Skip to main content

How to add guardrails to an LLM application

Add guardrails to an LLM app: validate and filter inputs, constrain and check outputs, defend against prompt injection, screen for unsafe content, and fail safe with logging.

Difficulty
Intermediate
Duration
50 minutes
Steps
6

Why guardrails matter

An LLM will follow instructions in its input, including malicious ones, and can produce unsafe or malformed output. Guardrails are the checks around the model that keep it within acceptable bounds. They sit on the input, on the output, or both, and they let your app fail safely instead of trusting the model blindly.

Prerequisites

  • An LLM feature that takes user input
  • An understanding of prompt injection and your domain's safety rules

Steps

1. Identify the risks for your use case

List what could go wrong: leaking secrets, generating harmful content, returning invalid data, or executing actions the user should not trigger. Guardrails should target real risks, not theoretical ones.

2. Add input validation and filtering

Reject oversized inputs, strip control characters, and detect obvious abuse before calling the model. Treat all user input as untrusted.

3. Constrain output format

When the output feeds a program, require a schema and validate it. Retry or reject on parse failure rather than passing bad data downstream.

data = parse_or_reject(model_output, schema)

4. Defend against prompt injection

Untrusted text (web pages, documents) can contain instructions aimed at your model. Keep system instructions separate, never let retrieved content override them, and avoid executing actions derived purely from untrusted text.

5. Add a content safety check

Screen both input and output through a moderation classifier. Block or redact content that violates your policy and return a safe fallback message.

6. Log, monitor, and fail safe

Log blocked attempts, track guardrail hit rates, and default to refusing rather than guessing when a check fails.

Verification

Feed the app a prompt-injection attempt embedded in a document and confirm the system instructions hold. Send unsafe input and confirm it is blocked. Send malformed-output-inducing prompts and confirm validation catches them before they reach the user.

Next Steps

Add rate limiting, redact sensitive data in logs, run adversarial tests regularly, and keep moderation thresholds tuned to your risk tolerance.

Prerequisites

  • A working LLM feature
  • Understanding of prompt injection
  • Python or Node runtime

Steps

  • 1
    Identify the risks for your use case
  • 2
    Add input validation and filtering
  • 3
    Constrain output format
  • 4
    Defend against prompt injection
  • 5
    Add a content safety check
  • 6
    Log, monitor, and fail safe

Category

AI ML