Moderation and Content Filtering APIs

While prompting techniques and output parsers help structure LLM responses, they don't inherently guarantee the safety or appropriateness of the generated content. LLMs, trained on enormous amounts of internet text, can sometimes produce outputs that are harmful, unethical, biased, or otherwise problematic. Relying solely on the LLM to self-censor is insufficient for building responsible and trustworthy applications. Integrating dedicated moderation and content filtering services provides an essential layer of safety.

The Need for External Content Moderation

LLMs might generate text containing:

Hate speech or harassment
Sexually explicit content
Incitement of violence or illegal acts
Promotion of self-harm
Misinformation or disinformation (though moderation APIs focus more on safety categories)

Furthermore, malicious users might attempt prompt injection attacks designed to bypass an LLM's safety training and elicit harmful responses. Relying only on prompt design or expecting the LLM to perfectly police itself is often inadequate. A separate, specialized check is a standard practice for production systems.

Introducing Moderation APIs

Several platforms offer APIs specifically designed to classify text based on predefined safety categories. These services typically use their own fine-tuned models optimized for detecting problematic content. Common examples include:

OpenAI Moderation Endpoint: A dedicated API endpoint provided by OpenAI to classify text against their safety policies.
Google Cloud Natural Language API (Content Classification): Part of Google Cloud's AI services, capable of identifying sensitive topics.
Google Perspective API: Specifically designed to score text for toxicity, threats, insults, and other attributes often associated with online comments.
Amazon Comprehend (Toxicity Detection): AWS service for detecting toxic content within text.
Third-party services: Various specialized companies offer content moderation APIs.

How Moderation APIs Work

The typical workflow involves sending a piece of text (either user input or LLM output) to the moderation API endpoint. The API processes the text and returns a response, usually indicating:

Flagged Status: A boolean (true/false) indicating if the content violates any policy.
Category Scores: Confidence scores for various harmful content categories (e.g., hate, sexual, violence, self-harm). Scores often range from 0 to 1.
Flagged Categories: Which specific categories were triggered above a certain internal threshold.

Here's an example using Python's requests library to interact with a moderation endpoint:

import requests
import os
import json

# Assume API key is stored securely, e.g., environment variable
MODERATION_API_KEY = os.environ.get("MODERATION_API_KEY")
MODERATION_ENDPOINT_URL = "https://api.example-moderation.com/v1/check" # Replace with actual URL

def check_content_safety(text_to_check: str) -> dict:
    """
    Sends text to a moderation API and returns the classification results.
    """
    if not MODERATION_API_KEY:
        print("Warning: Moderation API key not found. Skipping safety check.")
        # Return a default safe-like response or raise an error depending on policy
        return {"flagged": False, "categories": {}, "scores": {}}

    headers = {
        "Authorization": f"Bearer {MODERATION_API_KEY}",
        "Content-Type": "application/json"
    }
    payload = json.dumps({"text": text_to_check})

    try:
        response = requests.post(MODERATION_ENDPOINT_URL, headers=headers, data=payload, timeout=10)
        response.raise_for_status() # Raise HTTPError for bad responses (4xx or 5xx)
        return response.json()
    except requests.exceptions.RequestException as e:
        print(f"Error calling moderation API: {e}")
        # Decide how to handle API errors: fail safe (assume unsafe?), log, retry?
        # Returning potentially unsafe content might be risky.
        return {"flagged": True, "error": str(e), "categories": {}, "scores": {}} # Example: Fail safe

# Example usage:
user_input = "Some potentially problematic user text"
llm_output = "An output generated by the LLM"

# Check user input before sending to LLM
user_input_safety = check_content_safety(user_input)
if user_input_safety.get("flagged"):
    print(f"User input flagged: {user_input_safety.get('categories')}")
    # Handle flagged input (e.g., reject, ask user to rephrase)
else:
    # Proceed to generate LLM response...
    # llm_output = generate_llm_response(user_input) # Placeholder

    # Check LLM output before showing to user
    output_safety = check_content_safety(llm_output)
    if output_safety.get("flagged"):
        print(f"LLM output flagged: {output_safety.get('categories')}")
        # Handle flagged output (e.g., show generic message, log, don't display)
    else:
        # Display the safe LLM output
        print("LLM Output (safe):", llm_output)

Integrating Moderation into Application Flow

You can integrate moderation checks at two primary points:

Input Moderation: Check user-provided input before it's sent to the LLM. This prevents users from intentionally trying to elicit harmful content or probe the LLM's safety boundaries.
Output Moderation: Check the LLM's generated response before it's displayed to the user or used by downstream application components. This catches potentially harmful content generated by the LLM itself.

Applying moderation at both points provides more comprehensive protection.

A typical application flow incorporating optional input and output moderation checks.

Handling Flagged Content and Thresholds

When content is flagged, your application needs a policy for how to respond. Simply blocking content might be appropriate in some cases, but other options include:

Logging: Record the flagged content and the moderation result for review.
Returning a Generic Message: Inform the user that the input/output was inappropriate without showing the harmful content.
Requesting Rephrasing: Ask the user to modify their input.
Admin Notification: Alert administrators to potentially malicious use or patterns of problematic outputs.

Most moderation APIs provide scores per category. You will need to decide on appropriate thresholds for these scores. Setting a very low threshold might flag innocuous content (false positives), while a very high threshold might miss genuinely harmful content (false negatives). The right balance depends on your application's risk tolerance and context. Experimentation and monitoring are often necessary to fine-tune these thresholds.

Using moderation APIs is a significant step towards building safer and more reliable LLM applications. It acts as an independent safeguard, complementing careful prompt design and output validation, helping to protect both your users and your application's reputation.

Build LLM apps faster with Kerb

Cleaner syntax. Built-in debugging. Production-ready from day one.

Built for the AI systems behind ApX Machine Learning

Was this section helpful?

References

Moderation, OpenAI, 2022 (OpenAI) - Official documentation for the OpenAI Moderation API, explaining its capabilities for content safety checks in LLM applications.
Perspective API, Jigsaw and Google, 2024 - Official website and documentation for the Google Perspective API, specializing in detecting toxicity and other harmful attributes in text.