three different levels:

  • Personal level – “How I want to work with my agent”

  • Team level – “How we use agents together”

  • Organisation level – “How agents are allowed to be used here”

The principles are the same, what changes is who sets them, where they live and how formal they are. At team level, you can simply share and all use the same prompt.

Step 1 – Write one sentence for each rail 

  • Scope – “This agent is for…”

  • Boundary – “This agent must never…”

  • Process – “We will work like this…”

Step 2 - Turn that into a starter prompt and paste into a new chat

For example:

“You’re my thinking and writing partner for my work in [role].
Let’s set some simple working rules so we stay safe and on track. 

Scope rails - your job description:
You help with ideas, outlines, drafts and structure.
I do the final review and edit. 

Boundary rails - what you must not do:
Don’t invent quotes, sources or stats - say if you’re unsure.
Keep the tone grounded and human - no hype or overpromising.
Always use anonymised examples when you illustrate something. 

Process rails - how we work together:
At the end of each session summarise what we did and I’ll save drafts and final versions.
Always suggest next steps and I’ll decide what to do.”

Step 3 – Save and reuse it when you start a new project.

Step 4 – Review after 1–2 weeks

  • Where did it work well?

  • Where did you wish you’d set a clearer rule?

  • Update the rails based on real use.

Try next

Rails work best when you pair them with a simple mental model for how you’re using AI.

If you’re not sure where to start, try the Four modes framework (Transaction, Curious, Builder, Collaboration) and notice how your rails change as you move up the ladder.