Rules

  • 3 minute(s) read
Prev Next

1. Managing Rules in Verax

Rules in Verax define how users can interact with generative AI tools across your organization. Each rule evaluates user identity, selected AI tools, and optional conditions to determine whether access is allowed or blocked.

Verax evaluates rules in order, from top to bottom. The first matching rule is applied. If no rules match, the default rule is applied.

This article explains how rules work and how to create, manage, and edit them step by step.

2. How Rules Are Evaluated

  • Rules are evaluated sequentially, from top to bottom.

  • The first rule that matches a request is applied.

  • Once a rule matches, no further rules are evaluated.

  • If no rules match, the default rule is applied as a catch-all.

You can reorder rules at any time to change their priority.

3. Default Rule

During initial setup, Verax creates a default rule. This rule applies whenever no other rules match.

Key characteristics of the default rule:

  • It always applies to all users and all AI tools.

  • Its scope cannot be changed.

  • You can update the rule action (Allow or Block) and the risk level.

The default rule ensures that every request is handled, even if no specific rules are configured.

4. Creating a New Rule

To create a new rule:

  1. Navigate to Protect → Rules.

  2. Click New Rule.

You will be guided through the rule configuration process.

  • Step 1: Rule Details

    • Rule name - Enter a clear, descriptive name for the rule. Example: Allow engineers to use AI.

    • Risk level - Select a risk level to classify the business impact of this rule. Risk levels are used for visibility and prioritization and do not affect enforcement behavior.

    • Description (optional) - Optionally describe the purpose of the rule for future reference.

  • Step 2: Rule Action
    Choose how Verax should handle requests when this rule matches:

    • Allow - Allows access when this rule matches.

    • Block - Blocks access when this rule matches.

  • Step 3: Users and Groups
    Define who the rule applies to.

    • All users - The rule applies to all users.

    • Specific users or groups - Select individual users and groups synced from your identity provider.
      Note: Selecting specific users or groups requires a connected identity provider.

  • Step 4: AI Tools
    Define which AI tools the rule applies to.

    • All AI tools - The rule applies to all AI tools.

    • Specific AI tools - Select one or more AI tools or categories.


  • Step 5: Rule Conditions (Optional)
    Rule conditions further restrict when a rule applies.
    If no conditions are defined, the rule applies to the selected users and AI tools.


    You can add one or more of the following conditions:

    • Sensitivity - Detects whether a request contains sensitive data based on a defined threshold.

    • Topic Similarity - Detects requests related to defined topics or entities.

      To use topic similarity:

      1. Enter a topic description.

      2. Generate topics and entities automatically using your connected LLM, or add them manually.

      3. Review and refine the generated topics and entities as needed.

      4. Adjust the similarity threshold to control how closely a request must match the defined topics or entities for the condition to apply.

      If no LLM is connected, topics and entities can still be added manually.

    • Keywords - Matches when specified keywords appear in the request. You can choose whether all keywords must match (AND) or any keyword may match (OR).

    • Regular Expressions - Matches when the request content matches defined patterns using regular expressions.

  • Step 6: Saving the Rule
    Once all required fields are completed:

    1. Click Create Rule.

    2. The rule is added to the rules list and evaluated based on its position in the order.

5. Editing Rules

To edit an existing rule:

  1. Open the rule from the rules list.

  2. Update any configurable fields.

  3. Click Save Changes.

For the default rule, only the rule action and risk level can be edited.

6. Reordering Rules

To change rule priority:

  1. Drag and drop rules in the rules list.

  2. Rules higher in the list are evaluated first.

Reordering rules takes effect immediately.

7. Summary

Rules in Verax give you fine-grained control over how users interact with generative AI tools. By combining identity, tool selection, and optional conditions, you can enforce security policies that match your organization’s needs while maintaining full visibility and control.