A Flexible Large Language Models Guardrail Development Methodology Applied to Off-Topic Prompt Detection

TL;DR

This paper presents a flexible, data-free methodology for developing off-topic prompt guardrails for large language models, utilizing synthetic datasets generated by LLMs to improve safety and reduce false positives.

Contribution

It introduces a novel, adaptable guardrail development approach that does not require real-world data and generalizes across misuse categories, with open-sourced resources for the community.

Findings

Outperforms heuristic guardrails in off-topic detection

Generalizes to jailbreak and harmful prompt detection

Provides open-source datasets and models

Abstract

Large Language Models (LLMs) are prone to off-topic misuse, where users may prompt these models to perform tasks beyond their intended scope. Current guardrails, which often rely on curated examples or custom classifiers, suffer from high false-positive rates, limited adaptability, and the impracticality of requiring real-world data that is not available in pre-production. In this paper, we introduce a flexible, data-free guardrail development methodology that addresses these challenges. By thoroughly defining the problem space qualitatively and passing this to an LLM to generate diverse prompts, we construct a synthetic dataset to benchmark and train off-topic guardrails that outperform heuristic approaches. Additionally, by framing the task as classifying whether the user prompt is relevant with respect to the system prompt, our guardrails effectively generalize to other misuse categories, including jailbreak and harmful prompts. Lastly, we further contribute to the field by open-sourcing both the synthetic dataset and the off-topic guardrail models, providing valuable resources for developing guardrails in pre-production environments and supporting future research and development in LLM safety.