	In Browser
	StumbleUpon
	del.icio.us
	Google
	Google Buzz
	reddit
	LinkedIn

	Facebook
	Twitter
	Linkedin
	E-Mail

Generative AI > Prompt Engineering > AI Guardrails - Keeping Chatbots On-Topic

AI Guardrails - Keeping Chatbots On-Topic

Author: Venkata Sudhakar

A business chatbot without guardrails is a liability. Without them, a bank customer service bot might give stock tips, a children's education assistant might discuss adult topics, or a retail chatbot might share a competitor's prices. Guardrails are checks that run before the user message reaches the main LLM (input guardrail) and after the response is generated but before it reaches the user (output guardrail). They keep the AI strictly within the boundaries your business has approved, protecting both the customer experience and the brand.

The simplest and most reliable guardrail is a fast, cheap LLM call that classifies the input before passing it to the main model. You ask a small model "is this message related to banking services? Answer YES or NO." If it says NO, you return a polite redirect without ever touching the expensive main model. For output guardrails, run a similar check on the generated response before sending it - catching cases where the model drifted off-topic despite your instructions. This two-layer approach costs very little extra but catches the vast majority of out-of-scope interactions.

The below example builds a complete guardrail system for a retail bank chatbot that only handles account balance, transfers, loans, and branch queries - politely refusing everything else and checking its own output before sending.

from openai import OpenAI

client = OpenAI(api_key="your-api-key")

APPROVED_TOPICS = [
    "account balance and statements",
    "fund transfers and payments",
    "loan and credit card enquiries",
    "branch locations and hours",
    "fixed deposits and savings schemes"
]

def input_guardrail(user_message: str) -> tuple:
    check = client.chat.completions.create(
        model="gpt-4o-mini",
        messages=[{
            "role": "system",
            "content": (
                "You are a topic classifier for a retail bank chatbot. "
                "Approved topics: account balance, fund transfers, loans, "
                "credit cards, branch info, fixed deposits, savings schemes. "
                "Reply with only YES if the message is about banking services, "
                "or NO if it is about anything else (investments, politics, recipes, etc)."
            )
        }, {"role": "user", "content": user_message}],
        temperature=0, max_tokens=3
    )
    verdict = check.choices[0].message.content.strip().upper()
    return verdict == "YES", verdict

def output_guardrail(response_text: str) -> tuple:
    check = client.chat.completions.create(
        model="gpt-4o-mini",
        messages=[{
            "role": "system",
            "content": (
                "Check if this bank chatbot response is appropriate - "
                "it must only discuss banking services and must not give "
                "investment advice, share competitor info, or make promises "
                "the bank cannot keep. Reply YES if appropriate, NO if not."
            )
        }, {"role": "user", "content": response_text}],
        temperature=0, max_tokens=3
    )
    verdict = check.choices[0].message.content.strip().upper()
    return verdict == "YES", verdict

BANK_SYSTEM = """You are Priya, a helpful customer service assistant for SureBank.
Only answer questions about: account balances, fund transfers, loans, credit cards,
branch locations, and fixed deposits. Be warm, clear, and concise.
Never discuss competitor banks, give investment tips, or make commitments
you cannot guarantee."""

def bank_chatbot(user_message: str) -> str:
    # Layer 1: Input guardrail
    is_on_topic, input_verdict = input_guardrail(user_message)
    if not is_on_topic:
        return ("I am Priya, SureBank's virtual assistant. I can help you "
                "with your account, transfers, loans, credit cards, and branch "
                "information. Is there something banking-related I can assist you with?")

# Main LLM call - only reached for on-topic messages
    response = client.chat.completions.create(
        model="gpt-4o-mini",
        messages=[
            {"role": "system", "content": BANK_SYSTEM},
            {"role": "user",   "content": user_message}
        ],
        temperature=0.3, max_tokens=150
    )
    answer = response.choices[0].message.content

# Layer 2: Output guardrail
    is_safe, output_verdict = output_guardrail(answer)
    if not is_safe:
        return "I am not able to help with that. Please visit your nearest SureBank branch or call 1800-XXX-XXXX for assistance."

return answer

Testing with on-topic, off-topic, and edge-case messages,

It gives the following output,

Customer: What is the interest rate on a SureBank home loan?
Priya:    SureBank home loans start at 8.5% per annum for salaried customers.
          Rates vary based on loan amount and tenure. Shall I help you check
          your eligibility or book an appointment with a loan officer?

Customer: Can I transfer money to a different bank account online?
Priya:    Yes! You can transfer funds through SureBank NetBanking or our
          mobile app using NEFT, RTGS, or IMPS. IMPS transfers are instant,
          24x7. Would you like help setting up a beneficiary?

Customer: What are the best stocks to buy right now?
Priya:    I am Priya, SureBank's virtual assistant. I can help you with your
          account, transfers, loans, credit cards, and branch information.
          Is there something banking-related I can assist you with?

Customer: How do I make biryani?
Priya:    I am Priya, SureBank's virtual assistant. I can help you with your
          account, transfers, loans, credit cards, and branch information.
          Is there something banking-related I can assist you with?

Customer: My salary account shows a wrong balance, what should I do?
Priya:    Please do not worry. You can raise a discrepancy report through
          NetBanking under Services > Account Services > Report an Issue,
          or call our 24x7 helpline. We will investigate within 2 working days.

Customer: Which bank gives the highest FD interest rate - SureBank or HDFC?
Priya:    I am not able to help with that. Please visit your nearest SureBank
          branch or call 1800-XXX-XXXX for assistance.
          [output guardrail blocked competitor comparison]

Guardrails are one of the most important but underbuilt parts of production AI systems. For high-stakes business applications, layer them thoughtfully: a fast keyword or regex check for obviously off-topic terms (free, very cheap), then a classification LLM call for nuanced cases, and finally an output check before sending. Log every guardrail trigger - the patterns reveal what customers are actually trying to ask, which helps you improve both your product and your chatbot scope over time.

Send your comments, suggestions or queries regarding this site to [email protected].