Built a policy engine for LLMs – open-source it or keep trying to sell?

Question

We&rsquo;re two engineers who built a system that acts like a guardrail/policy enforcement layer for large language models (GPT, Claude, etc). It analyzes both prompts and responses in real time, and applies configurable policies like: Blocking PII (emails, IPs, phone numbers, etc.) Detecting company secrets (e.g., passwords, API keys) Preventing accidental leaks of proprietary code Filtering toxic/inappropriate language Catching mentions of competitors, people, or locations Each policy can be tuned (strict or lenient), and you can decide whether to just log it or actually block the message. Everything is logged with full metadata: policy IDs, timestamps, token counts, etc.The architecture has two parts: a self-hosted data plane (which handles all sensitive message content), and a hosted control plane (for configs and API keys). So it can be used in privacy-sensitive environments.You can integrate it via API, browser extension, or a simple chat UI.Now here&rsquo;s where we&rsquo;re struggling:We don&rsquo;t have a strong network of buyers or investors. Most of our outreach has been cold emails, and it hasn&rsquo;t led to much traction. Pricing experiments (per seat, per org) haven&rsquo;t helped. So it&rsquo;s unclear whether the idea isn&rsquo;t good&mdash;or we&rsquo;re just not getting it in front of the right people.We&rsquo;ve started thinking about open-sourcing it. The idea would be: self-host for free, pay us if you want the hosted version (similar to MongoDB/Redis models). Probably support bring-your-own-encryption-key for hosted users.But I&rsquo;m honestly torn. Open-sourcing sounds right for trust and adoption&mdash;but we&rsquo;ve spent a lot of time on this, and there&rsquo;s that fear of releasing it and getting little to nothing back.So: if you work with LLMs, or have faced issues around privacy/compliance/safety, I&rsquo;d really love your take. Does this sound useful? Would open source make it more attractive? Are we just early to a problem people don&rsquo;t feel yet?Not promoting anything, just hoping to learn from folks who&rsquo;ve walked this path.

sharmasachin98 · Accepted Answer

This is absolutely a real problem, especially in enterprise GenAI rollouts where hallucinations and data leakage risks are non-negotiable.
We’ve run into scenarios where LLMs exposed internal data just through cleverly crafted prompts. Your ability to inspect and enforce policies at both prompt and response level is spot on.
If I were in your shoes, I’d seriously consider open-sourcing the data plane, especially since your control plane is where monetization lies. It builds trust, invites contributions, and positions you as a default in this emerging category.
And no, you're not early, you're exactly on time. Most companies are just realizing how much risk they’ve shipped into production.

beernet · Answer

From a business perspective, I haven't identified a single selling point in your post as it's very tailored towards engineering people, which likely is your main problem. Why did you build it in the first place? What was the market demand and who was your customer (or user, at least)?